winblue soft

View previous topic View next topic Go down

How do i get rid of winsoftblue?

Post by mage420 on 4th June 2009, 4:34 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:13 PM, on 6/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag /hw
O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\Admin\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\pwnage.nsu"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Shortcut to autorun.exe.lnk = D:\autorun.exe
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\RpcSandraSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10513 bytes

i also have the combofix log let me know if you need me to post it as well

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by Belahzur on 4th June 2009, 2:55 pm

Okay, post the Combofix log, it would give me a better look around, the Hijack This log looks good.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

combofix

Post by mage420 on 4th June 2009, 8:20 pm

keeps telling me message is to big is there a limit on how many characters can be in one post?

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by Belahzur on 4th June 2009, 9:05 pm

Use more than one post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 5th June 2009, 12:39 pm

ComboFix 09-05-31.05 - Admin 06/03/2009 23:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1712 [GMT -5:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\wiaserva.log
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\default.temp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\E100.GIF
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\E100_ENG_UM_OK.ZIP
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\FindTrack.jpg
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\firmware.inf
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\head_firmware.inf
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\ip3picfile.temp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\ip3Wmapic.temp
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\MusicInfo.jpg
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\UsedForDevice.Img
c:\program files\UNICCodec
c:\windows\10222wzrm395.cpl
c:\windows\10351w5rmzf9.cpl
c:\windows\10449hacz5ool119.cpl
c:\windows\10590hacktz5l17a.exe
c:\windows\1157z9orm70d.cpl
c:\windows\11940zroj2569.cpl
c:\windows\11bzdo5nloade92118.ocx
c:\windows\11f1doznl9ader5.cpl
c:\windows\12658h9cktool2z9.ocx
c:\windows\12z599irus75f.cpl
c:\windows\13459n5z-a-virus3a0.ocx
c:\windows\13555troj6z9.ocx
c:\windows\13z08hac5t9ol18e.bin
c:\windows\13zfthief2529.exe
c:\windows\140eba9kdozr2555.exe
c:\windows\14b79hze5650.exe
c:\windows\14z7wor94175.dll
c:\windows\1506thre9t1895z.ocx
c:\windows\15294s9y4dz.dll
c:\windows\15338sz54dd9.ocx
c:\windows\1549zvi5us746.dll
c:\windows\15519sp9mzot7f5.dll
c:\windows\1559thzeat29946.cpl
c:\windows\15619zarse905.bin
c:\windows\15915zir9s5ce.bin
c:\windows\15955zor9da.cpl
c:\windows\15a29hiefz698.bin
c:\windows\15fa9pyware32z5.ocx
c:\windows\15z1s9arse1755.bin
c:\windows\163s95mboz7c2.dll
c:\windows\16632sp95bot29z.bin
c:\windows\16dfdzw9loader542.exe
c:\windows\1705t9izf2349.dll
c:\windows\1718stezl5195.dll
c:\windows\176985oz-a9virus1e7.bin
c:\windows\1792zwo5ma8.bin
c:\windows\17z55vi9us619.ocx
c:\windows\18885vizus59.dll
c:\windows\19292hacztool359.ocx
c:\windows\192z9spy952.dll
c:\windows\19442hacktoz9625.ocx
c:\windows\1954sparse2095z.exe
c:\windows\195839pamb5z4d1.cpl
c:\windows\1958downzo5der30069.dll
c:\windows\195zwormf2.bin
c:\windows\1970downloz9er1590.ocx
c:\windows\19790vi5us7bz9.bin
c:\windows\1979worz13a5.cpl
c:\windows\1a26adzwa5e904.cpl
c:\windows\1d81sparze17159.ocx
c:\windows\1ezba59door227.exe
c:\windows\1z10worm4569.dll
c:\windows\1z976worm30c5.dll
c:\windows\200z9worm705.bin
c:\windows\202z895rus169.bin
c:\windows\20404z9r5586.exe
c:\windows\207195pyz12.ocx
c:\windows\2079h5c9tooz4d8.exe
c:\windows\2096vir57z.ocx
c:\windows\2098ztr5j69a.exe
c:\windows\20z78not-5-9irus754.bin
c:\windows\21a0ad5wa9e3215z.exe
c:\windows\2235v9r1z125.ocx
c:\windows\22960zi5u93ee.cpl
c:\windows\22z15spy3959.exe
c:\windows\23124hackto5z429.dll
c:\windows\233z9sp534a.cpl
c:\windows\234725pamb9t388z.bin
c:\windows\235zaddwa9e5725.ocx
c:\windows\2368d5wnzoader4289.exe
c:\windows\23855spambzt6529.cpl
c:\windows\2459steal3z359.bin
c:\windows\24764not-a-zirus9f5.cpl
c:\windows\2493zs5y5b.ocx
c:\windows\24943spam5oz3f6.exe
c:\windows\24e3t9iefz15.bin
c:\windows\250badzwa9e342.bin
c:\windows\25214not5a-virus9za.bin
c:\windows\25399virus107z.dll
c:\windows\254z4sp9593.exe
c:\windows\25z60tr9j48.exe
c:\windows\26707hacktz958.bin
c:\windows\26995hzc9tool53b.dll
c:\windows\27036woz91e95.cpl
c:\windows\27107t59j5z2.ocx
c:\windows\27160no9-a-virus75z.bin
c:\windows\27597not-a-9irus104z.bin
c:\windows\2768down5zader259.bin
c:\windows\28547haz9t5ol7be.exe
c:\windows\28595tro95b0z.cpl
c:\windows\2865ztr9j6bb.ocx
c:\windows\2892zspy595.cpl
c:\windows\2926wor5698z.cpl
c:\windows\29393sp5mbotz39.dll
c:\windows\29553z9rm6a5.exe
c:\windows\2960zs9ambot151.cpl
c:\windows\29656zorm377.bin
c:\windows\2974z5orm59b.cpl
c:\windows\29923not-a-vzrus20f5.ocx
c:\windows\29961not-a-v5r9s13z.cpl
c:\windows\29994not-a-vzrus75f.bin
c:\windows\29z77s9538a.dll
c:\windows\2c14downloader91z15.cpl
c:\windows\2d8addzare2295.cpl
c:\windows\2df0b9czdoor9515.dll
c:\windows\2df2spyw5rz9157.dll
c:\windows\2dz5vir7959.dll
c:\windows\2e9az5wnl9ader1086.bin
c:\windows\2efet5ief935z.dll
c:\windows\2fc9zpars51507.exe
c:\windows\2z7465pambo9611.bin
c:\windows\2z94addwa5e547.ocx
c:\windows\2zbcs9ywar52884.ocx
c:\windows\30759not-a-vizus696.exe
c:\windows\30c2sp5ware9201z.exe
c:\windows\30d2d5wnlo9zer120.cpl
c:\windows\31241haz9tool66a5.ocx
c:\windows\31442zp5mbot1dc9.exe
c:\windows\31525a9ktooz6bb.bin
c:\windows\315529ormzb5.cpl
c:\windows\31567virus41z9.dll
c:\windows\31577virus49z.dll
c:\windows\31z75s5y499.ocx
c:\windows\32026sp95zot7b2.dll
c:\windows\32145not-9-virzs45c.cpl
c:\windows\32191hackt5zl37d.bin
c:\windows\3225b9zkdoor757.ocx
c:\windows\325bvir3z849.exe
c:\windows\3295t9iez1942.ocx
c:\windows\3295zi9us352.bin
c:\windows\329z5w5rm33c.exe
c:\windows\3457z9arse6625.bin
c:\windows\34threzt512669.cpl
c:\windows\35109spz681.exe
c:\windows\35197virus388z.exe
c:\windows\351zsp95bot489.cpl
c:\windows\3544vi9uz7a8.dll
c:\windows\3548addware1z599.ocx
c:\windows\357zbackd9or2692.dll
c:\windows\359zs9eal227.dll
c:\windows\35dzvir1915.dll
c:\windows\3682sz5mbot97.ocx
c:\windows\369tz9jb45.bin
c:\windows\39215zief1909.dll
c:\windows\39573spz3a5.ocx
c:\windows\3965szeal1358.dll
c:\windows\396azpyware275.cpl
c:\windows\39b5s5ywzre2396.bin
c:\windows\39e6vz5434.cpl
c:\windows\3b36zir759.cpl
c:\windows\3c5sparse9z3.ocx
c:\windows\3c95t9iez2765.ocx
c:\windows\3cbcthr9z529543.bin
c:\windows\3ce4t5ief28z9.cpl
c:\windows\3d09i5245z.cpl
c:\windows\3d9zstea52691.cpl
c:\windows\3e9cspyw5rez909.bin
c:\windows\3fcasparse1975z.exe
c:\windows\3z290ha5kt9ol6af.dll
c:\windows\3z640w9rm25.dll
c:\windows\3z89v9r2533.exe
c:\windows\4161ha9ktoo5419z.cpl
c:\windows\431zdo9nloa5er1502.ocx
c:\windows\4397addwa5e2z80.cpl
c:\windows\4437zp945e.exe
c:\windows\4452z9ru52bf.bin
c:\windows\4495szyware2345.dll
c:\windows\455zspa9se1915.exe
c:\windows\4696threatz23145.dll
c:\windows\4711vi9572z.exe
c:\windows\47z55i9559.ocx
c:\windows\486cdowzlo59er2357.bin
c:\windows\4880thiz93315.cpl
c:\windows\48zhac9tool57f.bin
c:\windows\490zth9ef5221.dll
c:\windows\498dste5z1240.dll
c:\windows\4ae1dozn5oader239.bin
c:\windows\4b615parsez189.ocx
c:\windows\4c91spywa5z195.ocx
c:\windows\4f50vzr57159.exe
c:\windows\4z1995reat5124.bin
c:\windows\4z7dspars92355.bin
c:\windows\50299wzrm739.ocx
c:\windows\505z59r220.exe
c:\windows\506dzwn59ader1718.bin
c:\windows\5109ba5kdoo913z4.cpl
c:\windows\5131s5a9se17z3.bin
c:\windows\51z29virus94c.ocx
c:\windows\5209spyzare5946.cpl
c:\windows\5265downlo9derz523.exe
c:\windows\52787z9rus593.cpl
c:\windows\5300downloaz9r1402.dll
c:\windows\5363hack9oolza5.bin
c:\windows\54z9worm33.dll
c:\windows\55040zpy931.cpl
c:\windows\550fz5r1095.exe
c:\windows\551bthzeat25295.cpl
c:\windows\5554s9arse2z895.exe
c:\windows\5563t5re9tz1718.bin
c:\windows\557steal14z79.dll
c:\windows\558cthief3z69.ocx
c:\windows\5593threat27z59.cpl
c:\windows\5594backzo5r637.exe
c:\windows\55960vizus71a.cpl
c:\windows\55cbspywa9e94z.bin
c:\windows\5653spy9zf.cpl
c:\windows\5679worm2e9z.exe
c:\windows\577dow5lozder1079.cpl
c:\windows\57825acktool19az.bin
c:\windows\589aszeal1607.dll
c:\windows\5906v5rz014.cpl
c:\windows\5909h9ckt5oleez.bin
c:\windows\59168zroj671.dll
c:\windows\59308wormz5.ocx
c:\windows\5951szarse3149.dll
c:\windows\5992zspy2c.exe
c:\windows\5a60threatz2900.ocx
c:\windows\5aefa5zware10989.ocx
c:\windows\5az5st95l2232.bin
c:\windows\5c59spyw9re319z5.ocx
c:\windows\5d84t5ief91z6.cpl
c:\windows\5dcbspyza9e1353.dll
c:\windows\5df0backzoor951.cpl
c:\windows\5dt9ief1z96.dll
c:\windows\5e2b9zr15725.exe
c:\windows\5ez7v95505.dll
c:\windows\5f15downloadzr9946.bin
c:\windows\5f5zv9r1415.exe
c:\windows\5z7d9hreat29065.exe
c:\windows\5zcdown9oader2185.exe
c:\windows\616cdownl9azer4695.ocx
c:\windows\6223notza-virus519.dll
c:\windows\6253threat95889z.bin
c:\windows\6256zackdoo56609.dll
c:\windows\634559rm375z.dll
c:\windows\6355spy29z5.cpl
c:\windows\64395teal515z.bin
c:\windows\65605p9rse1641z.cpl
c:\windows\6585s9ezl2475.cpl
c:\windows\6591n9z-a-virus7b2.cpl
c:\windows\65z5downloade91996.ocx
c:\windows\667759rm767z.ocx
c:\windows\67905ir2z08.dll
c:\windows\6795thiefz396.dll
c:\windows\67z95ack9oor2310.dll
c:\windows\6854viru9zb5.bin
c:\windows\6924troj5dz.exe
c:\windows\6945vir3148z.dll
c:\windows\6959s5eal953z.exe
c:\windows\695fdoznloader1454.ocx
c:\windows\697daz5ware2389.ocx
c:\windows\699cth9e5t21332z.exe
c:\windows\69c7zpa5se1028.bin
c:\windows\69e5downloader910z.exe
c:\windows\6b95down9oader1z20.dll
c:\windows\6bz6backdoor12965.cpl
c:\windows\6c09tzief5160.cpl
c:\windows\6d75hie91297z.ocx
c:\windows\6de1s9arz51841.exe
c:\windows\6z19not-a-viru591e.dll
c:\windows\7052t9izf5259.bin
c:\windows\7058spar9e2z46.exe
c:\windows\70b5s5y9arz2491.bin
c:\windows\70z8v5rus99c.dll
c:\windows\7198wor9z085.bin
c:\windows\725esp9zse1465.ocx
c:\windows\7356sparse5497z.exe
c:\windows\7553spa9se6z8.cpl
c:\windows\7598zir3255.cpl
c:\windows\7665ozm590.dll
c:\windows\76e1thre9z54272.dll
c:\windows\77zdsp9w5re295.exe
c:\windows\7898viruz1f5.bin
c:\windows\78e9spyw5re2z90.ocx
c:\windows\7905zackdoor3.ocx
c:\windows\795bdownlo9zer5110.cpl
c:\windows\79f3th5eat18964z.cpl
c:\windows\7a6d9ddwar528z9.dll
c:\windows\7ac2t9r5at19198z.exe
c:\windows\7ac3vi5219z.dll
c:\windows\7ae9s5arse85z.ocx
c:\windows\7bc29ddware155z.cpl
c:\windows\7da5threat95z89.cpl
c:\windows\7e99zack5oor9014.ocx
c:\windows\7ef9do5nl9zder719.exe
c:\windows\82z7troj925.exe
c:\windows\8495zp9121.exe
c:\windows\8507spamb5tz95.exe
c:\windows\8514wozm4539.ocx
c:\windows\86a95wnlzader2640.bin
c:\windows\885zsp95c9.ocx
c:\windows\90223zorm5c2.cpl
c:\windows\90840not-a5virzs3cb.cpl
c:\windows\91533wor565z.ocx
c:\windows\9278zp5rse2780.exe
c:\windows\939z45py50c.cpl
c:\windows\9409not5a-virusz75.exe
c:\windows\94375spazbot5625.exe
c:\windows\9465thr5at634z.cpl
c:\windows\9557szyware2548.dll
c:\windows\95657spambot5c6z.bin
c:\windows\958athie515z9.ocx
c:\windows\95a4steal25z.ocx
c:\windows\95bzh9eat10923.dll
c:\windows\95f3z5reat8186.bin
c:\windows\95zasteal2289.ocx
c:\windows\96adspar5e302z.exe
c:\windows\96z16hacktool2a5.bin
c:\windows\97230hazktool355.ocx
c:\windows\97547spyz21.exe
c:\windows\97839zirus458.cpl
c:\windows\98761spy6z5.exe
c:\windows\987ziru521e.exe
c:\windows\98esteaz2596.cpl
c:\windows\9a38zteal17595.dll
c:\windows\9a69stzal5025.cpl
c:\windows\9e285hreat1173z.dll
c:\windows\9edaddwa5ez122.ocx
c:\windows\9f3zspywar5110.bin
c:\windows\9f9edowzloader5558.exe
c:\windows\9zc9th5ef93.cpl

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 5th June 2009, 12:41 pm

c:\windows\b5teaz1079.cpl
c:\windows\b86thz5f1979.dll
c:\windows\bzfthreat52193.cpl
c:\windows\d395ir18z7.ocx
c:\windows\e06thr9at50z3.ocx
c:\windows\e259ackdoor2497z.exe
c:\windows\e9etzr9at53361.ocx
c:\windows\ef85ir1z09.dll
c:\windows\fc9steaz365.bin
c:\windows\fcad5waze1309.exe
c:\windows\system32\102959pam5zt2dd.cpl
c:\windows\system32\10342not-a-9izus4705.cpl
c:\windows\system32\109z9s9y5485.bin
c:\windows\system32\10f5t5r9at2z972.exe
c:\windows\system32\11022sp5z9ot696.bin
c:\windows\system32\112aspzwa952373.ocx
c:\windows\system32\1149n5t-a-virusb8z.bin
c:\windows\system32\115z8s5y9a3.dll
c:\windows\system32\117s5yb9z.ocx
c:\windows\system32\11ff5pyware96z6.dll
c:\windows\system32\11z5sp5rse17039.bin
c:\windows\system32\121675r9j1az.cpl
c:\windows\system32\12398w59m7z8.ocx
c:\windows\system32\129995zy152.exe
c:\windows\system32\12z32spy9245.cpl
c:\windows\system32\13141not-59vizus24c.ocx
c:\windows\system32\14z60w59m48d.exe
c:\windows\system32\15389wo9m5cz5.ocx
c:\windows\system32\15779spzmb9t5dc.exe
c:\windows\system32\15909t9o55z3.bin
c:\windows\system32\15999zacktool51d9.cpl
c:\windows\system32\16074zpambo957a.bin
c:\windows\system32\16409wo5m3z7.cpl
c:\windows\system32\16595szy506.cpl
c:\windows\system32\16669s5z410.cpl
c:\windows\system32\16z059py650.ocx
c:\windows\system32\173zv592336.bin
c:\windows\system32\175zvir9522.ocx
c:\windows\system32\17915spz4f35.dll
c:\windows\system32\17e9backdoor3z5.exe
c:\windows\system32\17z1back9oor3585.cpl
c:\windows\system32\18128w9rm5za5.bin
c:\windows\system32\18155iru97z.dll
c:\windows\system32\183z0w5rm2e29.cpl
c:\windows\system32\18z76vi59s7f2.exe
c:\windows\system32\19255tr9j56z.ocx
c:\windows\system32\193edownl95zer2895.bin
c:\windows\system32\19408no5-a-vzrus599.dll
c:\windows\system32\195z85irus9b1.dll
c:\windows\system32\19629zpambot5ce5.cpl
c:\windows\system32\19859not9az5irus5b2.exe
c:\windows\system32\1993zvirus4b05.dll
c:\windows\system32\199zdownl9ader28845.cpl
c:\windows\system32\1be5vir25z99.ocx
c:\windows\system32\1c17a5dwzre20269.ocx
c:\windows\system32\1c4bzir5109.dll
c:\windows\system32\1c7as5a9ze199.exe
c:\windows\system32\1ca7addw5re92z.exe
c:\windows\system32\1cz1thie95567.cpl
c:\windows\system32\1cz2ste5l1389.bin
c:\windows\system32\1d05threat1986z.ocx
c:\windows\system32\1fe7downloazer5991.cpl
c:\windows\system32\1z64a5dw9re1277.bin
c:\windows\system32\1z755h9ef1771.cpl
c:\windows\system32\1z824wor549.bin
c:\windows\system32\1z9115orm159.exe
c:\windows\system32\20135zir9s1c8.exe
c:\windows\system32\20340zot-a-v5r9s35.cpl
c:\windows\system32\20979vi5us7zb.cpl
c:\windows\system32\209959pz2bc.bin
c:\windows\system32\21354tro97zb.exe
c:\windows\system32\22249nzt-a-vi9us5c5.dll
c:\windows\system32\225cd9wnloazer3057.ocx
c:\windows\system32\23527nzt-a-virus5499.bin
c:\windows\system32\2355zhreat62289.exe
c:\windows\system32\23695szy35a.exe
c:\windows\system32\23z595irusb2.dll
c:\windows\system32\24583za9ktoo5319.bin
c:\windows\system32\24915virusz59.bin
c:\windows\system32\24azvi5990.exe
c:\windows\system32\24z159py715.cpl
c:\windows\system32\25133not-a5ziru96f.cpl
c:\windows\system32\25264spy69z.exe
c:\windows\system32\25388worm2d9z.bin
c:\windows\system32\25395sp948z.ocx
c:\windows\system32\25585zacktool4b79.exe
c:\windows\system32\25642wzrm1f9.cpl
c:\windows\system32\25705spa59zt53d.dll
c:\windows\system32\25904troj5z95.ocx
c:\windows\system32\2599zackdoor535.dll
c:\windows\system32\25e4zir14549.exe
c:\windows\system32\25fesp9ware2783z.cpl
c:\windows\system32\25z28not-a-viru9725.dll
c:\windows\system32\261659py186z.ocx
c:\windows\system32\26165pam9ot2c1z.exe
c:\windows\system32\26519zot-a9virus16e5.bin
c:\windows\system32\26d8sp9rze155.dll
c:\windows\system32\2714995amzot62.cpl
c:\windows\system32\2799szarse225.exe
c:\windows\system32\28258not-9-viruszec.bin
c:\windows\system32\284z5worm55a9.bin
c:\windows\system32\28553szambo92ae.exe
c:\windows\system32\286z5spy1329.cpl
c:\windows\system32\28z589py3855.dll
c:\windows\system32\294fzp95se3008.ocx
c:\windows\system32\2957spazse2491.ocx
c:\windows\system32\29675virus9f1z.ocx
c:\windows\system32\299415orz6ba.dll
c:\windows\system32\2a14vir9215z.bin
c:\windows\system32\2babz9ars51986.bin
c:\windows\system32\2f64thzef19755.cpl
c:\windows\system32\2fb5addwarz5942.ocx
c:\windows\system32\2ff1t5iez9057.exe
c:\windows\system32\2z2945irus301.cpl
c:\windows\system32\2z925spa9bot595.dll
c:\windows\system32\30095t5oj5fz.cpl
c:\windows\system32\301zwo9m5d9.cpl
c:\windows\system32\3083s9eaz3154.cpl
c:\windows\system32\30z85sp94c9.dll
c:\windows\system32\31075spz149.ocx
c:\windows\system32\3118959y1ez.exe
c:\windows\system32\31407wo9ze95.bin
c:\windows\system32\31471hz9ktoo5217.bin
c:\windows\system32\314z59py15e.bin
c:\windows\system32\3151zs9y1f15.exe
c:\windows\system32\315z1wor514c9.bin
c:\windows\system32\3166spywarez559.exe
c:\windows\system32\31937nzt-a-virus5759.cpl
c:\windows\system32\31950wzrm2d.bin
c:\windows\system32\319zpy295.ocx
c:\windows\system32\3213st95lz929.cpl
c:\windows\system32\32659zacktool25f.exe
c:\windows\system32\32917spambot572z.ocx
c:\windows\system32\32zbs5ar9e2260.dll
c:\windows\system32\335cdownlo9dez1559.ocx
c:\windows\system32\33cc95zkdoor2077.ocx
c:\windows\system32\33z8spywa9e1563.dll
c:\windows\system32\3439thze92595.bin
c:\windows\system32\3458backdzor3599.exe
c:\windows\system32\3533back9ooz1055.cpl
c:\windows\system32\355cdownload9r3097z.cpl
c:\windows\system32\355cthr9atz3581.cpl
c:\windows\system32\3591not-a-vi5us4z4.ocx
c:\windows\system32\359eal742z.ocx
c:\windows\system32\35fzaddw5re9224.exe
c:\windows\system32\36585pambot597z.bin
c:\windows\system32\36d9stealz59.exe
c:\windows\system32\379dspar5e289z.dll
c:\windows\system32\37azspar9e5764.exe
c:\windows\system32\38c95pyware64z.cpl
c:\windows\system32\390asp5r9e24z3.exe
c:\windows\system32\39536wozm6cf.cpl
c:\windows\system32\3999vir229z5.cpl
c:\windows\system32\39ffthrezt55997.bin
c:\windows\system32\39z9backdo5r1618.ocx
c:\windows\system32\3f8ez5ie92928.ocx
c:\windows\system32\3fcfzpy5are9818.cpl
c:\windows\system32\3z909i5us7da.exe
c:\windows\system32\3z97steal954.ocx
c:\windows\system32\402f9hreat25z795.dll
c:\windows\system32\4055s9ywarz2740.dll
c:\windows\system32\40cca9zware5138.cpl
c:\windows\system32\4294spyzar52081.ocx
c:\windows\system32\42c9addzare1580.dll
c:\windows\system32\42czs5a9se1550.dll
c:\windows\system32\43asp9waze5953.bin
c:\windows\system32\43b7spazs95276.bin
c:\windows\system32\4426downl95dzr2667.bin
c:\windows\system32\4506w9zm61b.bin
c:\windows\system32\451stzal3239.exe
c:\windows\system32\4576zpyware21529.bin
c:\windows\system32\459spz496.cpl
c:\windows\system32\45afad5waz92301.ocx
c:\windows\system32\4609spyware54z1.bin
c:\windows\system32\46fzddwa95538.ocx
c:\windows\system32\47505or951z.ocx
c:\windows\system32\4799hac5tzol181.cpl
c:\windows\system32\486bspywa9e3z55.bin
c:\windows\system32\48fc5h9zf2404.exe
c:\windows\system32\4932not-a-5zrus2ef.bin
c:\windows\system32\4937addw5re109z.cpl
c:\windows\system32\4997z5amb9t755.cpl
c:\windows\system32\4a9e5hi9fz317.dll
c:\windows\system32\4beaspy5zr92511.bin
c:\windows\system32\4c1d5hreatz9292.ocx
c:\windows\system32\4c7bd5wnl9zder837.ocx
c:\windows\system32\4c9ethi5fz135.ocx
c:\windows\system32\4daaddwarz54389.ocx
c:\windows\system32\4ec05pa9sz508.cpl
c:\windows\system32\4ff19hief315z.exe
c:\windows\system32\5029tz59148.cpl
c:\windows\system32\50794spy58z9.exe
c:\windows\system32\50z0spy95f.exe
c:\windows\system32\5199addzar51612.bin
c:\windows\system32\51a9thiz5567.cpl
c:\windows\system32\51f1tzr5at92143.bin
c:\windows\system32\51z8down9oad5r991.bin
c:\windows\system32\52789ozm459.bin
c:\windows\system32\52abadd9a5e23z0.bin
c:\windows\system32\5319addware15z5.dll
c:\windows\system32\5347hackt9oz2.ocx
c:\windows\system32\536zsparse1924.dll
c:\windows\system32\53ee5dd9are1625z.exe
c:\windows\system32\5407thz951375.ocx
c:\windows\system32\5409szy795.bin
c:\windows\system32\548cspz5are2895.dll
c:\windows\system32\5491t5ief17z5.cpl
c:\windows\system32\5513vzr292.ocx
c:\windows\system32\5547sz9ware2504.bin
c:\windows\system32\55679irus73z.dll
c:\windows\system32\5594v9r14z1.cpl
c:\windows\system32\5599troz77a9.exe
c:\windows\system32\55azvir27959.dll
c:\windows\system32\55d5s9arsez479.ocx
c:\windows\system32\55e0spywzre2398.bin
c:\windows\system32\55e8adzwa9e994.ocx
c:\windows\system32\5677azdware449.exe
c:\windows\system32\573bb9ckdo5r77z.dll
c:\windows\system32\573fszywar9215.cpl
c:\windows\system32\57b9thr9atz52.bin
c:\windows\system32\57zsteal2529.bin
c:\windows\system32\586baddw9re37z.ocx
c:\windows\system32\589thiefz4209.bin
c:\windows\system32\5929roj754z.exe
c:\windows\system32\592evirz0855.dll
c:\windows\system32\5959th5ef1884z.ocx
c:\windows\system32\5987tzief2530.bin
c:\windows\system32\598zthief1559.bin
c:\windows\system32\5991sz95b7.bin
c:\windows\system32\5999zorm1699.exe
c:\windows\system32\599espars51825z.exe
c:\windows\system32\59c3backdoo52z99.dll
c:\windows\system32\59d9threa920297z.exe
c:\windows\system32\59thre5t15877z.exe
c:\windows\system32\59z2backdoor3200.dll
c:\windows\system32\59zcthre5t8809.dll
c:\windows\system32\5a80downlozder960.ocx
c:\windows\system32\5e4zthie94645.ocx
c:\windows\system32\5e59virz017.cpl
c:\windows\system32\5e97spars52698z.exe
c:\windows\system32\5f1fthreat9285z.cpl
c:\windows\system32\5faa5hrezt39185.bin
c:\windows\system32\5z551hacktoo93aa.ocx
c:\windows\system32\5z909spambot48e.cpl
c:\windows\system32\6154ste9z402.bin
c:\windows\system32\635zs5ambot9f9.cpl
c:\windows\system32\637zviru91e5.bin
c:\windows\system32\63959r5j6d0z.exe
c:\windows\system32\6572spamz59ae.dll
c:\windows\system32\6589st59l1z35.ocx
c:\windows\system32\6593vir5932z.bin
c:\windows\system32\66859ackt5zl1bb.exe
c:\windows\system32\6695viz1489.ocx
c:\windows\system32\67c4downzoad5r2069.dll
c:\windows\system32\67z5wo9m4295.cpl
c:\windows\system32\6958add5are1990z.dll
c:\windows\system32\69ccthizf151.dll
c:\windows\system32\6a97zir715.bin
c:\windows\system32\6az6sparse5149.bin
c:\windows\system32\6b5adoznloade92262.exe
c:\windows\system32\6d5z9ddw5re3069.bin
c:\windows\system32\6eceb95kdoor20z4.exe
c:\windows\system32\6fb5viz9137.cpl
c:\windows\system32\6z579ackdoor1292.ocx
c:\windows\system32\6z75wor94aa.ocx
c:\windows\system32\6zb59pyware2741.bin
c:\windows\system32\6zebv9r3562.exe
c:\windows\system32\7035zhr9at13041.dll
c:\windows\system32\7039not-a-ziru940e5.exe
c:\windows\system32\716adz95re1704.ocx
c:\windows\system32\71ezste9l54.ocx
c:\windows\system32\7205wormz09.bin
c:\windows\system32\7305tzief5939.exe
c:\windows\system32\7476tzoj9595.ocx
c:\windows\system32\74799zy5are2190.bin
c:\windows\system32\75c2s9zware9455.bin
c:\windows\system32\75c6spzwa9e290.dll
c:\windows\system32\75d3azd9a5e88.cpl
c:\windows\system32\75fbstealz195.cpl
c:\windows\system32\75z7stea5290.cpl
c:\windows\system32\7655t5ief9587z.bin
c:\windows\system32\7675spambzt6a99.ocx
c:\windows\system32\7717tz5j8f9.cpl
c:\windows\system32\7755dow9lozder41.bin
c:\windows\system32\77719ownlzad5r793.exe
c:\windows\system32\7939sp5warez49.ocx
c:\windows\system32\7960s5ambot962z.bin
c:\windows\system32\7982bazkdoo52575.cpl
c:\windows\system32\7a20dowz9oader28725.ocx
c:\windows\system32\7b94ad5ware2677z.ocx
c:\windows\system32\7b94dzwnl5ader1939.bin
c:\windows\system32\7d5eaddwaz91553.exe
c:\windows\system32\7dc89zckdoor3835.bin
c:\windows\system32\7f4bba5kdoor9z50.exe
c:\windows\system32\7z41backd9or29735.bin
c:\windows\system32\7z7esteal24589.exe
c:\windows\system32\7zc9addw5re1491.exe
c:\windows\system32\8109s5amb9t7zf.ocx
c:\windows\system32\8249t5al70z.exe
c:\windows\system32\83z9t5oj716.exe
c:\windows\system32\8525sp9mbot14z.bin
c:\windows\system32\8635not5a-vir9szd.ocx

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 5th June 2009, 12:42 pm

c:\windows\system32\87dba5kdo9z3237.exe
c:\windows\system32\9051sp5rsz579.ocx
c:\windows\system32\90542n5t-a-zirus45e.dll
c:\windows\system32\909905orm5za.cpl
c:\windows\system32\90d9spars511z8.dll
c:\windows\system32\916aspyzare564.exe
c:\windows\system32\9259not-a-vizus194.ocx
c:\windows\system32\92976sp527z.dll
c:\windows\system32\9344zirus519.cpl
c:\windows\system32\93az5eal2928.exe
c:\windows\system32\93d7vi51900z.ocx
c:\windows\system32\94155spambot1a6z.exe
c:\windows\system32\9459zworm265.cpl
c:\windows\system32\9481thzeat58566.ocx
c:\windows\system32\951cdownlzader1552.exe
c:\windows\system32\9536hac5t9ol4zd.dll
c:\windows\system32\9547sparse2818z.bin
c:\windows\system32\9551t5oj3za.exe
c:\windows\system32\95621hacztool2dd.cpl
c:\windows\system32\9562thiez7.cpl
c:\windows\system32\9565roj6z89.exe
c:\windows\system32\95685irus6z9.ocx
c:\windows\system32\96295virusz2e.cpl
c:\windows\system32\96adownl9ad5rz1.bin
c:\windows\system32\96bv5z2122.bin
c:\windows\system32\97346tr5jz53.cpl
c:\windows\system32\97757worz526.ocx
c:\windows\system32\97ezste5l2896.ocx
c:\windows\system32\97f5spyzare1918.dll
c:\windows\system32\9861ha5ktool4zb.exe
c:\windows\system32\9881wo5m4zd9.exe
c:\windows\system32\99704hackzool455.bin
c:\windows\system32\99cspzwar52909.bin
c:\windows\system32\99z5threat10250.cpl
c:\windows\system32\9a30ad5zare498.exe
c:\windows\system32\9af0downloazer5103.ocx
c:\windows\system32\9b73addw5rez042.cpl
c:\windows\system32\9c62steaz5095.cpl
c:\windows\system32\9eetz5ef105.cpl
c:\windows\system32\9f4zbackd5or479.bin
c:\windows\system32\9f905pywaze798.ocx
c:\windows\system32\9z95teal2737.ocx
c:\windows\system32\a19azdwa5e1491.bin
c:\windows\system32\a7zbackdoo92526.bin
c:\windows\system32\c44sp9rs5151z.cpl
c:\windows\system32\c57spa9sez455.ocx
c:\windows\system32\defdo5nloadez21429.ocx
c:\windows\system32\f49vir3544z.ocx
c:\windows\system32\f59thze52869.exe
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\mt_32.dll
c:\windows\system32\sdra64.exe
c:\windows\system32\setup2.exe
c:\windows\system32\wbem\grpconv.exe
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\winload.dll
c:\windows\system32\z059v9r205.bin
c:\windows\system32\z123t5o9162.exe
c:\windows\system32\z193sp5rse1993.ocx
c:\windows\system32\z2211n95-a-virus2df.cpl
c:\windows\system32\z24805acktool96f.dll
c:\windows\system32\z3396ha5ktool399.exe
c:\windows\system32\z52backdo9r1465.dll
c:\windows\system32\z5859troj339.cpl
c:\windows\system32\z5c9backdoor1783.cpl
c:\windows\system32\z60ste592471.exe
c:\windows\system32\z6509ir20075.bin
c:\windows\system32\z7511tr9j15d5.cpl
c:\windows\system32\z8095troj53b.exe
c:\windows\system32\za39download5r2882.exe
c:\windows\system32\zabcbackdo5r20869.exe
c:\windows\z04065py1d9.cpl
c:\windows\z075vir495.exe
c:\windows\z0768v5rus910.dll
c:\windows\z15719or51dd.exe
c:\windows\z1927hac9tool552.exe
c:\windows\z1a9sp5rse1762.cpl
c:\windows\z2999ir5s509.dll
c:\windows\z331t9oj63b5.bin
c:\windows\z33659irus9c.dll
c:\windows\z4115vi9us207.cpl
c:\windows\z52spy409.ocx
c:\windows\z61bthie59184.bin
c:\windows\z70609i5us168.exe
c:\windows\z7699s5y79a.bin
c:\windows\z853stea525819.ocx
c:\windows\z85d9hief1551.ocx
c:\windows\z9189not-a-virus355.ocx
c:\windows\z955sparse2905.ocx
c:\windows\z9685virus339.bin
c:\windows\z974troj597.ocx
c:\windows\z9879ha5ktool385.bin
c:\windows\za20spy9are6125.dll
c:\windows\zabb9pa5se2767.ocx
c:\windows\zc6fs59ware3196.bin
c:\windows\zd9spy59re2981.cpl
c:\windows\ze9vir565.exe
E:\Autorun.inf

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 5th June 2009, 12:42 pm

c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2050-06-01 07:12 . 2050-06-01 07:12 -------- d-----w- c:\program files\Trend Micro
2009-06-04 04:22 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-06-04 04:22 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-06-04 04:22 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-06-04 04:22 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2009-06-02 23:25 . 2009-06-02 23:25 -------- d-----w- c:\program files\iPod
2009-06-02 23:25 . 2009-06-02 23:26 -------- d-----w- c:\program files\iTunes
2009-06-02 23:24 . 2009-06-02 23:24 -------- d-----w- c:\program files\QuickTime
2009-06-02 23:22 . 2009-06-02 23:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-30 00:13 . 2009-05-30 00:13 -------- d-----w- c:\documents and settings\Admin\Application Data\AVS4YOU
2009-05-30 00:13 . 2009-05-30 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-05-30 00:12 . 2009-05-30 12:51 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-05-30 00:12 . 2009-01-29 01:49 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-05-30 00:12 . 2009-05-30 12:55 -------- d-----w- c:\program files\AVS4YOU
2009-05-29 23:17 . 2009-05-29 23:17 13606 ----a-w- c:\windows\9dbsteal45z.bin
2009-05-29 23:05 . 2009-05-29 23:05 -------- d-----w- c:\documents and settings\jimi
2009-05-29 22:58 . 2009-05-30 12:49 -------- d-----w- c:\program files\iriver
2009-05-29 03:51 . 2050-06-01 07:10 3584 ----a-w- c:\windows\system32\fdclient.dll
2009-05-29 03:51 . 2050-06-01 07:10 5632 ----a-w- c:\windows\system32\ptco.dll
2009-05-29 03:51 . 2050-06-01 07:10 7680 ----a-w- c:\windows\system32\protect.dll
2009-05-29 03:51 . 2050-06-01 07:10 3072 ----a-w- c:\windows\system32\pxcrt.dll
2009-05-29 03:51 . 2050-06-01 07:10 4836 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\SystemBackup\mt_32.dll
2009-05-29 03:51 . 2009-05-29 03:50 10752 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\SystemBackup\browserui.dll
2009-05-29 03:51 . 2009-05-29 03:50 13824 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\SystemBackup\winload.dll
2009-05-29 03:51 . 2050-06-01 07:10 19968 ----a-w- c:\windows\system32\mshtmllib.dll
2009-05-29 03:51 . 2050-06-01 07:10 7686 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\main\mt_32.dll
2009-05-29 03:51 . 2009-05-29 03:50 10752 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\main\browserui.dll
2009-05-29 03:51 . 2009-05-29 03:50 13824 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\main\winload.dll
2009-05-29 03:51 . 2009-05-29 03:50 4096 ----a-w- c:\windows\system32\clfsw.dll
2009-05-29 03:50 . 2009-05-29 03:50 6144 ----a-w- c:\windows\system32\mscert.dll
2009-05-29 03:50 . 2009-05-29 03:50 10752 ----a-w- c:\windows\system32\browserui.dll
2009-05-28 09:44 . 2009-05-28 09:44 -------- d-----w- c:\documents and settings\Admin\Application Data\Deckadance
2009-05-28 08:50 . 2009-05-28 08:50 -------- d-----w- c:\program files\Outsim
2009-05-27 20:28 . 2009-05-27 20:42 19558 ----a-w- c:\windows\hpoins01.dat
2009-05-27 20:28 . 2003-04-22 15:24 16606 ------w- c:\windows\hpomdl01.dat
2009-05-26 12:45 . 2009-05-26 12:45 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-26 12:45 . 2009-05-26 20:42 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-05-21 22:51 . 2009-05-21 22:51 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-05-06 19:52 . 2009-05-06 19:52 -------- d-----w- c:\windows\Cache
2009-05-06 19:52 . 2009-05-06 19:52 -------- d-----w- c:\program files\Coupons
2009-05-06 00:09 . 2009-05-06 00:11 16034824 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\installer\SetupImvu_update.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2050-06-01 07:10 . 2009-02-08 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-04 04:14 . 2009-02-15 16:18 -------- d-----w- c:\program files\PeerGuardian2
2009-06-04 04:08 . 2009-02-15 10:12 -------- d-----w- c:\documents and settings\Admin\Application Data\Xfire
2009-06-03 06:04 . 2009-02-08 23:50 189496 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-03 04:58 . 2009-02-08 23:50 139984 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-02 23:25 . 2009-02-21 02:09 -------- d-----w- c:\program files\Common Files\Apple
2009-06-02 23:20 . 2009-02-15 10:12 -------- d-----w- c:\program files\Xfire
2009-06-02 08:02 . 2009-04-30 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-30 00:01 . 2009-05-05 03:28 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2009-05-28 08:52 . 2009-04-18 18:46 -------- d-----w- c:\program files\Image-Line
2009-05-28 08:52 . 2009-04-18 18:47 -------- d-----w- c:\program files\VstPlugins
2009-05-28 08:48 . 2009-02-15 16:14 -------- d-----w- c:\documents and settings\Admin\Application Data\Azureus
2009-05-26 12:46 . 2009-03-11 18:44 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools Lite
2009-05-26 05:33 . 2009-03-11 18:44 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-25 13:22 . 2009-02-15 16:12 -------- d-----w- c:\program files\Vuze
2009-05-24 23:00 . 2009-02-22 19:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-06 01:52 . 2009-04-17 22:56 -------- d-----w- c:\program files\Call of Duty Game of the Year Edition
2009-05-06 00:11 . 2009-04-17 09:31 80967 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\Uninstall.exe
2009-05-06 00:11 . 2009-04-17 09:31 -------- d-----w- c:\documents and settings\Admin\Application Data\IMVUClient
2009-05-02 23:58 . 2009-02-09 00:21 -------- d-----w- c:\documents and settings\Admin\Application Data\Corel
2009-05-02 23:58 . 2009-02-09 00:21 88 --sh--r- c:\windows\system32\6309560825.sys
2009-05-02 23:58 . 2009-02-09 00:21 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-04-30 20:25 . 2009-04-30 20:25 95584 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\IMVUupdater.exe
2009-04-30 20:25 . 2009-04-30 20:25 49920 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\IMVUClient.exe
2009-04-30 20:25 . 2009-04-30 20:25 19200 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\imvuqualityagent.exe
2009-04-30 17:10 . 2009-04-17 09:31 -------- d-----w- c:\documents and settings\Admin\Application Data\IMVU
2009-04-30 06:49 . 2009-02-08 20:25 70920 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 03:16 . 2009-04-30 03:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire Plus
2009-04-30 03:13 . 2009-04-30 03:13 -------- d-----w- c:\program files\Microsoft Works
2009-04-30 03:13 . 2009-02-08 15:55 -------- d-----w- c:\program files\MSBuild
2009-04-30 03:11 . 2009-04-30 03:11 -------- d-----w- c:\program files\Microsoft.NET
2009-04-30 03:09 . 2009-04-30 03:09 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-04-28 17:04 . 2009-04-27 23:08 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-04-28 17:03 . 2009-04-28 17:03 -------- d-----w- c:\program files\Windows Mobile Device Handbook
2009-04-26 19:15 . 2009-04-26 19:15 -------- d-----w- c:\documents and settings\Admin\Application Data\Xfire Plus
2009-04-26 19:15 . 2009-04-26 19:15 -------- d-----w- c:\program files\Xfire Plus
2009-04-25 02:03 . 2009-04-25 02:03 -------- d-----w- c:\documents and settings\Admin\Application Data\NeroDCTemplates
2009-04-23 22:52 . 2009-04-23 22:52 38400 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\MemoryHook.dll
2009-04-23 22:52 . 2009-04-23 22:52 288768 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\cal3d.dll
2009-04-23 22:52 . 2009-04-23 22:52 185856 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\boost_python.dll
2009-04-23 22:52 . 2009-04-23 22:52 256000 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\audiere.dll
2009-04-23 22:51 . 2009-04-23 22:51 28672 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\CallStack.dll
2009-04-23 19:24 . 2009-02-08 22:05 15600 ----a-w- c:\windows\gdrv.sys
2009-04-22 18:43 . 2009-02-15 09:55 -------- d-----w- c:\program files\Winamp
2009-04-22 17:28 . 2009-04-22 17:28 9433600 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\xul.dll
2009-04-22 17:10 . 2009-02-08 22:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-22 17:10 . 2009-04-22 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2009-04-22 05:20 . 2009-04-22 05:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-22 05:20 . 2009-04-22 05:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-22 00:27 . 2009-04-22 00:26 -------- d-----w- c:\documents and settings\Admin\Application Data\Ventrilo
2009-04-22 00:26 . 2009-04-22 00:26 -------- d-----w- c:\program files\Ventrilo
2009-04-22 00:25 . 2009-02-08 23:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-18 18:47 . 2009-04-18 18:47 -------- d-----w- c:\program files\ASIO4ALL v2
2009-04-17 09:18 . 2009-03-18 20:21 -------- d-----w- c:\program files\Common Files\Nero
2009-04-17 09:18 . 2009-03-18 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-04-17 09:10 . 2009-02-08 22:57 -------- d-----w- c:\program files\Nero
2009-04-17 08:44 . 2009-04-17 08:44 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-04-16 13:31 . 2009-02-08 23:50 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 5th June 2009, 12:42 pm

2009-04-15 13:32 . 2009-02-22 18:02 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-13 17:32 . 2009-02-08 23:50 22328 ----a-w- c:\documents and settings\Admin\Application Data\PnkBstrK.sys
2009-04-13 17:32 . 2009-02-08 23:50 22328 ----a-w- c:\documents and settings\Admin\Application Data\PnkBstrK.sys
2009-04-13 17:32 . 2009-02-08 23:50 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-04-13 01:29 . 2009-04-13 01:29 10134 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{7E4B7FD9-4ECE-4298-A910-3160B7918059}\ARPPRODUCTICON.exe
2009-04-13 01:29 . 2009-04-10 06:14 -------- d-----w- c:\program files\Electronic Arts
2009-04-13 01:16 . 2009-02-08 22:07 -------- d-----w- c:\program files\Realtek
2009-04-13 01:16 . 2009-02-09 00:42 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-12 23:43 . 2009-04-12 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-04-10 16:44 . 2009-04-10 14:23 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
2009-04-10 06:14 . 2009-04-10 06:14 5054 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-04-10 06:14 . 2009-04-10 06:14 -------- d-----w- c:\documents and settings\Admin\Application Data\Leadertech
2009-04-10 06:03 . 2009-02-09 00:45 -------- d-----w- c:\program files\EA Games
2009-04-07 20:11 . 2009-04-07 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 09:11 . 2009-02-22 18:15 -------- d-----w- c:\program files\AGEIA Technologies
2009-04-07 03:49 . 2009-04-07 03:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-06 20:17 . 2009-02-17 04:33 -------- d-----w- c:\documents and settings\Admin\Application Data\Hamachi
2009-04-06 16:04 . 2009-04-06 16:04 271929 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\pixomatic.dll
2009-04-06 07:54 . 2009-04-06 07:54 -------- d-----w- c:\program files\microsoft frontpage
2009-04-06 07:26 . 2009-02-08 15:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-06 00:31 . 2009-02-18 06:11 -------- d-----w- c:\program files\Common Files\logishrd
2009-04-06 00:31 . 2009-04-06 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-04-06 00:31 . 2009-04-06 00:31 -------- d-----w- c:\program files\Logitech
2009-04-06 00:30 . 2009-04-06 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-04-05 20:17 . 2009-04-05 20:17 8854 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
2009-04-05 20:17 . 2009-04-05 20:17 40960 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2009-04-05 20:17 . 2009-04-05 20:17 10134 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
2009-04-05 20:17 . 2009-04-05 20:17 -------- d-----w- c:\program files\Western Digital Technologies
2009-04-03 19:41 . 2009-04-03 19:41 8854 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\Uninstall_GameShadow_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
2009-04-03 19:41 . 2009-04-03 19:41 45056 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\GameShadow.exe1_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
2009-04-03 19:41 . 2009-04-03 19:41 45056 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\GameShadow.exe_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
2009-04-03 19:41 . 2009-04-03 19:41 40960 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\GSDR.exe_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
2009-04-03 19:41 . 2009-04-03 19:41 40960 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\ARPPRODUCTICON.exe
2009-04-02 07:18 . 2009-02-09 01:02 989 ----a-w- c:\windows\eReg.dat
2009-04-01 10:22 . 2009-04-01 10:22 207872 ----a-w- c:\documents and settings\Admin\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-04-01 10:22 . 2009-04-01 10:22 207872 ----a-w- c:\documents and settings\Admin\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-04-01 10:22 . 2009-04-01 10:22 207872 ----a-w- c:\documents and settings\Admin\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-04-01 10:22 . 2009-04-01 10:22 207872 ----a-w- c:\documents and settings\Admin\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-03-29 21:38 . 2009-03-29 21:38 315392 ----a-w- c:\windows\HideWin.exe
2009-03-27 13:14 . 2009-02-22 18:13 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-03-26 13:25 . 2009-02-25 06:54 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2009-03-26 11:54 . 2009-03-26 11:53 1469952 ----a-w- c:\documents and settings\Admin\Application Data\tsdnwin.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-05-18 1230848]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-04 987187]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-07-07 675935]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 780312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"Xfire Music"="c:\program files\Xfire\xfiremusic.exe" [2006-11-21 253650]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"MRT"="c:\windows\system32\MRT.exe" [2009-05-07 24699336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"Tweak UI"="TWEAKUI.CPL" - c:\windows\system32\tweakui.cpl [2003-03-25 106544]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-05-18 1230848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Styler.lnk - c:\documents and settings\Admin\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-2-8 15086]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-21 06:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 5th June 2009, 12:43 pm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XII\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XII\\RpcSandraSrv.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Games\\Left.4.Dead.Full-Rip.Skullptura\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Games\\Worms Armageddon - New Edition\\WA.exe"=
"c:\\Program Files\\Pyro Studios\\Imperial Glory\\ImperialGlory.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [4/12/2009 8:16 PM 8960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2009 4:55 AM 24652]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [4/3/2009 8:48 PM 11596]
S3 cpuz130;cpuz130;\??\c:\docume~1\Admin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Admin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [4/12/2009 8:16 PM 11264]
S3 RTLVLAN;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLVLAN.SYS [4/12/2009 8:16 PM 25984]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
"%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
"%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
HIDEC /W "%VAIOTOOLS%\regtlib.exe" "%ProgramFiles%\Windows Sidebar\sidebar.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-05-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-20 00:53]

2009-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-05-27 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4235148267.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]

2009-05-12 c:\windows\Tasks\Mozilla Firefox.job
- c:\progra~1\MOZILL~2\firefox.exe [2009-02-08 19:34]

2050-06-01 c:\windows\Tasks\User_Feed_Synchronization-{85DF6892-6523-42C0-AB0E-3D548C4571C8}.job
- c:\windows\system32\msfeedssync.exe [2007-10-13 09:31]
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{3229DFCD-3EAF-4712-ED45-4876FEDC170C} - c:\windows\system32\winload.dll
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\yno382d1.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\extensions\info@google.com\components\FFLocal.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-03 23:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-602162358-1220945662-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-602162358-1220945662-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:47,85,dd,4f,9a,cb,1c,c6,06,04,29,71,80,be,23,be,55,6f,36,fb,68,40,e9,
20,23,5c,b1,b6,b9,e0,ef,18,f8,35,cc,e1,ec,d9,e5,7d,a2,a4,41,32,26,71,60,54,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-602162358-1220945662-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:95,cf,64,66,1a,05,95,ef,66,61,21,e9,31,a4,85,c4,3c,b2,67,20,6b,
0b,3e,bd,3f,bf,8c,e6,bf,44,0a,8b,b7,53,95,ed,7b,17,cc,08,38,2f,ce,91,8a,61,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="782A867641CA09BFFA437499B17F1F04A62AEC5870EC6727A27AF512944869B00645465A1963DED777C4A86C1EEBFE3011289D20003C8FEE9B63E173AB364DBC1499B329DC341A950515F46F92078642B248929D688525540FEAC37C33A52FB8059998A16FB3F7DF0C94D1590689306A9A7E10A15AE17F6ED135CE352C32E4C913BB35A6471C69824CACAB85836E2B3D2A41CEA195AD2BBC0BEB284DAEB5F5F349F7BA3F72EA162C554662F4AC7359B2190E7CB56E08661FB6BBE816E4D49E24FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407323B2F83B3B281ED26B7EE608A93955242824D5BE652147E3C1E383BC60CE37A53D06BB2EBDC09400078E5EC43360D8C04713E2A0E53B1413D0CBBE369B5F5D9D016C38E1AB2EA6B236C13DF2E93D63B21A84EA8EDC4AC5BD6D0DF439D0FCDE0DA9D9C0A0AEC9CA782D9C762EDE6E82170BF5E5C1E7F1939E670B0540F33BA477380CFB69D884C93E7884C4339ABE9E4A04DC0E9CAA1BC291F782EB87D0140A3F1D9AA504AC3D82E6CC4D8F2D824381030F13B1E320F8EDF05754D323F1D13718049ECB1982355DD81DF9B88AC55E291754C0BE527EC3EF3727AF4A93A6C1F131E714C5DA770886CEAADB7BD27872FBC18055ED513242C60151F02ABEB1D814C9EFB72F726B6EE073F8742EFCC4816C5174456A4EEE46F06EEFDC4E6649A8E45A6927C49DAC538406BC9C4A1B8E9C2C840B68C2C4BA0CF27D5B400B0C81CCB0933E6793E1FB2C70B30553FF71AFE9644BA110B6CCA8CCB6BF2666C7F4F95740B122BF06960D534C31F0FA13EB1E32719FD055187A4A315DDC5B9B66FC543F59E6517D97E9EC94AA420DED261D7B2BA8FD74FD1C4A5250FEE1E59FD410D25737AA46623D6F0EE09D171B22D73F44F4F51682C730FAA1056F0A27356D8177C43BC9AD9AB6FFEEA24CFA0F8FC2A075D956BA3DE11F4A8AEB79C4DBB473D6E53706466B34B680725030612A8875F22457152D3A9FA2A2708338BEAE8CE1B2FF0B8577A3B4807D94941457D3900116CB5FADB945AF28440EA7FBD1F34DAC108688FDD1DBE61B3DCC8ADBC6E2791611E9F8042D7BB3080A36A85185DDD51253E8A1A23698B467D0AD54C03C473D91607B77F2362A05EBA145CE3DF7127095DAA6EB4394E751D92ECE9551035A3EB1989773002CADD1C786BD9EAC2F7D7CDA7B8EFEC120FD4FEC9A8C0B3C2463F4B789B1B78C4004D7C9E90C2204D6339DF61692F8409C184F71AF15B875BD453F466C625F5B5C24E07B907B73E75F79B748FCF8D73D7D0658923117DA3008F70D5B72A5A788327C0B5F6DF2032915250B1DA1533E221FC5AA9A2E42E8FBA7B2BCEE6794305C0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
Completion time: 2009-06-04 23:24
ComboFix-quarantined-files.txt 2009-06-04 04:24

Pre-Run: 356,044,873,728 bytes free
Post-Run: 356,477,353,984 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=2,3,4,5
1077 --- E O F --- 2009-06-02 08:03

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by Belahzur on 5th June 2009, 1:10 pm

Hello.

Now open a new notepad file.
Input this into the notepad file:

Driver::
cpuz130

File::
c:\windows\9dbsteal45z.bin

Folder::
c:\program files\Coupons
c:\windows\Cache
c:\documents and settings\Admin\Application Data\Azureus
c:\program files\Vuze

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Vuze\\Azureus.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 6th June 2009, 6:47 pm

ComboFix 09-05-31.05 - Admin 06/06/2009 12:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1431 [GMT -5:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt

FILE ::
"c:\windows\9dbsteal45z.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\Azureus
c:\documents and settings\Admin\Application Data\Azureus\.certs
c:\documents and settings\Admin\Application Data\Azureus\.keystore
c:\documents and settings\Admin\Application Data\Azureus\.lock
c:\documents and settings\Admin\Application Data\Azureus\active\06F8C20C727B04AC81C758ACB9E4EF05EB022628.dat
c:\documents and settings\Admin\Application Data\Azureus\active\06F8C20C727B04AC81C758ACB9E4EF05EB022628.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\09D6CD8EC58EFEA327253BB5D06A62F353D6AF7D.dat
c:\documents and settings\Admin\Application Data\Azureus\active\09D6CD8EC58EFEA327253BB5D06A62F353D6AF7D.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\12D47326E27A3C0B237033C32F838953E6697422.dat
c:\documents and settings\Admin\Application Data\Azureus\active\12D47326E27A3C0B237033C32F838953E6697422.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\13397D61068503AD8AAA2865D2AACFA45BB454A1.dat
c:\documents and settings\Admin\Application Data\Azureus\active\13397D61068503AD8AAA2865D2AACFA45BB454A1.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\13EAB73B739DB58B29A2FACE3F0780D9975AB4BC.dat
c:\documents and settings\Admin\Application Data\Azureus\active\13EAB73B739DB58B29A2FACE3F0780D9975AB4BC.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\1494AA4BC9D653DFDA3C6A0AACC5442C8DA50495.dat
c:\documents and settings\Admin\Application Data\Azureus\active\1494AA4BC9D653DFDA3C6A0AACC5442C8DA50495.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\14E89D86AE3C4ADAF2037424D03DB36F54A7D4DE.dat
c:\documents and settings\Admin\Application Data\Azureus\active\14E89D86AE3C4ADAF2037424D03DB36F54A7D4DE.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\15820823298A5B72F441C6A43D6A43C1D8FEA688.dat
c:\documents and settings\Admin\Application Data\Azureus\active\15820823298A5B72F441C6A43D6A43C1D8FEA688.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\15A006E79C0FC6DD2BBE2F3D7E7D7F29E2A15BE2.dat
c:\documents and settings\Admin\Application Data\Azureus\active\15A006E79C0FC6DD2BBE2F3D7E7D7F29E2A15BE2.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\1864B89D6C4AF9327660D9EED6C50900BA0DA04F.dat
c:\documents and settings\Admin\Application Data\Azureus\active\1864B89D6C4AF9327660D9EED6C50900BA0DA04F.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\1A1BCF21F713D84AE2426100AF2C36B0F64C4BF3.dat
c:\documents and settings\Admin\Application Data\Azureus\active\1A1BCF21F713D84AE2426100AF2C36B0F64C4BF3.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\1B5593662B68B54BFA5AD0383D907E9F3EA7F80C.dat
c:\documents and settings\Admin\Application Data\Azureus\active\1B5593662B68B54BFA5AD0383D907E9F3EA7F80C.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\22038C3D80BD118192E31BBB1079FF7221C8CC8A.dat
c:\documents and settings\Admin\Application Data\Azureus\active\22038C3D80BD118192E31BBB1079FF7221C8CC8A.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\23481269805B89B2C05AC6C5E51F116935A75C63.dat
c:\documents and settings\Admin\Application Data\Azureus\active\23481269805B89B2C05AC6C5E51F116935A75C63.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\259A649CEBE96B04E992924E193EC87440160656.dat
c:\documents and settings\Admin\Application Data\Azureus\active\259A649CEBE96B04E992924E193EC87440160656.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\26A81D35CF1A48365980FBC9F17096BE5605C5C2.dat
c:\documents and settings\Admin\Application Data\Azureus\active\26A81D35CF1A48365980FBC9F17096BE5605C5C2.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\28A80421C928F95434E58AFA684A33A047C2DEBD.dat
c:\documents and settings\Admin\Application Data\Azureus\active\28A80421C928F95434E58AFA684A33A047C2DEBD.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\2EF46C06D5D92722B071D437F337ABA945D29A86.dat
c:\documents and settings\Admin\Application Data\Azureus\active\2EF46C06D5D92722B071D437F337ABA945D29A86.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\354D11A245E9DDBCD638DBA744E458A0A852B985.dat
c:\documents and settings\Admin\Application Data\Azureus\active\354D11A245E9DDBCD638DBA744E458A0A852B985.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\35F6E9AE908A5CF417D7355DD5F990049122986D.dat
c:\documents and settings\Admin\Application Data\Azureus\active\35F6E9AE908A5CF417D7355DD5F990049122986D.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\3E8E380BAEC9E783D9454D45E323003FDD148BFD.dat
c:\documents and settings\Admin\Application Data\Azureus\active\3E8E380BAEC9E783D9454D45E323003FDD148BFD.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\4317F1B258BFEDB7888515E96F8658195880817A.dat
c:\documents and settings\Admin\Application Data\Azureus\active\4317F1B258BFEDB7888515E96F8658195880817A.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\4592C25B993A989D2D8BC50BB0B33991B8902736.dat
c:\documents and settings\Admin\Application Data\Azureus\active\4592C25B993A989D2D8BC50BB0B33991B8902736.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\4ED86A0681644BDC049176D8BD4D61736D5D76D3.dat
c:\documents and settings\Admin\Application Data\Azureus\active\4ED86A0681644BDC049176D8BD4D61736D5D76D3.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\51AD73E1BEB77CA1673EAE4C9410ABF5896D5FDC.dat
c:\documents and settings\Admin\Application Data\Azureus\active\51AD73E1BEB77CA1673EAE4C9410ABF5896D5FDC.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\536F175C02A8F3D843134238785A5BEDC0053208.dat
c:\documents and settings\Admin\Application Data\Azureus\active\536F175C02A8F3D843134238785A5BEDC0053208.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\573D21F75ED792BD34159CE84CA3205D8130F9C0.dat
c:\documents and settings\Admin\Application Data\Azureus\active\573D21F75ED792BD34159CE84CA3205D8130F9C0.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\585C1BA3A6BCD894EF0D6793EF9072508AC7A8ED.dat
c:\documents and settings\Admin\Application Data\Azureus\active\585C1BA3A6BCD894EF0D6793EF9072508AC7A8ED.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\5ADDD0836D624B829BCDFF1157D5138DE1BD4FC2.dat
c:\documents and settings\Admin\Application Data\Azureus\active\5ADDD0836D624B829BCDFF1157D5138DE1BD4FC2.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\6CA33ECC96DC76D668348D37FC128A2ABB1F87C3.dat
c:\documents and settings\Admin\Application Data\Azureus\active\6CA33ECC96DC76D668348D37FC128A2ABB1F87C3.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\6FA1C2545D577A7C7CEE54178B815A22CB84FCCC.dat
c:\documents and settings\Admin\Application Data\Azureus\active\6FA1C2545D577A7C7CEE54178B815A22CB84FCCC.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\717352E6F7E4BF8E50238EF63DEA35E74DFB414C.dat
c:\documents and settings\Admin\Application Data\Azureus\active\717352E6F7E4BF8E50238EF63DEA35E74DFB414C.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\71992D1B1ABA9E7DC69DF083CC949C131E71664F.dat
c:\documents and settings\Admin\Application Data\Azureus\active\71992D1B1ABA9E7DC69DF083CC949C131E71664F.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\7240F86AC880FCA8CF3B3E7C7A28176767CEBD7F.dat
c:\documents and settings\Admin\Application Data\Azureus\active\7240F86AC880FCA8CF3B3E7C7A28176767CEBD7F.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\731C8D48ECB70D7FF2EF83F7C04B63B70A228B69.dat
c:\documents and settings\Admin\Application Data\Azureus\active\731C8D48ECB70D7FF2EF83F7C04B63B70A228B69.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\7F5CD2399DCAF3E42B793D56EBE25488C5979662.dat
c:\documents and settings\Admin\Application Data\Azureus\active\7F5CD2399DCAF3E42B793D56EBE25488C5979662.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\84556BD8882DC13F2C3DA49C29A44390A8224C81.dat
c:\documents and settings\Admin\Application Data\Azureus\active\84556BD8882DC13F2C3DA49C29A44390A8224C81.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\8621D4A3E348A26E61444F74000AFA33982F3C1C.dat
c:\documents and settings\Admin\Application Data\Azureus\active\8621D4A3E348A26E61444F74000AFA33982F3C1C.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\86A08FA1444069C1D1E9C8D5279DC7D4E30838F6.dat
c:\documents and settings\Admin\Application Data\Azureus\active\86A08FA1444069C1D1E9C8D5279DC7D4E30838F6.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\8895AD001A4C91E67950632B28A0B7AEBB2CC0D1.dat
c:\documents and settings\Admin\Application Data\Azureus\active\8895AD001A4C91E67950632B28A0B7AEBB2CC0D1.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\8D4B41DAC4C5F20864186A75E986FD795C17227B.dat
c:\documents and settings\Admin\Application Data\Azureus\active\8D4B41DAC4C5F20864186A75E986FD795C17227B.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\8DB1FE1D1F4B485CCEBC1BA844A51C8BF1C8996A.dat
c:\documents and settings\Admin\Application Data\Azureus\active\8DB1FE1D1F4B485CCEBC1BA844A51C8BF1C8996A.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\99A42D6990C685AF13D8581AA5E5079D9FCD03F0.dat
c:\documents and settings\Admin\Application Data\Azureus\active\99A42D6990C685AF13D8581AA5E5079D9FCD03F0.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\A039A1271895BF89A4051550CEE4016509028A89.dat
c:\documents and settings\Admin\Application Data\Azureus\active\A039A1271895BF89A4051550CEE4016509028A89.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\A55268C7BE6DD070A0077053CB6BD7FDBFA3BE3D.dat
c:\documents and settings\Admin\Application Data\Azureus\active\A55268C7BE6DD070A0077053CB6BD7FDBFA3BE3D.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\A72C58AC4E975EB76062F6AAC039CCB2A5DC7033.dat
c:\documents and settings\Admin\Application Data\Azureus\active\A72C58AC4E975EB76062F6AAC039CCB2A5DC7033.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\BD1D3AA19F6B1C93A235971E9363E7D9D12128B9.dat
c:\documents and settings\Admin\Application Data\Azureus\active\BD1D3AA19F6B1C93A235971E9363E7D9D12128B9.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\C855930F75655A9392D0EB67E5153B732CFC39B5.dat
c:\documents and settings\Admin\Application Data\Azureus\active\C855930F75655A9392D0EB67E5153B732CFC39B5.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\C9A1F49809B51B85C73ED0676EEEFD792B607DA4.dat
c:\documents and settings\Admin\Application Data\Azureus\active\C9A1F49809B51B85C73ED0676EEEFD792B607DA4.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\cache.dat
c:\documents and settings\Admin\Application Data\Azureus\active\CBCE44675AD3D1F38F9A243AD94A7E91780EC11C.dat
c:\documents and settings\Admin\Application Data\Azureus\active\CBCE44675AD3D1F38F9A243AD94A7E91780EC11C.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\CDA12B27A343988EEFE5552E512A817EFE97A24A.dat
c:\documents and settings\Admin\Application Data\Azureus\active\CDA12B27A343988EEFE5552E512A817EFE97A24A.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\CFE62C68C4683117FBE67B11D6A5059712C423F1.dat
c:\documents and settings\Admin\Application Data\Azureus\active\CFE62C68C4683117FBE67B11D6A5059712C423F1.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\D07B9DE537E39E7C20A812D89EC8A5F830F52B3B.dat
c:\documents and settings\Admin\Application Data\Azureus\active\D07B9DE537E39E7C20A812D89EC8A5F830F52B3B.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\D3ACE8E70A8D7D91DA75AA1042B8A6672FE8AAAB.dat
c:\documents and settings\Admin\Application Data\Azureus\active\D3ACE8E70A8D7D91DA75AA1042B8A6672FE8AAAB.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\D415DCB622C02D4B2C3F0515F41EDD899CA40EF9.dat
c:\documents and settings\Admin\Application Data\Azureus\active\D415DCB622C02D4B2C3F0515F41EDD899CA40EF9.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\D44FCB8227A65FFF3E4E65DB4FB29FB77E8465D0.dat
c:\documents and settings\Admin\Application Data\Azureus\active\D44FCB8227A65FFF3E4E65DB4FB29FB77E8465D0.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\DAF369A4DA6DD47914734D2C23B6D9119589B5AA.dat
c:\documents and settings\Admin\Application Data\Azureus\active\DAF369A4DA6DD47914734D2C23B6D9119589B5AA.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\E574ECEBC502A39E6FE476EC8DA0476A0566CFDE.dat
c:\documents and settings\Admin\Application Data\Azureus\active\E574ECEBC502A39E6FE476EC8DA0476A0566CFDE.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\E735EEA7A1F4331FFA1F6FB641BDD3CAB4CBCB7A.dat
c:\documents and settings\Admin\Application Data\Azureus\active\E735EEA7A1F4331FFA1F6FB641BDD3CAB4CBCB7A.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\EF9F365CDA4385B9C171254A1F02813E353A54A4.dat
c:\documents and settings\Admin\Application Data\Azureus\active\EF9F365CDA4385B9C171254A1F02813E353A54A4.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\F3A67D6C060A01836F92333C7656241BF96186C9.dat
c:\documents and settings\Admin\Application Data\Azureus\active\F3A67D6C060A01836F92333C7656241BF96186C9.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\F635F8ACFAA30DE110B8E3ECB01032FC85930C11.dat
c:\documents and settings\Admin\Application Data\Azureus\active\F635F8ACFAA30DE110B8E3ECB01032FC85930C11.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\F827CDC75C7E9F4B6437AFD39A5C698C4AFA559E.dat
c:\documents and settings\Admin\Application Data\Azureus\active\F827CDC75C7E9F4B6437AFD39A5C698C4AFA559E.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\active\FF2A2764A41E69CD48FEADFF1EF2E4A917157714.dat
c:\documents and settings\Admin\Application Data\Azureus\active\FF2A2764A41E69CD48FEADFF1EF2E4A917157714.dat.bak

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 6th June 2009, 6:49 pm

c:\documents and settings\Admin\Application Data\Azureus\azureus.config
c:\documents and settings\Admin\Application Data\Azureus\azureus.config.bak
c:\documents and settings\Admin\Application Data\Azureus\azureus.statistics
c:\documents and settings\Admin\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\Admin\Application Data\Azureus\banips.config
c:\documents and settings\Admin\Application Data\Azureus\banips.config.bak
c:\documents and settings\Admin\Application Data\Azureus\cache\1191085919.ico
c:\documents and settings\Admin\Application Data\Azureus\cnetworks.config
c:\documents and settings\Admin\Application Data\Azureus\devices.config
c:\documents and settings\Admin\Application Data\Azureus\devices.config.bak
c:\documents and settings\Admin\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Admin\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Admin\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Admin\Application Data\Azureus\dht\general.dat
c:\documents and settings\Admin\Application Data\Azureus\dht\version.dat
c:\documents and settings\Admin\Application Data\Azureus\downloads.config
c:\documents and settings\Admin\Application Data\Azureus\downloads.config.bak
c:\documents and settings\Admin\Application Data\Azureus\friends.config
c:\documents and settings\Admin\Application Data\Azureus\friends.config.bak
c:\documents and settings\Admin\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Admin\Application Data\Azureus\logs\alerts_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\clientid_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\CNetworks_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\debug_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\Devices_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\Friends_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\MetaSearch_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\MetaSearch_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\MetaSearch_Engine_3.txt
c:\documents and settings\Admin\Application Data\Azureus\logs\MetaSearch_Engine_4.txt
c:\documents and settings\Admin\Application Data\Azureus\logs\MetaSearch_Engine_5.txt
c:\documents and settings\Admin\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_alerts_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_AutoSpeedSearchHistory_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_clientid_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_CNetworks_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_debug_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_debug_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_Devices_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_Friends_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_Friends_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_MetaSearch_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_MetaSearch_Engine_3.txt
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_MetaSearch_Engine_4.txt
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_MetaSearch_Engine_5.txt
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_NetStatus_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_seltrace_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_seltrace_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_Subscriptions_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_Subscriptions_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_thread_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_thread_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_v3.ads_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_v3.ads_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_v3.CMsgr_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_v3.CMsgr_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_v3.emp_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_v3.emp_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_v3.Friends_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_v3.Friends_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_v3.MD_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_v3.PMsgr_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_v3.PMsgr_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_v3.Stream_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_v3.Stream_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\save\1243371350437_WP_xsearch_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\seltrace_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\Subscriptions_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\Subscriptions_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\v3.ads_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\v3.ads_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\v3.CMsgr_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\v3.CMsgr_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\v3.emp_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\v3.emp_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\v3.Friends_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\v3.Friends_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\v3.MD_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\v3.PMsgr_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\v3.PMsgr_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\v3.Stream_1.log
c:\documents and settings\Admin\Application Data\Azureus\logs\v3.Stream_2.log
c:\documents and settings\Admin\Application Data\Azureus\logs\WP_xsearch_1.log
c:\documents and settings\Admin\Application Data\Azureus\media\azpd\2B5Z3ZJX4OPHYIFICLMJ5SFF7AYPKKZ3.azpd
c:\documents and settings\Admin\Application Data\Azureus\media\azpd\CWBAQIZJRJNXF5CBY2SD22SDYHMP5JUI.azpd
c:\documents and settings\Admin\Application Data\Azureus\media\azpd\DNKZGZRLNC2UX6S22A4D3ED6T47KP6AM.azpd
c:\documents and settings\Admin\Application Data\Azureus\media\azpd\EIBYYPMAXUIYDEXDDO5RA6P7OIQ4RTEK.azpd
c:\documents and settings\Admin\Application Data\Azureus\media\azpd\GX3OTLUQRJOPIF6XGVO5L6MQASISFGDN.azpd
c:\documents and settings\Admin\Application Data\Azureus\media\azpd\IWJMEW4ZHKMJ2LMLYUF3BMZZSG4JAJZW.azpd
c:\documents and settings\Admin\Application Data\Azureus\media\azpd\KGWXHYN6W56KCZZ6VZGJIEFL6WEW2X64.azpd
c:\documents and settings\Admin\Application Data\Azureus\metasearch.config
c:\documents and settings\Admin\Application Data\Azureus\metasearch.config.bak
c:\documents and settings\Admin\Application Data\Azureus\net\pm_33491.dat
c:\documents and settings\Admin\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\Admin\Application Data\Azureus\plugins\azupnpav\cd.dat
c:\documents and settings\Admin\Application Data\Azureus\sidebarauto.config
c:\documents and settings\Admin\Application Data\Azureus\sidebarauto.config.bak

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 6th June 2009, 6:49 pm

c:\documents and settings\Admin\Application Data\Azureus\subs\01C36840FB41C06968B6.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\01D7FB72F0883670E7C6.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\02251A3847ED88653629.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\03D8F22765B9E59B32A1.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\047969C2F30A401262F9.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\04C5EE008E353478F7DD.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\050A57870455855A3132.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\06CC7A4CA2CF593B6496.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\07ABDD32A54D704B48FE.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\08747455E9CA451465D1.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\09A4EF071DB008D2F8DB.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\09B584381E122A0F9A8F.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\0AC74425FCD696B95977.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\0B335774B15DCD131FB0.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\0C09B63E9E28FA953B75.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\0F193C9F601B15C4EFFE.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\11C17078DCF36587B966.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\1318175E4E1FA98A9865.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\1631AA84DFD110F3231D.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\177BEAD0090D3FD31234.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\1A070CEE493845F89B8B.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\1E667A0720E9FDE3CEBB.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\2193CFBF2A957A71BCC8.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\21B6F154E1FA75E4DF0A.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\23874448F3148CDD35E7.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\23C07FC046663EDB38E5.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\23F3760A461D59A5B8A2.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\24B8E9AC78200A71D3DA.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\27CF15E0578C34A09F54.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\29B7186B74B1044C78C2.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\2F958A7A3C7B19922A3E.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\32E8D1849848B7F51127.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\3774F492F8108174D71D.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\38462949FB97ABE8B893.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\3A33F11D85FFE9C320D9.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\3DD4ECBF76D343BDD9E7.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\3E916F6AC713B06A5907.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\3FCA4D1D4D009F8AA8A0.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\400B09C6BFC041C77125.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\41B5BA8E964DADE2D58B.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\428870FB845DFB86BDFF.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\435D5B84D0343A7249CB.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\439758D9EB3FF8D12020.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\447229A3A371779E8871.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\4710AC5F3D3C27F45E03.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\48E8217C8F6D56B788DD.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\494DB665D52CE930E652.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\4D24F81910383150D4B1.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\4F5D92DCB17E8F9148BB.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\51D9E10A09C19163672D.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\5229CB43C96F35D36DA6.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\5318EA0BF31F86C58EEC.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\581765478D3517627C73.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\586F25A8AC6E08E107B0.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\593E19FE34603B591135.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\5C6542717DCDB8A1DDB3.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\5CBA0BA6AAA42E09B126.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\5E08384F3C29FCB89D12.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\5FC216874F02EEF79480.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\62FE6A1CAD12849F5889.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\632A20E73961F1C133F2.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\63DC69F61756525399E7.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\65D85767A5BC1B1B8F08.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\67ABAAD1A37AABB08206.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\68461FFBE2AB011691AE.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\68653E13756B7EC663C4.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\700728EBC484EA3BB411.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\7076DB20A5F225DDB82C.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\715F3715796844007AC1.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\726903235FBA8A05FF44.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\75073EF5A9EA448FA71D.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\7B8FBFD9880479B8715E.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\7CA3A4105F503F4F152A.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\7DE13DB53BE37CE417A3.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\80591F61EAE1F40B888B.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\8177A3B58DA3EE902869.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\87E23B1872099785E348.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\89121BC34E8EE3D3B4E9.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\8DE6E5753F5ADF094F49.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\9167E16C9B7944056AC7.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\91B2B05808E1B2FFA4F8.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\9503124110D1B19F2B0F.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\95B34C1A1F40931D0972.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\96530D21F0C4F96C2942.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\97FD078876FD4950C3AB.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\980B75A63F2C10201C14.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\982AAF7C4D13820B99B8.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\9EDB83DD6C0E3248906A.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\A1D26F82A30D6241E9B9.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\A57341AB2AA7A98D5F19.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\AA18A55630A89D766D85.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\ABC34F9CB98D7B615823.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\AF734186BA1B192A332E.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\AFF3714B9A807BBC51E5.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\B117B4D5EF69D9B0D8F2.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\B37E8F791BB645FF3B7C.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\B77A94F68395C6F819B7.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\BA41FA85DE7262460A0E.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\BBA708018991E48BD0CC.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\C102FD63F96A6EADDDC3.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\C36517FD1F6A6F0D86B6.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\C9BCF1F181CE789A2FEF.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\C9EBC80E3E1D103634DB.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\CE21093FD6B5AD5AE662.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\D138048375BC1399A289.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\D1398C18A77AD0F70C8D.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\D430901023DA75594565.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\D794E4A8EF34EC54B995.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\DADC7CE2609F97B8A5D5.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\E5FCFE9DE9D088991765.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\E67D8443DF3B6D5C02B4.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\E6925ADD353B0CC4752A.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\E8139A68B1EC9E7A6DAD.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\E945B0308AD3020B8B78.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\EA7C16520E10B526971B.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\F55CFA86DE0798F2E798.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\F61DD2E5A0FFAA417F95.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\F697EC37C5A4D154EB6F.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\F6EB481F42D7A6D98C5A.vuze
c:\documents and settings\Admin\Application Data\Azureus\subs\FCC85A671C589DE02BA0.vuze

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 6th June 2009, 6:50 pm

c:\documents and settings\Admin\Application Data\Azureus\subscriptions.config
c:\documents and settings\Admin\Application Data\Azureus\subscriptions.config.bak
c:\documents and settings\Admin\Application Data\Azureus\tables.config
c:\documents and settings\Admin\Application Data\Azureus\tables.config.bak
c:\documents and settings\Admin\Application Data\Azureus\timingstats.dat
c:\documents and settings\Admin\Application Data\Azureus\tmp\AZU33913.tmp
c:\documents and settings\Admin\Application Data\Azureus\tmp\AZU33914.tmp
c:\documents and settings\Admin\Application Data\Azureus\tmp\AZU33915.tmp
c:\documents and settings\Admin\Application Data\Azureus\tmp\AZU33916.tmp
c:\documents and settings\Admin\Application Data\Azureus\tmp\AZU33917.tmp
c:\documents and settings\Admin\Application Data\Azureus\tmp\AZU33918.tmp
c:\documents and settings\Admin\Application Data\Azureus\tmp\AZU33919.tmp
c:\documents and settings\Admin\Application Data\Azureus\tmp\AZU33920.tmp
c:\documents and settings\Admin\Application Data\Azureus\tmp\AZU33921.tmp
c:\documents and settings\Admin\Application Data\Azureus\tmp\AZU33922.tmp
c:\documents and settings\Admin\Application Data\Azureus\tmp\AZU33923.tmp
c:\documents and settings\Admin\Application Data\Azureus\torrents\AZ_39331.torrent
c:\documents and settings\Admin\Application Data\Azureus\torrents\AZ_39332.torrent
c:\documents and settings\Admin\Application Data\Azureus\torrents\AZ_54389.torrent
c:\documents and settings\Admin\Application Data\Azureus\torrents\AZ_61933.torrent
c:\documents and settings\Admin\Application Data\Azureus\torrents\AZ_63193.torrent
c:\documents and settings\Admin\Application Data\Azureus\torrents\AZU10999.tmp
c:\documents and settings\Admin\Application Data\Azureus\torrents\AZU28793.tmp
c:\documents and settings\Admin\Application Data\Azureus\torrents\AZU28796.tmp
c:\documents and settings\Admin\Application Data\Azureus\torrents\AZU49189.tmp

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 6th June 2009, 6:50 pm

c:\documents and settings\Admin\Application Data\Azureus\tracker.config
c:\documents and settings\Admin\Application Data\Azureus\tracker.config.bak
c:\documents and settings\Admin\Application Data\Azureus\unsentdata.config
c:\documents and settings\Admin\Application Data\Azureus\unsentdata.config.bak
c:\documents and settings\Admin\Application Data\Azureus\update.log
c:\documents and settings\Admin\Application Data\Azureus\update.properties
c:\documents and settings\Admin\Application Data\Azureus\v3.Friends.dat
c:\documents and settings\Admin\Application Data\Azureus\v3.Friends.dat.bak
c:\documents and settings\Admin\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\Admin\Application Data\Azureus\VuzeActivities.config.bak
c:\program files\Coupons
c:\program files\Coupons\Coupons.com.url
c:\program files\Coupons\uninstall.exe
c:\program files\Coupons\Uninstall\IRIMG1.JPG
c:\program files\Coupons\Uninstall\IRIMG2.JPG
c:\program files\Coupons\Uninstall\IRIMG3.JPG
c:\program files\Coupons\Uninstall\IRIMG4.JPG
c:\program files\Coupons\Uninstall\IRIMG5.JPG
c:\program files\Coupons\Uninstall\IRIMG6.JPG
c:\program files\Coupons\Uninstall\IRIMG7.JPG
c:\program files\Coupons\Uninstall\IRIMG8.JPG
c:\program files\Coupons\Uninstall\uninstall.dat
c:\program files\Coupons\Uninstall\uninstall.xml
c:\program files\Vuze
c:\program files\Vuze\.install4j\_shfoldr.dll
c:\program files\Vuze\.install4j\autoUninstall.0
c:\program files\Vuze\.install4j\files.log
c:\program files\Vuze\.install4j\i4j_extf_0_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_1_5p83tu_1q2vg51.png
c:\program files\Vuze\.install4j\i4j_extf_10_5p83tu_15u5iv8.png
c:\program files\Vuze\.install4j\i4j_extf_11_5p83tu_1hztszn.png
c:\program files\Vuze\.install4j\i4j_extf_12_5p83tu.exe
c:\program files\Vuze\.install4j\i4j_extf_13_5p83tu_z1x7tn.png
c:\program files\Vuze\.install4j\i4j_extf_2_5p83tu_1rjd818.png
c:\program files\Vuze\.install4j\i4j_extf_3_5p83tu_qin5kk.png
c:\program files\Vuze\.install4j\i4j_extf_4_5p83tu_xza4ha.png
c:\program files\Vuze\.install4j\i4j_extf_5_5p83tu_19c5po3.png
c:\program files\Vuze\.install4j\i4j_extf_6_5p83tu_bm8amj.ico
c:\program files\Vuze\.install4j\i4j_extf_7_5p83tu.exe
c:\program files\Vuze\.install4j\i4j_extf_8_5p83tu.dll
c:\program files\Vuze\.install4j\i4j_extf_9_5p83tu.xpi
c:\program files\Vuze\.install4j\i4jdel.exe
c:\program files\Vuze\.install4j\i4jinst.dll
c:\program files\Vuze\.install4j\i4jparams.conf
c:\program files\Vuze\.install4j\i4jruntime.jar
c:\program files\Vuze\.install4j\inst_jre.cfg
c:\program files\Vuze\.install4j\install.prop
c:\program files\Vuze\.install4j\installation.log
c:\program files\Vuze\.install4j\MessagesDefault
c:\program files\Vuze\.install4j\response.varfile
c:\program files\Vuze\.install4j\unicows.dll
c:\program files\Vuze\.install4j\user.jar
c:\program files\Vuze\aereg.dll
c:\program files\Vuze\Azureus.exe
c:\program files\Vuze\Azureus.exe.manifest
c:\program files\Vuze\Azureus.properties
c:\program files\Vuze\Azureus2.jar
c:\program files\Vuze\AzureusUpdater.exe
c:\program files\Vuze\GPL.txt
c:\program files\Vuze\hs_err_pid2256.log
c:\program files\Vuze\hs_err_pid3696.log
c:\program files\Vuze\hs_err_pid9964.log
c:\program files\Vuze\installer.log
c:\program files\Vuze\msvcr71.dll
c:\program files\Vuze\plugins\azemp\azemp_2.0.34.jar
c:\program files\Vuze\plugins\azemp\azemp_2.1.02.jar
c:\program files\Vuze\plugins\azemp\azemp_2.1.02.zip
c:\program files\Vuze\plugins\azemp\azmplay.exe
c:\program files\Vuze\plugins\azemp\azmplay.exe.bak
c:\program files\Vuze\plugins\azemp\azureus.sig
c:\program files\Vuze\plugins\azemp\cp1250-a.raw
c:\program files\Vuze\plugins\azemp\cp1250-a.raw.bak
c:\program files\Vuze\plugins\azemp\cp1250-b.raw
c:\program files\Vuze\plugins\azemp\cp1250-b.raw.bak
c:\program files\Vuze\plugins\azemp\font.desc
c:\program files\Vuze\plugins\azemp\font.desc.bak
c:\program files\Vuze\plugins\azemp\mplayer\config
c:\program files\Vuze\plugins\azemp\osd-mplayer-a.raw
c:\program files\Vuze\plugins\azemp\osd-mplayer-a.raw.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-b.raw
c:\program files\Vuze\plugins\azemp\osd-mplayer-b.raw.bak
c:\program files\Vuze\plugins\azemp\plugin.properties
c:\program files\Vuze\plugins\azemp\plugin.properties_2.1.02
c:\program files\Vuze\plugins\azplugins\azplugins_2.1.6.jar
c:\program files\Vuze\plugins\azrating\azrating_1.3.1.jar
c:\program files\Vuze\plugins\azupdater\azupdaterpatcher_1.8.8.jar
c:\program files\Vuze\plugins\azupdater\azureus.sig
c:\program files\Vuze\plugins\azupdater\plugin.properties
c:\program files\Vuze\plugins\azupdater\Updater.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.17.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.17.zip
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.5.jar
c:\program files\Vuze\plugins\azupnpav\azureus.sig
c:\program files\Vuze\plugins\azupnpav\plugin.properties
c:\program files\Vuze\plugins\azupnpav\plugin.properties_0.2.17
c:\program files\Vuze\swt.jar
c:\program files\Vuze\uninstall.exe
c:\program files\Vuze\Vuze.ico
c:\windows\9dbsteal45z.bin
c:\windows\Cache

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 6th June 2009, 6:51 pm

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ130
-------\Service_cpuz130


((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
.

2050-06-01 07:12 . 2050-06-01 07:12 -------- d-----w- c:\program files\Trend Micro
2009-06-04 04:22 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-06-04 04:22 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-06-04 04:22 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-06-04 04:22 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2009-06-02 23:25 . 2009-06-02 23:25 -------- d-----w- c:\program files\iPod
2009-06-02 23:25 . 2009-06-02 23:26 -------- d-----w- c:\program files\iTunes
2009-06-02 23:24 . 2009-06-02 23:24 -------- d-----w- c:\program files\QuickTime
2009-06-02 23:22 . 2009-06-02 23:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-30 00:13 . 2009-05-30 00:13 -------- d-----w- c:\documents and settings\Admin\Application Data\AVS4YOU
2009-05-30 00:13 . 2009-05-30 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-05-30 00:12 . 2009-05-30 12:51 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-05-30 00:12 . 2009-01-29 01:49 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-05-30 00:12 . 2009-05-30 12:55 -------- d-----w- c:\program files\AVS4YOU
2009-05-29 23:05 . 2009-05-29 23:05 -------- d-----w- c:\documents and settings\jimi
2009-05-29 22:58 . 2009-05-30 12:49 -------- d-----w- c:\program files\iriver
2009-05-29 03:51 . 2050-06-01 07:10 3584 ----a-w- c:\windows\system32\fdclient.dll
2009-05-29 03:51 . 2050-06-01 07:10 5632 ----a-w- c:\windows\system32\ptco.dll
2009-05-29 03:51 . 2050-06-01 07:10 7680 ----a-w- c:\windows\system32\protect.dll
2009-05-29 03:51 . 2050-06-01 07:10 3072 ----a-w- c:\windows\system32\pxcrt.dll
2009-05-29 03:51 . 2050-06-01 07:10 4836 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\SystemBackup\mt_32.dll
2009-05-29 03:51 . 2009-05-29 03:50 10752 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\SystemBackup\browserui.dll
2009-05-29 03:51 . 2009-05-29 03:50 13824 ----a-w- c:\documents and settings\Admin\Application Data\Microsoft\SystemBackup\winload.dll
2009-05-29 03:51 . 2050-06-01 07:10 19968 ----a-w- c:\windows\system32\mshtmllib.dll
2009-05-29 03:51 . 2050-06-01 07:10 7686 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\main\mt_32.dll
2009-05-29 03:51 . 2009-05-29 03:50 10752 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\main\browserui.dll
2009-05-29 03:51 . 2009-05-29 03:50 13824 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\main\winload.dll
2009-05-29 03:51 . 2009-05-29 03:50 4096 ----a-w- c:\windows\system32\clfsw.dll
2009-05-29 03:50 . 2009-05-29 03:50 6144 ----a-w- c:\windows\system32\mscert.dll
2009-05-29 03:50 . 2009-05-29 03:50 10752 ----a-w- c:\windows\system32\browserui.dll
2009-05-28 09:44 . 2009-05-28 09:44 -------- d-----w- c:\documents and settings\Admin\Application Data\Deckadance
2009-05-28 08:50 . 2009-05-28 08:50 -------- d-----w- c:\program files\Outsim
2009-05-27 20:28 . 2009-05-27 20:42 19558 ----a-w- c:\windows\hpoins01.dat
2009-05-27 20:28 . 2003-04-22 15:24 16606 ------w- c:\windows\hpomdl01.dat
2009-05-26 12:45 . 2009-05-26 12:45 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-26 12:45 . 2009-05-26 20:42 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-05-21 22:51 . 2009-05-21 22:51 41808 ----a-w- c:\windows\system32\xfcodec.dll

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 6th June 2009, 6:52 pm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2050-06-01 07:10 . 2009-02-08 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-06 17:43 . 2009-02-15 16:18 -------- d-----w- c:\program files\PeerGuardian2
2009-06-05 03:19 . 2009-02-08 23:50 189496 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-05 02:41 . 2009-02-08 23:50 139984 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-04 04:08 . 2009-02-15 10:12 -------- d-----w- c:\documents and settings\Admin\Application Data\Xfire
2009-06-02 23:25 . 2009-02-21 02:09 -------- d-----w- c:\program files\Common Files\Apple
2009-06-02 23:20 . 2009-02-15 10:12 -------- d-----w- c:\program files\Xfire
2009-06-02 08:02 . 2009-04-30 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-30 00:01 . 2009-05-05 03:28 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2009-05-28 08:52 . 2009-04-18 18:46 -------- d-----w- c:\program files\Image-Line
2009-05-28 08:52 . 2009-04-18 18:47 -------- d-----w- c:\program files\VstPlugins
2009-05-26 12:46 . 2009-03-11 18:44 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools Lite
2009-05-26 05:33 . 2009-03-11 18:44 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-24 23:00 . 2009-02-22 19:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-06 01:52 . 2009-04-17 22:56 -------- d-----w- c:\program files\Call of Duty Game of the Year Edition
2009-05-06 00:11 . 2009-04-17 09:31 80967 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\Uninstall.exe
2009-05-06 00:11 . 2009-04-17 09:31 -------- d-----w- c:\documents and settings\Admin\Application Data\IMVUClient
2009-05-06 00:11 . 2009-05-06 00:09 16034824 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\installer\SetupImvu_update.exe
2009-05-02 23:58 . 2009-02-09 00:21 -------- d-----w- c:\documents and settings\Admin\Application Data\Corel
2009-05-02 23:58 . 2009-02-09 00:21 88 --sh--r- c:\windows\system32\6309560825.sys
2009-05-02 23:58 . 2009-02-09 00:21 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-04-30 20:25 . 2009-04-30 20:25 95584 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\IMVUupdater.exe
2009-04-30 20:25 . 2009-04-30 20:25 49920 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\IMVUClient.exe
2009-04-30 20:25 . 2009-04-30 20:25 19200 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\imvuqualityagent.exe
2009-04-30 17:10 . 2009-04-17 09:31 -------- d-----w- c:\documents and settings\Admin\Application Data\IMVU
2009-04-30 06:49 . 2009-02-08 20:25 70920 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 03:16 . 2009-04-30 03:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire Plus
2009-04-30 03:13 . 2009-04-30 03:13 -------- d-----w- c:\program files\Microsoft Works
2009-04-30 03:13 . 2009-02-08 15:55 -------- d-----w- c:\program files\MSBuild
2009-04-30 03:11 . 2009-04-30 03:11 -------- d-----w- c:\program files\Microsoft.NET
2009-04-30 03:09 . 2009-04-30 03:09 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-04-28 17:04 . 2009-04-27 23:08 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-04-28 17:03 . 2009-04-28 17:03 -------- d-----w- c:\program files\Windows Mobile Device Handbook
2009-04-26 19:15 . 2009-04-26 19:15 -------- d-----w- c:\documents and settings\Admin\Application Data\Xfire Plus
2009-04-26 19:15 . 2009-04-26 19:15 -------- d-----w- c:\program files\Xfire Plus
2009-04-25 02:03 . 2009-04-25 02:03 -------- d-----w- c:\documents and settings\Admin\Application Data\NeroDCTemplates
2009-04-23 22:52 . 2009-04-23 22:52 38400 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\MemoryHook.dll
2009-04-23 22:52 . 2009-04-23 22:52 288768 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\cal3d.dll
2009-04-23 22:52 . 2009-04-23 22:52 185856 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\boost_python.dll
2009-04-23 22:52 . 2009-04-23 22:52 256000 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\audiere.dll
2009-04-23 22:51 . 2009-04-23 22:51 28672 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\CallStack.dll
2009-04-23 19:24 . 2009-02-08 22:05 15600 ----a-w- c:\windows\gdrv.sys
2009-04-22 18:43 . 2009-02-15 09:55 -------- d-----w- c:\program files\Winamp
2009-04-22 17:28 . 2009-04-22 17:28 9433600 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\xul.dll
2009-04-22 17:10 . 2009-02-08 22:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-22 17:10 . 2009-04-22 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2009-04-22 05:20 . 2009-04-22 05:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-22 05:20 . 2009-04-22 05:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-22 00:27 . 2009-04-22 00:26 -------- d-----w- c:\documents and settings\Admin\Application Data\Ventrilo
2009-04-22 00:26 . 2009-04-22 00:26 -------- d-----w- c:\program files\Ventrilo
2009-04-22 00:25 . 2009-02-08 23:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-18 18:47 . 2009-04-18 18:47 -------- d-----w- c:\program files\ASIO4ALL v2
2009-04-17 09:18 . 2009-03-18 20:21 -------- d-----w- c:\program files\Common Files\Nero
2009-04-17 09:18 . 2009-03-18 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-04-17 09:10 . 2009-02-08 22:57 -------- d-----w- c:\program files\Nero
2009-04-17 08:44 . 2009-04-17 08:44 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-04-16 13:31 . 2009-02-08 23:50 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-04-15 13:32 . 2009-02-22 18:02 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-13 17:32 . 2009-02-08 23:50 22328 ----a-w- c:\documents and settings\Admin\Application Data\PnkBstrK.sys
2009-04-13 17:32 . 2009-02-08 23:50 22328 ----a-w- c:\documents and settings\Admin\Application Data\PnkBstrK.sys
2009-04-13 17:32 . 2009-02-08 23:50 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-04-13 01:29 . 2009-04-13 01:29 10134 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{7E4B7FD9-4ECE-4298-A910-3160B7918059}\ARPPRODUCTICON.exe
2009-04-13 01:29 . 2009-04-10 06:14 -------- d-----w- c:\program files\Electronic Arts
2009-04-13 01:16 . 2009-02-08 22:07 -------- d-----w- c:\program files\Realtek
2009-04-13 01:16 . 2009-02-09 00:42 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-12 23:43 . 2009-04-12 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-04-10 16:44 . 2009-04-10 14:23 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
2009-04-10 06:14 . 2009-04-10 06:14 5054 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-04-10 06:14 . 2009-04-10 06:14 -------- d-----w- c:\documents and settings\Admin\Application Data\Leadertech
2009-04-10 06:03 . 2009-02-09 00:45 -------- d-----w- c:\program files\EA Games
2009-04-07 20:11 . 2009-04-07 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-06 16:04 . 2009-04-06 16:04 271929 ----a-w- c:\documents and settings\Admin\Application Data\IMVUClient\pixomatic.dll
2009-04-06 07:26 . 2009-02-08 15:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-05 20:17 . 2009-04-05 20:17 8854 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
2009-04-05 20:17 . 2009-04-05 20:17 40960 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2009-04-05 20:17 . 2009-04-05 20:17 10134 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
2009-04-03 19:41 . 2009-04-03 19:41 8854 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\Uninstall_GameShadow_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
2009-04-03 19:41 . 2009-04-03 19:41 45056 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\GameShadow.exe1_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
2009-04-03 19:41 . 2009-04-03 19:41 45056 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\GameShadow.exe_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
2009-04-03 19:41 . 2009-04-03 19:41 40960 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\GSDR.exe_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
2009-04-03 19:41 . 2009-04-03 19:41 40960 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\ARPPRODUCTICON.exe
2009-04-02 07:18 . 2009-02-09 01:02 989 ----a-w- c:\windows\eReg.dat
2009-04-01 10:22 . 2009-04-01 10:22 207872 ----a-w- c:\documents and settings\Admin\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-04-01 10:22 . 2009-04-01 10:22 207872 ----a-w- c:\documents and settings\Admin\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-04-01 10:22 . 2009-04-01 10:22 207872 ----a-w- c:\documents and settings\Admin\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-04-01 10:22 . 2009-04-01 10:22 207872 ----a-w- c:\documents and settings\Admin\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-03-29 21:38 . 2009-03-29 21:38 315392 ----a-w- c:\windows\HideWin.exe
2009-03-27 13:14 . 2009-02-22 18:13 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-03-26 13:25 . 2009-02-25 06:54 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2009-03-26 11:54 . 2009-03-26 11:53 1469952 ----a-w- c:\documents and settings\Admin\Application Data\tsdnwin.dll
2009-03-26 11:54 . 2009-03-26 11:53 1469952 ----a-w- c:\documents and settings\Admin\Application Data\tsdnwin.dll
2009-03-21 14:06 . 2009-03-21 14:06 280576 ----a-w- c:\windows\system32\esihdopo.dll
2009-03-20 23:31 . 2009-03-20 23:31 1594541 ----a-w- c:\windows\WANEUninstaller.exe
2009-03-19 21:32 . 2009-03-19 21:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 21:32 . 2009-02-21 02:11 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 22:08 . 2009-03-08 22:08 2238 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_FD01BA332C9B5EB2DD9477.exe
2009-03-08 22:08 . 2009-03-08 22:08 2238 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_F2A3CDA9D6E45262B1E433.exe
2009-03-08 22:08 . 2009-03-08 22:08 2238 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_AC8DB0FAAD0C70FF86AE17.exe
2009-03-08 22:08 . 2009-03-08 22:08 2238 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_6FEFF9B68218417F98F549.exe
2009-03-08 22:08 . 2009-03-08 22:08 2238 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{080EC56E-708E-4F76-8777-F925ED655C9A}\_21F3885A18D238E15AAE81.exe

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 6th June 2009, 6:52 pm

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-06 17:30 . 2009-06-06 17:30 16384 c:\windows\Temp\Perflib_Perfdata_f44.dat
+ 2009-06-06 17:43 . 2009-06-06 17:43 16384 c:\windows\Temp\Perflib_Perfdata_cbc.dat
+ 2009-06-06 17:42 . 2009-06-06 17:42 16384 c:\windows\Temp\Perflib_Perfdata_4e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-05-18 1230848]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-04 987187]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-07-07 675935]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 780312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"Xfire Music"="c:\program files\Xfire\xfiremusic.exe" [2006-11-21 253650]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"Tweak UI"="TWEAKUI.CPL" - c:\windows\system32\tweakui.cpl [2003-03-25 106544]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-05-18 1230848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Styler.lnk - c:\documents and settings\Admin\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-2-8 15086]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-21 06:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XII\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XII\\RpcSandraSrv.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"d:\\Games\\Left.4.Dead.Full-Rip.Skullptura\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Games\\Worms Armageddon - New Edition\\WA.exe"=
"c:\\Program Files\\Pyro Studios\\Imperial Glory\\ImperialGlory.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 6th June 2009, 6:53 pm

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2009 4:55 AM 24652]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [4/3/2009 8:48 PM 11596]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [4/12/2009 8:16 PM 8960]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [4/12/2009 8:16 PM 11264]
S3 RTLVLAN;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLVLAN.SYS [4/12/2009 8:16 PM 25984]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
"%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
"%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
HIDEC /W "%VAIOTOOLS%\regtlib.exe" "%ProgramFiles%\Windows Sidebar\sidebar.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-05-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-20 00:53]

2009-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-05-27 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4235148267.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]

2009-05-12 c:\windows\Tasks\Mozilla Firefox.job
- c:\progra~1\MOZILL~2\firefox.exe [2009-02-08 19:34]

2050-06-01 c:\windows\Tasks\User_Feed_Synchronization-{85DF6892-6523-42C0-AB0E-3D548C4571C8}.job
- c:\windows\system32\msfeedssync.exe [2007-10-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\yno382d1.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\extensions\info@google.com\components\FFLocal.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-06 12:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-602162358-1220945662-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-602162358-1220945662-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:47,85,dd,4f,9a,cb,1c,c6,06,04,29,71,80,be,23,be,55,6f,36,fb,68,40,e9,
20,23,5c,b1,b6,b9,e0,ef,18,f8,35,cc,e1,ec,d9,e5,7d,a2,a4,41,32,26,71,60,54,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-602162358-1220945662-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:95,cf,64,66,1a,05,95,ef,66,61,21,e9,31,a4,85,c4,3c,b2,67,20,6b,
0b,3e,bd,3f,bf,8c,e6,bf,44,0a,8b,b7,53,95,ed,7b,17,cc,08,38,2f,ce,91,8a,61,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="782A867641CA09BFFA437499B17F1F04A62AEC5870EC6727A27AF512944869B00645465A1963DED777C4A86C1EEBFE3011289D20003C8FEE9B63E173AB364DBC1499B329DC341A950515F46F92078642B248929D688525540FEAC37C33A52FB8059998A16FB3F7DF0C94D1590689306A9A7E10A15AE17F6ED135CE352C32E4C913BB35A6471C69824CACAB85836E2B3D2A41CEA195AD2BBC0BEB284DAEB5F5F349F7BA3F72EA162C554662F4AC7359B2190E7CB56E08661FB6BBE816E4D49E24FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407323B2F83B3B281ED26B7EE608A93955242824D5BE652147E3C1E383BC60CE37A53D06BB2EBDC09400078E5EC43360D8C04713E2A0E53B1413D0CBBE369B5F5D9D016C38E1AB2EA6B236C13DF2E93D63B21A84EA8EDC4AC5BD6D0DF439D0FCDE0DA9D9C0A0AEC9CA782D9C762EDE6E82170BF5E5C1E7F1939E670B0540F33BA477380CFB69D884C93E7884C4339ABE9E4A04DC0E9CAA1BC291F782EB87D0140A3F1D9AA504AC3D82E6CC4D8F2D824381030F13B1E320F8EDF05754D323F1D13718049ECB1982355DD81DF9B88AC55E291754C0BE527EC3EF3727AF4A93A6C1F131E714C5DA770886CEAADB7BD27872FBC18055ED513242C60151F02ABEB1D814C9EFB72F726B6EE073F8742EFCC4816C5174456A4EEE46F06EEFDC4E6649A8E45A6927C49DAC538406BC9C4A1B8E9C2C840B68C2C4BA0CF27D5B400B0C81CCB0933E6793E1FB2C70B30553FF71AFE9644BA110B6CCA8CCB6BF2666C7F4F95740B122BF06960D534C31F0FA13EB1E32719FD055187A4A315DDC5B9B66FC543F59E6517D97E9EC94AA420DED261D7B2BA8FD74FD1C4A5250FEE1E59FD410D25737AA46623D6F0EE09D171B22D73F44F4F51682C730FAA1056F0A27356D8177C43BC9AD9AB6FFEEA24CFA0F8FC2A075D956BA3DE11F4A8AEB79C4DBB473D6E53706466B34B680725030612A8875F22457152D3A9FA2A2708338BEAE8CE1B2FF0B8577A3B4807D94941457D3900116CB5FADB945AF28440EA7FBD1F34DAC108688FDD1DBE61B3DCC8ADBC6E2791611E9F8042D7BB3080A36A85185DDD51253E8A1A23698B467D0AD54C03C473D91607B77F2362A05EBA145CE3DF7127095DAA6EB4394E751D92ECE9551035A3EB1989773002CADD1C786BD9EAC2F7D7CDA7B8EFEC120FD4FEC9A8C0B3C2463F4B789B1B78C4004D7C9E90C2204D6339DF61692F8409C184F71AF15B875BD453F466C625F5B5C24E07B907B73E75F79B748FCF8D73D7D0658923117DA3008F70D5B72A5A788327C0B5F6DF2032915250B1DA1533E221FC5AA9A2E42E8FBA7B2BCEE6794305C0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(6316)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by mage420 on 6th June 2009, 6:53 pm

------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Razer\Copperhead\razertra.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\RocketDock\RocketDock.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Styler\Styler.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2009-06-06 12:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-06 17:46
ComboFix2.txt 2009-06-04 04:24

Pre-Run: 356,492,214,272 bytes free
Post-Run: 356,364,062,720 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=2,3,4,5
913 --- E O F --- 2009-06-02 08:03

mage420
Novice
Novice

Posts Posts : 18
Joined Joined : 2009-06-04
OS OS : Windows XP
Points Points : 27488
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winblue soft

Post by Belahzur on 6th June 2009, 7:05 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum