infected with winblue soft----stage after running combofix

View previous topic View next topic Go down

infected with winblue soft----stage after running combofix

Post by cruzin008 on 5th June 2009, 2:49 am

HI,
my pc was infected with winblue soft...i followed the instructions that u specified in the other posts.....and executed combofix.exe....now i noticed that the logs created were different for different people, hence i need ur help from this point on....my log is as follows:-

ComboFix 09-06-04.06 - Jennifer 04-06-2009 22:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.91.1033.18.3069.1710 [GMT -4:00]
Running from: c:\users\Jennifer\Desktop\Combo-Fix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\101t5reat1043z9.cpl
c:\windows\1030vi5z59.bin
c:\windows\103569o5-z-virus2ca.cpl
c:\windows\10405not-a-virzs79c.cpl
c:\windows\10597virus5z25.ocx
c:\windows\10954wo5m1cbz.ocx
c:\windows\112bspzwa9e16065.dll
c:\windows\11522hacktooz902.exe
c:\windows\11581spz749.ocx
c:\windows\1196trzj1825.dll
c:\windows\121cadzw5re3189.cpl
c:\windows\128z2sp597d.ocx
c:\windows\13025h9cktoolzed.exe
c:\windows\130659i5zs17d.ocx
c:\windows\1379w9zm550.cpl
c:\windows\14954spy45z.exe
c:\windows\15091v9ruz228.bin
c:\windows\150edownlo9dez2527.ocx
c:\windows\15177spambotzb99.exe
c:\windows\1529not5a-virzs97.cpl
c:\windows\1532backd5oz9368.exe
c:\windows\15380spambot5z9.exe
c:\windows\153z9ot-5-virus309.cpl
c:\windows\154es9yzare2267.ocx
c:\windows\1557zt9oj57e.exe
c:\windows\15729spambot1z8.exe
c:\windows\15963spam5zt5999.dll
c:\windows\15d9st9al16z0.ocx
c:\windows\15e6spz9se22455.ocx
c:\windows\16325z9j4a.dll
c:\windows\164hackt9oz25e.bin
c:\windows\1654z9orm155.bin
c:\windows\179fs9ar5ez859.cpl
c:\windows\18175v9zus69f.exe
c:\windows\18248spamz5t95.exe
c:\windows\18390hacktozl695.dll
c:\windows\18z4d9wnloade5113.ocx
c:\windows\18z9n5t-a-virus65f.ocx
c:\windows\19059zorm5f9.ocx
c:\windows\1917sparse560z.bin
c:\windows\1945v591916z.ocx
c:\windows\1953downlozd5r2597.ocx
c:\windows\1954vir297z.cpl
c:\windows\19659n5t-z-virus465.dll
c:\windows\196d5dzware2855.bin
c:\windows\197z2hacktool5af.bin
c:\windows\1987baczdoo52926.exe
c:\windows\19z75virus1b15.dll
c:\windows\19zespy9are5748.ocx
c:\windows\1a395ir1z5.exe
c:\windows\1bfbdowzloader2995.dll

cruzin008
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-03
OS OS : Vista
Points Points : 27497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by cruzin008 on 5th June 2009, 2:49 am

c:\windows\1c86th9efz0325.cpl
c:\windows\1f1as95ware23z.exe
c:\windows\1f8a9pywarz5194.dll
c:\windows\1z549v5rus378.bin
c:\windows\1z586spambot955.ocx
c:\windows\20045viruz922.ocx
c:\windows\20179hzckt5ol4ae.bin
c:\windows\202705orm2z9.cpl
c:\windows\20555not9a-virus455z.dll
c:\windows\205595arse9z7.bin
c:\windows\20696spamboz1b5.dll
c:\windows\21319t5ojz25.cpl
c:\windows\21396hackzool55a5.exe
c:\windows\2141zvir9529c.bin
c:\windows\217529irus4fz.dll
c:\windows\21767zroj59.exe
c:\windows\21950tzoj109.cpl
c:\windows\21963not-a-vzrus59.ocx
c:\windows\2209zspy95.bin
c:\windows\220w5z9707.dll
c:\windows\225dv9r293z.exe
c:\windows\23009spambot552z.bin
c:\windows\2319zh5cktool318.ocx
c:\windows\2373z9r5at11665.bin
c:\windows\23934z5t-a-vi9us77d.exe
c:\windows\23b2t5iz91986.cpl
c:\windows\23z439py5d4.dll
c:\windows\24085ddware9z72.cpl
c:\windows\24694hac5tool3z3.dll
c:\windows\25339zro91e2.bin
c:\windows\25385tro9ez.ocx
c:\windows\256bztea91139.cpl
c:\windows\2590threat1318z5.cpl
c:\windows\2593spyzare27965.cpl
c:\windows\25997viruz590.dll
c:\windows\25z06t5ojed9.cpl
c:\windows\25z34tr9j78.ocx
c:\windows\262585or9bz.bin
c:\windows\264209ozm545.dll
c:\windows\26z6thr9at19562.cpl
c:\windows\2705dd9are179z.dll
c:\windows\2707adzw5re2649.exe
c:\windows\27091ha5ktoolz9f.dll
c:\windows\2727z5r9j218.dll
c:\windows\27515spamzot2e9.cpl
c:\windows\275p9rse12z0.bin
c:\windows\2776zspamb9t353.exe
c:\windows\27865hz9f2129.dll
c:\windows\27z5spyware9185.dll
c:\windows\282195arsz3272.exe
c:\windows\282655o9m64z.cpl
c:\windows\28557spam9ot5ez.exe
c:\windows\28558not-azvir9s3c9.exe
c:\windows\28882haczto5l57e9.exe
c:\windows\28z55s5y5069.exe
c:\windows\290305ackzool691.ocx
c:\windows\29286zirus915.dll
c:\windows\2959stz9l5383.bin
c:\windows\29689s5amboz496.cpl
c:\windows\29852zroj90b.bin
c:\windows\29desparsz550.cpl
c:\windows\2a45bac9zoor1866.ocx
c:\windows\2as5yw9re55z.bin
c:\windows\2c19spywarz559.cpl
c:\windows\2c50spywaz59262.exe
c:\windows\2d97t5reat10z76.exe
c:\windows\2ebzspa5s9312.dll
c:\windows\2f00thief59z5.cpl
c:\windows\2fb1s5eaz892.ocx
c:\windows\2z09threa57998.bin
c:\windows\2z695tr9j46b.cpl
c:\windows\2z954sp5mbot925.exe
c:\windows\2za5thie91760.exe
c:\windows\30396w95m6z8.cpl
c:\windows\3040zacktoo9345.ocx
c:\windows\30584t9oj7fz.dll
c:\windows\30585vz9us5d3.cpl
c:\windows\30599spy3eez.bin
c:\windows\311aspywzr97845.exe
c:\windows\316255ackt9ol7z3.dll
c:\windows\3195zd9ware273.cpl
c:\windows\31966n5t-az9irus408.exe
c:\windows\320059acktool3z0.exe
c:\windows\32d5dow9loz5er567.bin
c:\windows\33b5zhi9f26535.cpl
c:\windows\33eedo5nloaz9r793.bin
c:\windows\3555spa9se1430z.ocx
c:\windows\358d9pywarz1506.bin
c:\windows\358ezpar5e1609.bin
c:\windows\35975ddware2329z.dll
c:\windows\35f6v5r92z.bin
c:\windows\3695v9rzs58c.ocx
c:\windows\38dspywa5z394.ocx
c:\windows\394bthrea925z965.bin
c:\windows\3951spzware9600.dll
c:\windows\3e4esze9l525.bin
c:\windows\3e95vi913z6.exe
c:\windows\3ea5spyzare1995.ocx
c:\windows\3z299no9-5-virus6d5.cpl
c:\windows\3z350worm91b.ocx
c:\windows\3z355p9ware202.exe
c:\windows\3z954spy3c7.cpl
c:\windows\4054t9oj7zb.cpl
c:\windows\40559zj234.exe
c:\windows\4066sp9waz51085.ocx
c:\windows\4073b5ckdoor968z.dll
c:\windows\40995acktool22z.exe
c:\windows\41145hreat17z779.dll
c:\windows\4124haczto9l705.exe
c:\windows\425f9pywaze366.bin
c:\windows\4311wor9z56.bin
c:\windows\4332threzt25299.dll
c:\windows\435zdow5loader14519.ocx
c:\windows\450est59l3z0.bin
c:\windows\454zwor9704.exe
c:\windows\455dzir28579.dll
c:\windows\455o9maez.dll
c:\windows\4565spzrs91717.exe
c:\windows\4591zteal27595.bin
c:\windows\45fbsparsz999.cpl
c:\windows\46fz9parse557.bin
c:\windows\4798virzs595.cpl
c:\windows\4929addw5rez905.bin
c:\windows\49319ormz5.bin
c:\windows\49z2v591303.ocx
c:\windows\4bb7threat5494z.exe
c:\windows\4bzdow5load9r1366.cpl
c:\windows\4c99thizf5350.cpl
c:\windows\4e27szeal591.cpl
c:\windows\4e9azddware5166.cpl
c:\windows\4f45sp5rz91503.dll
c:\windows\4z03not-a-vi5us94a.cpl
c:\windows\50250worm9zf.dll
c:\windows\5042downloa9ez1756.dll
c:\windows\5080ste95z695.exe
c:\windows\51105wzrm50c9.ocx
c:\windows\515bdown9oader1929z.dll
c:\windows\51769roj6bez.cpl
c:\windows\52006spz696.exe
c:\windows\5325thr9atz01355.dll
c:\windows\5393addzare1859.cpl
c:\windows\5509adzwar92405.cpl
c:\windows\55427sp94za.cpl
c:\windows\5585h9cktool3zc.bin
c:\windows\559abackdoor16z6.bin
c:\windows\559szywa5e795.cpl
c:\windows\55az9ir2367.cpl
c:\windows\55f6z9reat5988.dll
c:\windows\55z3sp9mb5t573.dll
c:\windows\57155ownloader793z.exe
c:\windows\57679spy7zb.bin
c:\windows\57729wozm69.ocx

cruzin008
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-03
OS OS : Vista
Points Points : 27497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by cruzin008 on 5th June 2009, 2:50 am

c:\windows\57z36troj789.dll
c:\windows\5848d9wnloade52770z.dll
c:\windows\584dzac9doo5305.cpl
c:\windows\5874backdoor94z.dll
c:\windows\58bespywzr9536.cpl
c:\windows\5912steal169z.exe
c:\windows\595fsp5rse251z.exe
c:\windows\597dz9ief1504.dll
c:\windows\5991t5reat16708z.dll
c:\windows\59e5spywarz734.exe
c:\windows\59ecspaz5e1383.dll
c:\windows\5a98zhie5599.dll
c:\windows\5ab2dow9lozder16855.exe
c:\windows\5b49t59eat7364z.exe
c:\windows\5cbbviz1599.dll
c:\windows\5d16stzal5609.exe
c:\windows\5d3zad9ware1255.bin
c:\windows\5d51zp9rse59.cpl
c:\windows\5d7bac5d9orz418.bin
c:\windows\5d7thze9t11714.ocx
c:\windows\5e1zd9wnloader1816.ocx
c:\windows\5e62do9nloazer2903.bin
c:\windows\5e7zthie98415.dll
c:\windows\5e9bz5ckdoor2998.exe
c:\windows\5eb8vir5095z.exe
c:\windows\5f5zsteal1299.bin
c:\windows\5f7fspy9aze736.cpl
c:\windows\5f83sparse1981z.bin
c:\windows\5f91threat50z81.exe
c:\windows\5fb5za5kdoor2619.ocx
c:\windows\5z28worm9e75.ocx
c:\windows\5z73a5dware1954.cpl
c:\windows\5z9downloader3056.cpl
c:\windows\5za7addwa9e1506.dll
c:\windows\61075orm65z9.ocx
c:\windows\6250no59a-virus5zc.exe
c:\windows\629095ckdoor1z18.cpl
c:\windows\63b9tzief4305.bin
c:\windows\63e35pa9se5z4.exe
c:\windows\63zc9hreat5204.bin
c:\windows\6471addwarez5079.bin
c:\windows\64e6vir958z5.ocx
c:\windows\6550b9ckdoor2686z.dll
c:\windows\6564not-a-v9ru5z93.cpl
c:\windows\656fszarse30309.ocx
c:\windows\6587spazse394.cpl
c:\windows\65959rz7eb.cpl
c:\windows\660dsp9r5e1356z.ocx
c:\windows\675downzoader559.exe
c:\windows\6875bzc9door329.ocx
c:\windows\68threa514z96.cpl
c:\windows\6938s59mbzt3fe.bin
c:\windows\6955trzj7b9.dll
c:\windows\69915orm5zb.cpl
c:\windows\69e9addw5re2171z.ocx
c:\windows\6azdspars95076.cpl
c:\windows\6b4zthief9571.cpl
c:\windows\6c92tz5ef949.cpl
c:\windows\6ce95irz52.ocx
c:\windows\6cza5pa9se2344.exe
c:\windows\6dczste5l2879.cpl
c:\windows\6ez9spar5e1496.dll
c:\windows\6z1d5hief2097.dll
c:\windows\6z29addware5305.ocx
c:\windows\6z5a5hreat95335.exe
c:\windows\6zca9h5eat15836.bin
c:\windows\7011st5a9z187.cpl
c:\windows\7199th5eatz104.bin
c:\windows\71c2thz5at9555.bin
c:\windows\7255spa9se3128z.exe
c:\windows\7325ztea9940.cpl
c:\windows\7335bazkdoo91598.dll
c:\windows\74a5sp9rse2z74.exe
c:\windows\7540w9rmz7e.cpl
c:\windows\7571zac5t9ol2f7.bin
c:\windows\7599virusz0b.bin
c:\windows\7664v9rz51d2.exe
c:\windows\773cs59warez000.ocx
c:\windows\77c8ad9waz51663.bin
c:\windows\784zsparse6529.dll
c:\windows\7930w5rm90bz.cpl
c:\windows\79649zo561f.bin
c:\windows\79za5parse1011.bin
c:\windows\7a55stzal8579.exe
c:\windows\7af9zt59l2901.ocx
c:\windows\7bf5thief2z93.exe
c:\windows\7c5ad9wnloadez2228.ocx
c:\windows\7c83s5ywa9z1405.cpl
c:\windows\7d2cspar9e5z9.dll
c:\windows\7d3ad9znloader9495.ocx
c:\windows\7d5athzef15699.exe
c:\windows\7ez5hief19.cpl
c:\windows\7z005hreat295529.ocx
c:\windows\7z879p526.ocx
c:\windows\8106not-a-95ruz81.dll
c:\windows\8189w95mz6c.cpl
c:\windows\84369zt-a-v5rus2ea.dll
c:\windows\8459n9t-a-vir5s19z.dll
c:\windows\8858sp59bz.cpl
c:\windows\88959py41fz.ocx
c:\windows\895vzrus4e5.cpl
c:\windows\8z02wor9395.bin
c:\windows\8z77n5t-a-virus39f.dll
c:\windows\90409py156z.bin
c:\windows\90544wozm7be.cpl
c:\windows\91394spy15z.exe
c:\windows\91z595cktool100.exe
c:\windows\920spyzb5.bin
c:\windows\93585spz638.cpl
c:\windows\935zsteal1519.ocx

cruzin008
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-03
OS OS : Vista
Points Points : 27497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by cruzin008 on 5th June 2009, 2:50 am

c:\windows\938azd5are895.ocx
c:\windows\94172t5oj5f1z.bin
c:\windows\9433downloader2255z.exe
c:\windows\9497downzoade53245.dll
c:\windows\94ecszeal5515.bin
c:\windows\94z63spy3cf5.dll
c:\windows\951spzrse1519.dll
c:\windows\95552virusz4.cpl
c:\windows\95699not-a5zirus629.cpl
c:\windows\95758hacktool3z4.dll
c:\windows\957zh5ck9ool150.dll
c:\windows\95f3threat2151z5.exe
c:\windows\96275not-a-viruz469.cpl
c:\windows\96365roz6fc9.cpl
c:\windows\964fzownloa5er601.cpl
c:\windows\96525tzoj5335.cpl
c:\windows\9765worz967.dll
c:\windows\98426spamzote55.dll
c:\windows\98546troz34c.cpl
c:\windows\989285pyz57.bin
c:\windows\98a6downlo5derz084.exe
c:\windows\98bz5r1963.cpl
c:\windows\98z0sp5rse1695.ocx
c:\windows\99805orm92z.bin
c:\windows\9995spy5b9z.dll
c:\windows\99a1bzckdoor24435.exe
c:\windows\99z5steal26985.dll
c:\windows\9a0zsparse6995.cpl
c:\windows\9a87backzoor1585.ocx
c:\windows\9bcs5yware156z.exe
c:\windows\9f7vir2759z.cpl
c:\windows\9z5525orm157.cpl
c:\windows\9z739irus635.cpl
c:\windows\9z851worm58b5.dll
c:\windows\a689zief1506.cpl
c:\windows\b5szyware1690.cpl
c:\windows\b64thief5419z.cpl
c:\windows\c39thr5at282z.ocx
c:\windows\d41backdo9r55z.ocx
c:\windows\ea4addwa9e50z.bin
c:\windows\ef9downzo9der21165.ocx
c:\windows\f51spyzare979.dll
c:\windows\ffaaddwa9e264z5.dll
c:\windows\system32\1019vir1z5.dll
c:\windows\system32\103279pz615.bin
c:\windows\system32\10750szam5otf9.bin
c:\windows\system32\10825zorm29c9.ocx
c:\windows\system32\1094wor539z.dll
c:\windows\system32\109cspywa5e21z3.dll
c:\windows\system32\10e75h9eat21z12.ocx
c:\windows\system32\10z71v5rus1d19.ocx
c:\windows\system32\11172t5oz93b.bin
c:\windows\system32\11244s5ambo937z.bin
c:\windows\system32\11502hac5t9zl69c.exe
c:\windows\system32\116439zru579c.cpl
c:\windows\system32\1194wozm557.exe
c:\windows\system32\1240sp5waze799.bin
c:\windows\system32\12579szy71d.exe
c:\windows\system32\12581hacktool4z9.cpl
c:\windows\system32\1270wzr96905.exe
c:\windows\system32\12z67spa9bot405.cpl
c:\windows\system32\13032s5ambo929dz.cpl
c:\windows\system32\1351do9nzoader1250.ocx
c:\windows\system32\13597spyz1d.dll
c:\windows\system32\1359zirus9d5.ocx
c:\windows\system32\13902worm1z59.cpl
c:\windows\system32\13957trzjaf.dll
c:\windows\system32\13z15troj199.cpl
c:\windows\system32\14082ha5ktoo91fz.exe
c:\windows\system32\142155ot-a-v9ruz2fc.dll
c:\windows\system32\14694spy549z.cpl
c:\windows\system32\14749hreatz6511.exe
c:\windows\system32\14772spambo5z90.dll
c:\windows\system32\1479zv5r9s159.bin
c:\windows\system32\148zvi95775.dll
c:\windows\system32\1496ha5ktoolzf9.dll
c:\windows\system32\14fat5zea915539.cpl
c:\windows\system32\15009sp927bz.cpl
c:\windows\system32\1513downzoa5er2699.bin
c:\windows\system32\15271worm95z.bin
c:\windows\system32\15297worm57dz.bin
c:\windows\system32\15376sp92fcz.cpl
c:\windows\system32\15585hzck5oo986.ocx
c:\windows\system32\15895z5rm10b.exe
c:\windows\system32\15925hazktool40f.ocx
c:\windows\system32\15999trojz5.dll
c:\windows\system32\16212z5o9517.bin
c:\windows\system32\16699iru531bz.exe
c:\windows\system32\17282zot9a5virus51c.dll
c:\windows\system32\17320spazb5t209.cpl
c:\windows\system32\17436not-a-v5ruz4f79.cpl
c:\windows\system32\1747z9o5-a-virus14d.bin
c:\windows\system32\17594zac9tool6125.bin
c:\windows\system32\175z9parse1010.cpl
c:\windows\system32\17z14sp95e5.ocx
c:\windows\system32\18395not-a-virus472z.dll
c:\windows\system32\1850downloaderz993.ocx
c:\windows\system32\18605vzrus39.cpl
c:\windows\system32\18758nzt-a5virus749.cpl
c:\windows\system32\18840spambo5zb99.cpl
c:\windows\system32\18898zot-a-virus235.exe
c:\windows\system32\1889hack9oo5612z.cpl
c:\windows\system32\1897395t-z-virusa1.dll
c:\windows\system32\1910859oj414z.dll
c:\windows\system32\1945troj45z.dll
c:\windows\system32\197z1no5-a-9irus5e8.cpl
c:\windows\system32\199d5zreat30058.bin
c:\windows\system32\19fspywa591z03.exe
c:\windows\system32\19z20not-a-virus519.dll
c:\windows\system32\1a53spar5e1z639.cpl
c:\windows\system32\1adz9ackdoor3568.exe
c:\windows\system32\1bf39teal5209z.ocx
c:\windows\system32\1c4es9eaz3156.dll
c:\windows\system32\1e13sp59sz1563.ocx
c:\windows\system32\1e43z5i9f8.bin
c:\windows\system32\1ez35ir7769.dll
c:\windows\system32\1fbz5ackdoor9244.exe
c:\windows\system32\1z369spy5e7.ocx
c:\windows\system32\1z70stea92545.cpl
c:\windows\system32\1zf4downloader5792.ocx
c:\windows\system32\20569worm6zb.cpl
c:\windows\system32\2082zpyw9re19085.bin
c:\windows\system32\209z0h5cktoo9702.ocx
c:\windows\system32\21845worm59z.exe
c:\windows\system32\21z009ir5sd5.dll
c:\windows\system32\21z3s9arse1575.ocx
c:\windows\system32\22229szy15a.ocx
c:\windows\system32\22319sp52zd.cpl
c:\windows\system32\22615s5z9bot36f.bin
c:\windows\system32\22696spamzot354.ocx
c:\windows\system32\22754noz-a-5irus995.bin
c:\windows\system32\2291zt5oj469.cpl
c:\windows\system32\2299add5a9z3055.dll
c:\windows\system32\22b9thze92550.cpl
c:\windows\system32\22f7spywar5z959.dll
c:\windows\system32\23035vizus904.cpl
c:\windows\system32\2365zhief914.cpl
c:\windows\system32\2436z5ot-a-v9rus6fe.ocx
c:\windows\system32\246z75py4829.ocx
c:\windows\system32\24a89a5kdoorz461.ocx
c:\windows\system32\24e3viz5059.dll
c:\windows\system32\25095zroj7e9.exe
c:\windows\system32\2529zp54bf.dll
c:\windows\system32\252ddownloadez9669.cpl
c:\windows\system32\25329hreat2z327.ocx
c:\windows\system32\25522spambo95bz5.ocx
c:\windows\system32\2561steal9z70.ocx
c:\windows\system32\2575vi5305z9.ocx
c:\windows\system32\25785hacktool291z.ocx
c:\windows\system32\25aaspyware4z9.ocx
c:\windows\system32\25c7sparze3298.ocx
c:\windows\system32\263z9hack5o9l49b.exe
c:\windows\system32\26513spambzt95f.cpl
c:\windows\system32\265589pazbot177.ocx
c:\windows\system32\2667zhac9tool68d5.exe
c:\windows\system32\26976hacktozl5c8.ocx
c:\windows\system32\26989no9-a-virus785z.dll
c:\windows\system32\274265pambot9az.cpl
c:\windows\system32\27754worzf39.cpl
c:\windows\system32\27d7zownl5ad9r2794.ocx
c:\windows\system32\2819downl5zder2922.cpl
c:\windows\system32\28519tr5j37ez.exe
c:\windows\system32\288835ot-z-virus57e9.cpl
c:\windows\system32\28965s95mboz170.bin
c:\windows\system32\292059zambot7cf5.bin
c:\windows\system32\2938thief592z.exe
c:\windows\system32\293zvi52419.exe
c:\windows\system32\2950bac5door709z.exe
c:\windows\system32\29875ddwaze632.ocx
c:\windows\system32\29975hac5zoo92.cpl
c:\windows\system32\2aa7downlozde9215.dll
c:\windows\system32\2z102spy7495.cpl
c:\windows\system32\2zas9eal25145.bin
c:\windows\system32\305435acktool2c9z.exe
c:\windows\system32\3083z95rus529.bin
c:\windows\system32\3087z9roj2fc5.ocx
c:\windows\system32\31085s9azbot63c.bin
c:\windows\system32\31133n5t-a-viru92z.ocx
c:\windows\system32\31340no5-a9virus5a3z.bin
c:\windows\system32\3206t5oj9z2.ocx
c:\windows\system32\320baddwzre11995.bin
c:\windows\system32\321a5ddwzre30439.dll
c:\windows\system32\32339wozm9095.cpl
c:\windows\system32\32564spazbo95905.dll
c:\windows\system32\32632zp5mbot75f9.bin
c:\windows\system32\32697not95-virus39z.bin
c:\windows\system32\32a5dowz9oader1993.bin
c:\windows\system32\33a55ddware97z.bin
c:\windows\system32\3509ba5kdoorz77.dll
c:\windows\system32\350aazdware6859.bin
c:\windows\system32\35czdownloader25239.ocx
c:\windows\system32\35f1thzea93599.dll
c:\windows\system32\3726vzru5249.dll
c:\windows\system32\3745spywarez93.ocx
c:\windows\system32\3759addwarez843.ocx
c:\windows\system32\3855sparse192z.bin
c:\windows\system32\38a6baczdoo51591.cpl
c:\windows\system32\3997downloader9z935.bin
c:\windows\system32\3aa5vir9z99.dll
c:\windows\system32\3cb4szar9e6865.ocx
c:\windows\system32\3d1595wzloader545.bin
c:\windows\system32\3d589parse393z.dll
c:\windows\system32\3d98s5azs9278.exe
c:\windows\system32\3de4a5dwarez9.cpl
c:\windows\system32\3e93backdoor5z93.bin
c:\windows\system32\3ebcadd5aze9233.exe
c:\windows\system32\3z1fbackd5or1309.cpl
c:\windows\system32\3z5cstea92043.cpl
c:\windows\system32\3z78not-a-vi95s14d.dll
c:\windows\system32\40bzb9ckdoor1925.bin
c:\windows\system32\40c8dowz59ader833.cpl
c:\windows\system32\4125trzj986.bin
c:\windows\system32\4413not-9zv5rusd8.ocx
c:\windows\system32\4493s5yware1z07.ocx
c:\windows\system32\44trzjc95.bin
c:\windows\system32\4519spambot4dz9.cpl
c:\windows\system32\457c9ir2z73.exe
c:\windows\system32\462ft9reat1z458.ocx
c:\windows\system32\463adow9loa5ez823.ocx
c:\windows\system32\4909backdzor29465.cpl
c:\windows\system32\491cbackdoor1955z.bin
c:\windows\system32\4958sza9se890.ocx
c:\windows\system32\4966addw5rz2959.cpl
c:\windows\system32\498ethief5z0.exe
c:\windows\system32\49z5steal2990.exe
c:\windows\system32\4d14addw5re157z9.bin
c:\windows\system32\4fd9zhief1905.ocx
c:\windows\system32\4z45thief579.exe
c:\windows\system32\50059ackdoorz125.exe
c:\windows\system32\501zvir9se5.dll
c:\windows\system32\5086w9rmz12.exe
c:\windows\system32\5095troz6995.exe
c:\windows\system32\50999not-a-virzs1d6.cpl
c:\windows\system32\50dzb59kdoor1469.exe
c:\windows\system32\5118zpam59t340.bin
c:\windows\system32\5153t9reatz8915.ocx
c:\windows\system32\51c7spy9zre2132.exe
c:\windows\system32\5202hackt5ol793z.cpl
c:\windows\system32\52259z9oj19a.cpl
c:\windows\system32\5260ztroj699.ocx
c:\windows\system32\52620noz-a-9irus49e.ocx
c:\windows\system32\52e0st5az3959.cpl
c:\windows\system32\530fthzef29599.dll
c:\windows\system32\53580vi9us17z.exe
c:\windows\system32\53598hzcktool7d3.ocx
c:\windows\system32\53599zr3225.bin
c:\windows\system32\53952spa9zotc9.cpl
c:\windows\system32\53dbspzware15569.cpl
c:\windows\system32\5419szy70c.exe
c:\windows\system32\5456ad9wzre2452.ocx
c:\windows\system32\549spywa9e161z.bin
c:\windows\system32\55579virus24ez.exe
c:\windows\system32\5559pambotfz.bin
c:\windows\system32\5564downloade926z.exe
c:\windows\system32\55770v9rus51z.cpl
c:\windows\system32\55afthzeat38999.ocx
c:\windows\system32\55b9spa9se2z28.bin
c:\windows\system32\562et9iez1588.bin
c:\windows\system32\56f7add9zre540.dll
c:\windows\system32\56z3vi931045.cpl
c:\windows\system32\57292tr9j4z.exe
c:\windows\system32\577dzackd9or2331.cpl
c:\windows\system32\5897zpy52e9.dll
c:\windows\system32\5909steal501z.bin
c:\windows\system32\59180spz509.cpl
c:\windows\system32\5938spambot1z9.exe
c:\windows\system32\59649trojza5.ocx
c:\windows\system32\5969spar5e1055z.bin
c:\windows\system32\596bthiefz820.cpl
c:\windows\system32\596z9teal1605.ocx
c:\windows\system32\59addware1656z.exe
c:\windows\system32\59bbz5dware922.bin
c:\windows\system32\59d3szarse1017.exe
c:\windows\system32\59fzstea52444.bin
c:\windows\system32\5a0cdownlzader1492.ocx
c:\windows\system32\5a1d95arsz972.dll
c:\windows\system32\5a1sp5zse629.dll

cruzin008
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-03
OS OS : Vista
Points Points : 27497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by cruzin008 on 5th June 2009, 2:51 am

c:\windows\system32\5a57spywarz2095.ocx
c:\windows\system32\5aa9thrz5t7973.dll
c:\windows\system32\5aathi591z56.ocx
c:\windows\system32\5af6downl95dzr1423.ocx
c:\windows\system32\5b1bbz9kdoo557.exe
c:\windows\system32\5b89hzef524.bin
c:\windows\system32\5bz7back5oor2239.dll
c:\windows\system32\5ce9a5dwar9z529.ocx
c:\windows\system32\5d0dadzwar91519.ocx
c:\windows\system32\5d39vzr2596.dll
c:\windows\system32\5d98tzief3297.ocx
c:\windows\system32\5dfaz5eal695.dll
c:\windows\system32\5e82bacz9oor5558.ocx
c:\windows\system32\5e9at5izf2266.dll
c:\windows\system32\5f0adow9loader3z91.bin
c:\windows\system32\5f7csp9war52402z.ocx
c:\windows\system32\5z56thr9at59992.bin
c:\windows\system32\5z99t5ie91211.dll
c:\windows\system32\5zathi9f1407.dll
c:\windows\system32\5zeevir15839.cpl
c:\windows\system32\62z1v953056.cpl
c:\windows\system32\6349n9t-a-virus55z.ocx
c:\windows\system32\6353vzr2947.dll
c:\windows\system32\6459thiez1250.exe
c:\windows\system32\6490do5nloazer3107.dll
c:\windows\system32\649av5r2131z.cpl
c:\windows\system32\64e5zteal2893.ocx
c:\windows\system32\6577d9wnloadzr1886.ocx
c:\windows\system32\6759not-a-vir9szb35.ocx
c:\windows\system32\689cspz5se290.ocx
c:\windows\system32\69189ackzoor2865.dll
c:\windows\system32\6929szea51296.bin
c:\windows\system32\692thief2572z.exe
c:\windows\system32\6968zot5a-virus189.ocx
c:\windows\system32\698zvi9530.cpl
c:\windows\system32\69f8spyware5325z.cpl
c:\windows\system32\69zcspywa5e2149.ocx
c:\windows\system32\6c0zback9oor520.dll
c:\windows\system32\6d09addwar519z9.ocx
c:\windows\system32\6d66thi5z9743.dll
c:\windows\system32\6dbc9hiefz524.dll
c:\windows\system32\6f40zpy59re1117.cpl
c:\windows\system32\714959yzcb.exe
c:\windows\system32\715zs9arse1557.bin
c:\windows\system32\729zvi9995.exe
c:\windows\system32\750spam9otza9.exe
c:\windows\system32\7550backdozr359.bin
c:\windows\system32\76dz9parse5932.bin
c:\windows\system32\77z9ir19145.exe
c:\windows\system32\7998vir2295z.dll
c:\windows\system32\79c6tzi5f1569.exe
c:\windows\system32\7bz79d5ware2170.cpl
c:\windows\system32\7c39backdozr5956.ocx
c:\windows\system32\7efs5ezl9552.exe
c:\windows\system32\7f0edoznload5r17989.exe
c:\windows\system32\7z665teal2290.cpl
c:\windows\system32\7z7espars516819.bin
c:\windows\system32\8510sp5mbot3zd9.ocx
c:\windows\system32\851vizus97.bin
c:\windows\system32\859znot-a-virus2a4.bin
c:\windows\system32\85z8spy698.exe
c:\windows\system32\877addw9rz1165.ocx
c:\windows\system32\904e5ir2z80.exe
c:\windows\system32\90737hack5oolzc1.dll
c:\windows\system32\90929sp5mbzt22a.bin
c:\windows\system32\9095z9y14d5.cpl
c:\windows\system32\90zvi52764.ocx
c:\windows\system32\9140spy356z.exe
c:\windows\system32\9142s5ezl1935.bin
c:\windows\system32\914viz5059.dll
c:\windows\system32\9151tzief2145.ocx
c:\windows\system32\9245spazbot516.cpl
c:\windows\system32\93435ir134z.bin
c:\windows\system32\94455szambot5f7.cpl
c:\windows\system32\9494spa5se2z69.exe
c:\windows\system32\94f9vir3z55.bin
c:\windows\system32\9504sp5rze2647.exe
c:\windows\system32\95922wormzb5.ocx
c:\windows\system32\9592troz7a1.bin
c:\windows\system32\95z7vir232.ocx
c:\windows\system32\95zcsteal105.bin
c:\windows\system32\9680z5rm3a49.ocx
c:\windows\system32\969vir1z50.ocx
c:\windows\system32\98558zirus51b.dll
c:\windows\system32\9a135irz26.dll
c:\windows\system32\9b2aaddware2354z.exe
c:\windows\system32\9c55backdozr2421.dll
c:\windows\system32\9e01thzeat51924.bin
c:\windows\system32\9ef0downlozder21965.ocx
c:\windows\system32\9fz45pyware347.dll
c:\windows\system32\9z515troj3a1.dll
c:\windows\system32\a8c5ddw9re74z.exe
c:\windows\system32\a965h9ezt30827.exe
c:\windows\system32\ad95tea9304z.ocx
c:\windows\system32\c5zv9r2607.cpl
c:\windows\system32\d119hief1056z.bin
c:\windows\system32\d56thie912z6.exe
c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
c:\windows\system32\e0threzt155119.dll
c:\windows\system32\e94steaz3059.dll
c:\windows\system32\ec5tzr5at10209.bin
c:\windows\system32\ecedz5nloader9953.ocx
c:\windows\system32\fa5spy9arz254.bin
c:\windows\system32\setup2.exe
c:\windows\system32\z0924hac9tool365.dll
c:\windows\system32\z150thief32479.ocx
c:\windows\system32\z17549pambot554.cpl
c:\windows\system32\z1c09teal519.ocx
c:\windows\system32\z256thre9t20952.exe
c:\windows\system32\z445s9eal914.exe
c:\windows\system32\z48thi9f503.cpl
c:\windows\system32\z5519spy175.dll
c:\windows\system32\z55spyware2985.cpl
c:\windows\system32\z5779teal1505.cpl
c:\windows\system32\z719backdoor15535.ocx
c:\windows\system32\z75tr9j558.bin
c:\windows\system32\z8807worm4995.bin
c:\windows\system32\z934thi5f1634.dll
c:\windows\system32\z951spam5ot395.ocx
c:\windows\system32\z98535py6c0.exe
c:\windows\system32\za95vir3151.cpl
c:\windows\system32\zb45sparse9646.dll
c:\windows\system32\ze4spa5s92472.ocx
c:\windows\system32\zf1av9r651.dll
c:\windows\z025ba5k9oor1415.exe
c:\windows\z03935py5c.exe
c:\windows\z0485hack5ool90c.ocx
c:\windows\z06as59rse2165.bin
c:\windows\z0965hacktoo540e.bin
c:\windows\z15969roj6b25.exe
c:\windows\z1903vir9s635.exe
c:\windows\z19hackto5lc9.bin
c:\windows\z1a5dd9are315.exe
c:\windows\z3315troj5a9.exe
c:\windows\z3341w95m4a9.dll
c:\windows\z4953sp95a.exe
c:\windows\z5173spy1b9.bin
c:\windows\z588steal19649.bin
c:\windows\z6584ha9kt5ol7e2.exe
c:\windows\z668s5amb9t592.dll
c:\windows\z699roj485.bin
c:\windows\z7301s593c1.dll
c:\windows\z747sp5759.ocx
c:\windows\z751backdoo914865.dll
c:\windows\z859steal2854.cpl
c:\windows\z9324spambot354.bin
c:\windows\z935spy1cd.bin
c:\windows\z958spars9959.bin
c:\windows\z99as5arse164.dll
c:\windows\zcc0s95al2241.cpl
c:\windows\zd09teal3530.ocx
c:\windows\zd0espy9ar51097.dll
c:\windows\zde9threat6952.cpl
c:\windows\zf29spyware18205.cpl
c:\windows\zfe9ad9war5977.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.

2009-06-05 02:00 . 2009-06-05 02:20 -------- d-s---w- \Combo-Fix
2009-06-05 01:48 . 2009-06-05 02:00 -------- d-----w- \Qoobox
2009-06-05 01:39 . 2009-06-05 01:40 -------- d-----w- C:\MGtools
2009-06-05 01:39 . 2009-06-05 01:40 -------- d-----w- \MGtools
2009-06-05 01:09 . 2009-06-05 01:16 3219193856 --sha-w- \hiberfil.sys
2009-06-04 21:31 . 2009-06-04 21:31 -------- d-----w- c:\program files\Trend Micro
2009-06-03 23:31 . 2009-06-03 23:31 -------- d-----w- c:\users\Jennifer\AppData\Roaming\Malwarebytes
2009-06-03 23:31 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 23:31 . 2009-06-03 23:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 23:31 . 2009-06-03 23:31 -------- d-----w- c:\programdata\Malwarebytes
2009-06-03 23:31 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 01:30 . 2009-06-03 01:30 10802 ----a-w- c:\windows\11663za5kto9ld.bin
2009-06-03 01:30 . 2009-06-03 01:30 -------- d-----w- c:\program files\WinBlueSoft Software
2009-05-23 13:52 . 2009-05-23 13:52 319488 ----a-w- c:\users\Jennifer\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 02:18 . 2008-12-05 16:32 -------- d-----w- c:\users\Jennifer\AppData\Roaming\DNA
2009-06-05 01:17 . 2008-11-09 18:11 42524 ----a-w- c:\programdata\nvModes.dat
2009-06-05 01:16 . 2009-06-05 01:09 3219193856 --sha-w- \hiberfil.sys
2009-06-05 01:16 . 2008-05-09 05:03 3533000704 --sha-w- \pagefile.sys
2009-06-05 01:15 . 2008-05-08 21:39 2484 ----a-w- c:\windows\bthservsdp.dat
2009-06-05 01:12 . 2008-12-05 16:32 -------- d-----w- c:\program files\DNA
2009-06-04 21:02 . 2009-04-09 00:41 1356 ----a-w- c:\users\Jennifer\AppData\Local\d3d9caps.dat
2009-06-03 01:39 . 2008-05-08 22:24 -------- d-----w- c:\programdata\NVIDIA
2009-06-03 01:29 . 2008-12-06 16:54 -------- d-----w- c:\users\Jennifer\AppData\Roaming\BitTorrent
2009-05-25 04:58 . 2008-08-18 05:17 -------- d-----w- c:\users\Jennifer\AppData\Roaming\dvdcss
2009-05-13 12:42 . 2008-06-13 10:39 -------- d-----w- c:\programdata\Microsoft Help
2009-05-13 12:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-04-19 19:26 . 2009-04-19 19:26 -------- d-----w- c:\programdata\UIB
2009-04-14 09:56 . 2006-11-02 06:25 10 --sh--r- \config.sys
2009-04-11 15:16 . 2008-09-05 21:32 -------- d-----w- c:\program files\Sun
2009-04-11 08:50 . 2009-04-11 08:50 -------- d-----w- c:\users\Jennifer\AppData\Roaming\MaxiMenu-wizard.FDF52E4825EE6977D882DB325B1D78AE0E5DF3CF.1
2009-04-11 08:48 . 2009-04-11 08:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-11 08:47 . 2009-04-11 08:48 38208 ----a-w- c:\users\Jennifer\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-04-10 01:50 . 2009-04-10 01:50 -------- d-----w- c:\program files\CDisplay
2009-03-24 23:33 . 2009-03-24 23:33 237264 ----a-w- c:\users\Jennifer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-03-17 03:38 . 2009-04-17 00:51 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 00:51 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-09 10:19 . 2008-12-15 02:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-04-01 15:52 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-01 15:53 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-01 15:53 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-01 15:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-01 15:52 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-01 15:52 132608 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-01 15:52 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-01 15:52 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-01 15:52 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-01 15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-01 15:53 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-01 15:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-01 15:53 66560 ----a-w- c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-01 15:52 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-01 15:53 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-01 15:53 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-01 15:52 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-01 15:53 156160 ----a-w- c:\windows\system32\msls31.dll
2008-05-08 22:00 . 2008-05-08 22:00 74 --sh--r- c:\windows\CT4CET.bin
2008-05-09 05:26 . 2008-05-09 05:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

cruzin008
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-03
OS OS : Vista
Points Points : 27497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by cruzin008 on 5th June 2009, 2:53 am

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 17:43 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 17:43 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"googletalk"="c:\users\Jennifer\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"BitTorrent DNA"="c:\users\Jennifer\Program Files\DNA\btdna.exe" [2008-12-18 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-09 96800]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-8 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-10-10 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 17:34 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6025C9DF-2A40-4BBD-9D82-35FE73B83083}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{A02F13E9-388D-44BF-8224-9BB8E048FA88}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{DAEF58AB-3E8D-4BCE-A2FD-9D0B332193E3}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{8576F54C-124E-40F0-9B5C-7A33528EAA47}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{F1E1C9BF-994D-4B22-9BC1-234A67F534E4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5ED5F912-3D8C-4E31-B291-0EA3E7168731}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AA1C157A-1B4D-49EA-9024-E5F969965FFE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{65568386-45B5-4D7E-A067-C3EA56D45600}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9AFD2BC9-EC2A-4BC4-968D-674946758A20}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{65874513-BCEF-4594-8B66-E18824EFE0FF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{42B82AF1-7784-4C05-BFF3-E9F84A1DB0BA}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{A94DF739-5DE2-4C6A-B793-BDA62443AA7E}c:\\program files\\java\\jre1.6.0_07\\bin\\java.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{15E14228-7529-4843-8601-066278EE1B62}c:\\program files\\java\\jre1.6.0_07\\bin\\java.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{120A4670-CA8C-4A4B-8688-490A12F77F8A}c:\\program files\\java\\jdk1.6.0_07\\bin\\java.exe"= UDP:c:\program files\java\jdk1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{6B0B09B0-66BC-4406-800D-A7682620EBAE}c:\\program files\\java\\jdk1.6.0_07\\bin\\java.exe"= TCP:c:\program files\java\jdk1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"{8D0D7F93-E1BC-4880-A90E-F67C7454620B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F4CE3D80-B895-4928-8DCF-0DF44631B977}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F2A222F7-CF0C-495D-A92D-6117690F4FFC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{12E660B1-03AF-4B3D-8F7D-1DE756917CE5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2DDF2B46-50ED-472B-BEAC-C2330ED368D5}"= UDP:c:\python25\python.exe:python
"{35EF3664-4FAF-47B2-9F6A-2B44992C1357}"= TCP:c:\python25\python.exe:python
"{4D4BB954-7ACE-44EE-A454-47362EC4C30A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{42781BA3-A662-434C-A993-B6904DE2BBC8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F2059D2A-1BA2-4D3F-BCC2-6642D5E5D46C}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{71591A39-64F9-4D93-ADD2-A8B1F810E707}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A4B83014-48CE-478E-B076-40C41CB1F62D}"= UDP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{3CBA0233-A85B-4145-8484-FF1E894E1AB4}"= TCP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{7B2198F3-CDCD-4752-B504-35F5E5378015}"= UDP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{03414F46-B5D4-4B1B-BBF3-21125206333A}"= TCP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{A47E619D-AC95-431D-B026-56A12A5241C3}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{428D0CB1-2DFC-44F0-A28F-501AAE915935}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{BEDAD5E9-101C-4561-84A2-7022D364A470}c:\\java\\jre6\\bin\\java.exe"= UDP:c:\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{4E02348E-EDB6-453A-BE0C-8F3C5B38ED69}c:\\java\\jre6\\bin\\java.exe"= TCP:c:\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{63E20E1F-54ED-4B87-A756-D4854A86FB99}c:\\java\\jdk1.6.0_12\\bin\\java.exe"= UDP:c:\java\jdk1.6.0_12\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{B5B658F5-2DE4-4241-BBD6-F75DA89AA802}c:\\java\\jdk1.6.0_12\\bin\\java.exe"= TCP:c:\java\jdk1.6.0_12\bin\java.exe:Java(TM) Platform SE binary
"{B2B2A6FE-BA05-4446-8BD8-04229CA2E6AB}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{17FB7C00-D6C0-4AC4-A80F-3C47B4D0C4D6}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{7CB6CCDA-4F68-40BA-9BF5-4DD157397545}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{A379A8F8-E200-4D21-909D-307D416F56E4}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

cruzin008
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-03
OS OS : Vista
Points Points : 27497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by cruzin008 on 5th June 2009, 2:53 am

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [08-05-2008 17:38 73728]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [09-05-2008 01:31 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [09-05-2008 01:31 7424]
S3 acfva;acfva;c:\windows\System32\drivers\ACFVA32.sys [09-05-2008 01:31 86656]
S3 dgcfltr;DGC Filter Driver;c:\windows\System32\drivers\ACFDCP32.sys [02-10-2008 09:31 28800]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [21-08-2008 22:52 31592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [03-06-2009 19:31 40160]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [09-05-2008 01:32 209408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648109016-2927722406-4171585430-1000.job
- c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 05:47]

2009-06-05 c:\windows\Tasks\User_Feed_Synchronization-{846C903F-7050-4808-B037-3BE14318C174}.job
- c:\windows\system32\msfeedssync.exe [2009-04-01 11:31]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\h6rpqrx9.default\
FF - plugin: c:\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Jennifer\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\Jennifer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Jennifer\Program Files\DNA\plugins\npbtdna.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-04 22:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000008785070484EEA4DE38 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2009-06-05 22:25
ComboFix-quarantined-files.txt 2009-06-05 02:25

Pre-Run: 165,955,612,672 bytes free
Post-Run: 167,245,066,240 bytes free

1017 --- E O F --- 2009-06-05 01:43

cruzin008
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-03
OS OS : Vista
Points Points : 27497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by cruzin008 on 5th June 2009, 2:54 am

thanks in advance

cruzin008
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-03
OS OS : Vista
Points Points : 27497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by Belahzur on 5th June 2009, 8:45 am

Hello.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\11663za5kto9ld.bin

Folder::
c:\program files\WinBlueSoft Software
c:\users\Jennifer\AppData\Roaming\DNA
c:\users\Jennifer\AppData\Roaming\BitTorrent

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by cruzin008 on 6th June 2009, 6:16 am

Hi Belahzur,
my log now is:-

ComboFix 09-06-05.07 - Jennifer 06-06-2009 1:50.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.91.1033.18.3069.1918 [GMT -4:00]
Running from: c:\users\Jennifer\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Jennifer\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\11663za5kto9ld.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinBlueSoft Software
c:\program files\WinBlueSoft Software\WinBlueSoft\main_config.xml
c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
c:\users\Jennifer\AppData\Roaming\BitTorrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\((CHRISTIAN MUSIC)PT) I Can Only Imagine - Ultimate Power Anthems Of The Christian Faith.1.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\((CHRISTIAN MUSIC)PT) I Can Only Imagine - Ultimate Power Anthems Of The Christian Faith.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\((CHRISTIAN MUSIC)PT) Newsboys - Go.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\((CHRISTIAN MUSIC)PT) Wow Hits 2007.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\(Audio Book) Arthur Golden - Memoirs of a Geisha (Unabridged).torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\(TMS) A History of Ancient Greece by Eric H. Cline.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\[DJ ICEMOON] 045 [HOUSE ELECTRO] 07.DEZ.08 [SE].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\[DJ ICEMOON] 070 [HOUSE DANCE TRIBAL GHETTO ELECTRO] 25.MAR.09 [SE].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\[Video Tutorial] Learn to play songs by ear never need sheet music again No prior knowledge needed..torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\03-27-09 Hip Hop Singles Djleak.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\100 Great 90's Commercial Dance and Techno Tunes.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\100 Greatest TV Themes.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\100 Years Of Cinema Music.1.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\100 Years Of Cinema Music.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\101 Trance Anthems 2008 6 CD.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\16 Children's Classics and Award Winners.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\2000-2006 Trance Singles (204 Tracks).torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\4 in a Field - Stand-up Comedy from the Glastonbury Festival - BBC Radio - cheops.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\8 Mile.avi.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\80's Movie Hits.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\A Briefer History of Time (Stephen Hawking) [NF].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\A Short History of Nearly Everything (Bill Bryson).torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\A Walk To Remember.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\albums.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\AmazingGrace.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Amity Shlaes.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Andrew Taylor - A Plum in Your Mouth.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Arabian Moods Instrumental.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Asian Hip-Hop+Dance Remixes R&B-Bhangra 2000-2009-XPLOSiON.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Atlas Shrugged.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Attacking Anxiety and Depression [Midwest Center for Stress and Anxiety].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Audio Books - Ten Minute Deep Relaxation.mp3.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Barack Obama - Dreams from my father.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Bee Movie[2007]DvDrip[Eng]-FXG.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Best Of March 09 - DG-Lito!.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Beyond Positive Thinking.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Bible, New Testament, The Gospels; Matthew, Mark, Luke, John [h33t][spooner].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Brian Tracy - Accelerated Learning Techniques.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Brian Tracy - Focal Point.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Brian Tracy - Make a Million.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Brian Tracy - Psychology of Achievement & Success.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\building a website with flash.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\C.S. Lewis - Mere Christianity.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Cafe Del Shtef - The Best.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Catch.Me.If.You.Can[ENG][DVDRip].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\CD1.Instrumental Music Best world s hits.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Charles Darwin - A Life.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Charles Darwin - The Origin of Species.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Charles Dickens - David Copperfield.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Charles Dickens - Three Short Stories.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Chris Taylor - Take Me Anywhere [2008].torrent

cruzin008
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-03
OS OS : Vista
Points Points : 27497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by cruzin008 on 6th June 2009, 6:17 am

c:\users\Jennifer\AppData\Roaming\BitTorrent\Chris Tomlin - 3 Albums.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Christmas Collection.1.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Christmas Collection.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Classic Christmas Movie & Animation MegaPack [ENG] AVI.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Clubland Xtreme Hardcore 5.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Dalai Lama-How to See Yourself as You Really Are.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Dance Pe Chance (Rab Ne Bana Di Jodi).torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Days of Thunder(1990DvDrip).AVI.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\dht.dat
c:\users\Jennifer\AppData\Roaming\BitTorrent\dht.dat.old
c:\users\Jennifer\AppData\Roaming\BitTorrent\Disney Greatest Love Songs (2008) - Zz.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Disney Movies Complete Collection and Pixar Classic Movies some Extra Movies.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\DJ Maxim - Energy.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\DJ NASTY EFX - Bashment Blends 2008.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Dostana ~ 2008 ~1 CD Rip ~ Xvid ~ AC3 [Team DNR].avi.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Finding.Nemo[2003]DvDrip[Eng]-CIA.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Hancock 2008.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Heartbeat-Greatest Love Songs - 2cds.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Hindi1.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\James Bond Quantum of Solace TS XviD Full English Audio_Sync Fixed v2 - Lynks.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Jim Reeves - 12 Songs Of Christmas.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Jim Reeves - A Christmas Star.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Jim Reeves - Don't Let me Cross Over.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Jim Reeves & Patsy Cline - Greatest Hits.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Keith Green.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Love actually (2003) [English]-MrLore.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\MADAGASCAR -ESCAPE 2 AFRICA@KIDZCORNER DVDRIP[ENG].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\MADAGASCAR 2.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Marco Polo - The Travels of Marco Polo (trans. by Thomas Wright) [3849] - yEnc Marco Polo - The Travels of Marco Polo (trans. by Thomas Wright).torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Mere Christianity - C. S. Lewis.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\MereChristianitybyCSLewis.pdf.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Michael Card.1.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Michael Card.2.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Michael Card.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Mr And Mrs Smith 2005 Xvid DVDRip [Eng] Multi Subs.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Naser Cheshmazar - Barane Eshgh (Rain of love).torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\New Folder.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\resume.dat
c:\users\Jennifer\AppData\Roaming\BitTorrent\resume.dat.old
c:\users\Jennifer\AppData\Roaming\BitTorrent\RnB Love Songs 2009 - Various(split tracks+covers).torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\rss.dat
c:\users\Jennifer\AppData\Roaming\BitTorrent\rss.dat.old
c:\users\Jennifer\AppData\Roaming\BitTorrent\Scripture songs.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\settings.dat
c:\users\Jennifer\AppData\Roaming\BitTorrent\settings.dat.old
c:\users\Jennifer\AppData\Roaming\BitTorrent\Speed Racer[2008]DvDrip[Eng]-FXG.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\SPIRIT[STALLION OF THE CIMARRON[DVDRIP][ENG]-kidscorner&J.T.R.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Spy Game Collector's Edition 2001 DvDrip[Eng]-greenbud1969.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Taare Zameen Par[2007]DvDrip[Hindi].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Terminator - Salvation [2009] [Eng] DvDrip.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\The All Time greatest Love Songs.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\The Basketball Diaries.avi.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\The Departed.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\The Passion of the Christ.avi.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\The Shawshank Redemption[1994]DvDrip[Eng]-FXG.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\The ultimate electro house set Bhaskar422 kicks ass.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Tim McGraw~Greatest Hits 3 (Mp3) (320Kbps) [owez77] [h33t].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\top 40.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Toy Story [DVDRip][1995][Eng][BugBunny].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Toy Story 2 [DVDRip][1999][Eng][BugBunny].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\tuoitresoidong.com_V.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Twilight.[2008.English].TS.HQ.DivX-LTT.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\VA- Christmas Jukebox 2008.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\VA-Disney_Box_Office_Hits-2008-C4.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\VA-Hip_Hop_The_2009_Collection-2CD-2009-LiR.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\VA-X_Mas_Trance_Attack_2008-(DADXMAS002)-WEB-2008-wAx.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\WALT DISNEYS-PETER PAN 2 DISC [SPECIAL EDITION][DVDRIP][ENG]-kidzcorner.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\WALT DISNEYS ALADDIN [MUSICAL MASTERPIECE EDITION][FULL][DVDRIP][ENG]-kidzcorner.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\WALT DISNEYS DUMBO[special edition][dvdrip][eng] -kidzcorner.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\WALT DISNEYS LADY AND THE TRAMP[DVDRIP][ENG]-kidzcorner.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\WALT DISNEYS PINNOCHIO[DVDRIP][ENG]-kidzcorner.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\WALT DISNEYS SNOWHITE AND THE 7 DWARFS[DVDRIP][ENG]-kidzcorner.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\WALT DISNEYS[GREATEST HITS][3 CD BOX SET][320K]-kidzcorner.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Walt.Disney.Pack1.by.hiphop.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Walt.Disney.Pack4.by.hiphop.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Westlife - Back Home [2007][CD+SkidVid_XviD+Cov]192Kbps.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\What's.Eating.Gilbert.Grape[1993]DVDrip-PsyCoSys.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Wimbledon.torrent
c:\users\Jennifer\AppData\Roaming\DNA
c:\users\Jennifer\AppData\Roaming\DNA\dht.dat
c:\users\Jennifer\AppData\Roaming\DNA\dht.dat.old
c:\users\Jennifer\AppData\Roaming\DNA\dna.lng
c:\users\Jennifer\AppData\Roaming\DNA\resume.dat
c:\users\Jennifer\AppData\Roaming\DNA\resume.dat.old
c:\users\Jennifer\AppData\Roaming\DNA\rss.dat

cruzin008
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-03
OS OS : Vista
Points Points : 27497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by cruzin008 on 6th June 2009, 6:17 am

c:\users\Jennifer\AppData\Roaming\DNA\rss.dat.old
c:\users\Jennifer\AppData\Roaming\DNA\settings.dat
c:\users\Jennifer\AppData\Roaming\DNA\settings.dat.old
c:\windows\11663za5kto9ld.bin

.
((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
.

2009-06-06 06:00 . 2009-06-06 06:00 -------- d-----w- C:\temp
2009-06-06 06:00 . 2009-06-06 06:00 -------- d-----w- \temp
2009-06-06 05:48 . 2009-06-06 06:00 -------- d-s---w- \Combo-Fix
2009-06-05 01:48 . 2009-06-06 05:50 -------- d-----w- \Qoobox
2009-06-05 01:39 . 2009-06-05 01:40 -------- d-----w- C:\MGtools
2009-06-05 01:39 . 2009-06-05 01:40 -------- d-----w- \MGtools
2009-06-05 01:09 . 2009-06-06 02:40 3219193856 --sha-w- \hiberfil.sys
2009-06-04 21:31 . 2009-06-04 21:31 -------- d-----w- c:\program files\Trend Micro
2009-06-03 23:31 . 2009-06-03 23:31 -------- d-----w- c:\users\Jennifer\AppData\Roaming\Malwarebytes
2009-06-03 23:31 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 23:31 . 2009-06-03 23:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 23:31 . 2009-06-03 23:31 -------- d-----w- c:\programdata\Malwarebytes
2009-06-03 23:31 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-23 13:52 . 2009-05-23 13:52 319488 ----a-w- c:\users\Jennifer\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 02:40 . 2008-11-09 18:11 42524 ----a-w- c:\programdata\nvModes.dat
2009-06-06 02:40 . 2009-06-05 01:09 3219193856 --sha-w- \hiberfil.sys
2009-06-06 02:40 . 2008-05-09 05:03 3533000704 --sha-w- \pagefile.sys
2009-06-05 22:10 . 2008-05-08 21:39 2484 ----a-w- c:\windows\bthservsdp.dat
2009-06-05 01:12 . 2008-12-05 16:32 -------- d-----w- c:\program files\DNA
2009-06-04 21:02 . 2009-04-09 00:41 1356 ----a-w- c:\users\Jennifer\AppData\Local\d3d9caps.dat
2009-06-03 01:39 . 2008-05-08 22:24 -------- d-----w- c:\programdata\NVIDIA
2009-05-25 04:58 . 2008-08-18 05:17 -------- d-----w- c:\users\Jennifer\AppData\Roaming\dvdcss
2009-05-13 12:42 . 2008-06-13 10:39 -------- d-----w- c:\programdata\Microsoft Help
2009-05-13 12:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-04-19 19:26 . 2009-04-19 19:26 -------- d-----w- c:\programdata\UIB
2009-04-14 09:56 . 2006-11-02 06:25 10 --sh--r- \config.sys
2009-04-11 15:16 . 2008-09-05 21:32 -------- d-----w- c:\program files\Sun
2009-04-11 08:50 . 2009-04-11 08:50 -------- d-----w- c:\users\Jennifer\AppData\Roaming\MaxiMenu-wizard.FDF52E4825EE6977D882DB325B1D78AE0E5DF3CF.1
2009-04-11 08:48 . 2009-04-11 08:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-11 08:47 . 2009-04-11 08:48 38208 ----a-w- c:\users\Jennifer\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-04-10 01:50 . 2009-04-10 01:50 -------- d-----w- c:\program files\CDisplay
2009-03-24 23:33 . 2009-03-24 23:33 237264 ----a-w- c:\users\Jennifer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-03-17 03:38 . 2009-04-17 00:51 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 00:51 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-09 10:19 . 2008-12-15 02:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-04-01 15:52 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-01 15:53 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-01 15:53 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-01 15:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-01 15:52 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-01 15:52 132608 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-01 15:52 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-01 15:52 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-01 15:52 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-01 15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-01 15:53 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-01 15:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-01 15:53 66560 ----a-w- c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-01 15:52 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-01 15:53 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-01 15:53 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-01 15:52 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-01 15:53 156160 ----a-w- c:\windows\system32\msls31.dll
2008-05-08 22:00 . 2008-05-08 22:00 74 --sh--r- c:\windows\CT4CET.bin
2008-05-09 05:26 . 2008-05-09 05:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

cruzin008
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-03
OS OS : Vista
Points Points : 27497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by cruzin008 on 6th June 2009, 6:18 am

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-08 22:22 . 2009-06-05 01:18 58860 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-08 22:22 . 2009-06-06 02:42 58860 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-06 02:42 83830 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-23 04:52 . 2009-06-05 01:18 14626 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2648109016-2927722406-4171585430-1000_UserData.bin
+ 2008-05-23 04:52 . 2009-06-06 02:42 14626 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2648109016-2927722406-4171585430-1000_UserData.bin
- 2009-02-25 00:02 . 2009-06-02 22:53 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
+ 2009-02-25 00:02 . 2009-06-05 21:49 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
- 2008-05-22 13:33 . 2009-06-05 01:18 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-22 13:33 . 2009-06-06 02:40 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-25 00:02 . 2009-06-05 21:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
- 2009-02-25 00:02 . 2009-06-02 22:53 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2008-05-22 13:33 . 2009-06-06 02:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-22 13:33 . 2009-06-05 01:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-25 00:02 . 2009-06-05 21:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
- 2009-02-25 00:02 . 2009-06-02 22:53 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
- 2008-05-22 13:33 . 2009-06-05 01:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-22 13:33 . 2009-06-06 02:40 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-05 01:16 . 2009-06-05 01:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-06 02:40 . 2009-06-06 02:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-05 01:16 . 2009-06-05 01:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-06 02:40 . 2009-06-06 02:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-06-06 02:45 603282 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-05 01:21 603282 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-05 01:21 106696 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-06 02:45 106696 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:22 . 2009-06-05 03:24 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-06-05 01:43 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 17:43 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 17:43 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"googletalk"="c:\users\Jennifer\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"BitTorrent DNA"="c:\users\Jennifer\Program Files\DNA\btdna.exe" [2008-12-18 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-09 96800]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-8 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-10-10 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 17:34 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6025C9DF-2A40-4BBD-9D82-35FE73B83083}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{A02F13E9-388D-44BF-8224-9BB8E048FA88}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{DAEF58AB-3E8D-4BCE-A2FD-9D0B332193E3}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{8576F54C-124E-40F0-9B5C-7A33528EAA47}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{F1E1C9BF-994D-4B22-9BC1-234A67F534E4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5ED5F912-3D8C-4E31-B291-0EA3E7168731}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AA1C157A-1B4D-49EA-9024-E5F969965FFE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{65568386-45B5-4D7E-A067-C3EA56D45600}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9AFD2BC9-EC2A-4BC4-968D-674946758A20}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{65874513-BCEF-4594-8B66-E18824EFE0FF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{42B82AF1-7784-4C05-BFF3-E9F84A1DB0BA}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{A94DF739-5DE2-4C6A-B793-BDA62443AA7E}c:\\program files\\java\\jre1.6.0_07\\bin\\java.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{15E14228-7529-4843-8601-066278EE1B62}c:\\program files\\java\\jre1.6.0_07\\bin\\java.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{120A4670-CA8C-4A4B-8688-490A12F77F8A}c:\\program files\\java\\jdk1.6.0_07\\bin\\java.exe"= UDP:c:\program files\java\jdk1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{6B0B09B0-66BC-4406-800D-A7682620EBAE}c:\\program files\\java\\jdk1.6.0_07\\bin\\java.exe"= TCP:c:\program files\java\jdk1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"{8D0D7F93-E1BC-4880-A90E-F67C7454620B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F4CE3D80-B895-4928-8DCF-0DF44631B977}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F2A222F7-CF0C-495D-A92D-6117690F4FFC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{12E660B1-03AF-4B3D-8F7D-1DE756917CE5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

cruzin008
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-03
OS OS : Vista
Points Points : 27497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by cruzin008 on 6th June 2009, 6:19 am

"{2DDF2B46-50ED-472B-BEAC-C2330ED368D5}"= UDP:c:\python25\python.exe:python
"{35EF3664-4FAF-47B2-9F6A-2B44992C1357}"= TCP:c:\python25\python.exe:python
"{4D4BB954-7ACE-44EE-A454-47362EC4C30A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{42781BA3-A662-434C-A993-B6904DE2BBC8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F2059D2A-1BA2-4D3F-BCC2-6642D5E5D46C}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{71591A39-64F9-4D93-ADD2-A8B1F810E707}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A4B83014-48CE-478E-B076-40C41CB1F62D}"= UDP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{3CBA0233-A85B-4145-8484-FF1E894E1AB4}"= TCP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{7B2198F3-CDCD-4752-B504-35F5E5378015}"= UDP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{03414F46-B5D4-4B1B-BBF3-21125206333A}"= TCP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{A47E619D-AC95-431D-B026-56A12A5241C3}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{428D0CB1-2DFC-44F0-A28F-501AAE915935}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{BEDAD5E9-101C-4561-84A2-7022D364A470}c:\\java\\jre6\\bin\\java.exe"= UDP:c:\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{4E02348E-EDB6-453A-BE0C-8F3C5B38ED69}c:\\java\\jre6\\bin\\java.exe"= TCP:c:\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{63E20E1F-54ED-4B87-A756-D4854A86FB99}c:\\java\\jdk1.6.0_12\\bin\\java.exe"= UDP:c:\java\jdk1.6.0_12\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{B5B658F5-2DE4-4241-BBD6-F75DA89AA802}c:\\java\\jdk1.6.0_12\\bin\\java.exe"= TCP:c:\java\jdk1.6.0_12\bin\java.exe:Java(TM) Platform SE binary
"{B2B2A6FE-BA05-4446-8BD8-04229CA2E6AB}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{17FB7C00-D6C0-4AC4-A80F-3C47B4D0C4D6}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{7CB6CCDA-4F68-40BA-9BF5-4DD157397545}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{A379A8F8-E200-4D21-909D-307D416F56E4}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [08-05-2008 17:38 73728]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [09-05-2008 01:31 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [09-05-2008 01:31 7424]
S3 acfva;acfva;c:\windows\System32\drivers\ACFVA32.sys [09-05-2008 01:31 86656]
S3 dgcfltr;DGC Filter Driver;c:\windows\System32\drivers\ACFDCP32.sys [02-10-2008 09:31 28800]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [21-08-2008 22:52 31592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [03-06-2009 19:31 40160]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [09-05-2008 01:32 209408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648109016-2927722406-4171585430-1000.job
- c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 05:47]

2009-06-06 c:\windows\Tasks\User_Feed_Synchronization-{846C903F-7050-4808-B037-3BE14318C174}.job
- c:\windows\system32\msfeedssync.exe [2009-04-01 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\h6rpqrx9.default\
FF - plugin: c:\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Jennifer\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\Jennifer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Jennifer\Program Files\DNA\plugins\npbtdna.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-06 02:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2009-06-06 2:03
ComboFix-quarantined-files.txt 2009-06-06 06:03
ComboFix2.txt 2009-06-05 02:25

Pre-Run: 167,540,502,528 bytes free
Post-Run: 167,434,240,000 bytes free

445 --- E O F --- 2009-06-05 01:43

cruzin008
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-03
OS OS : Vista
Points Points : 27497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by cruzin008 on 6th June 2009, 6:19 am

thx so much for ur help....

cruzin008
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-03
OS OS : Vista
Points Points : 27497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by Belahzur on 6th June 2009, 1:23 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by cruzin008 on 6th June 2009, 4:11 pm

Hi Belahzur,
my machine seems to be running fine now. the "spyware affected" alert is gone...and my desktop wallpaper has also chnged bac to normal....these people at WinBlue Soft have used great tactics to freak people out....
v shud be really proud of people like you...who utilize their time in resolving these problems....hats off to u and ur team!!!
thx and regards

cruzin008
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-06-03
OS OS : Vista
Points Points : 27497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with winblue soft----stage after running combofix

Post by Origin on 6th June 2009, 5:48 pm

Glad we could help Wink



Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum