Winbluesoft infected

View previous topic View next topic Go down

Winbluesoft infected

Post by devilice on 5th June 2009, 2:37 pm

I am infected with winbluesoft i been lookin over most people post and instructions and i have started to get some of it fixxed so far i just need to know what files need to be deleted to get rid of this.

I have ran my computer in safe mode and deleted the file C:/windows/system32.blocker.dll
i have installed the maleware installer,and hijack this.I have my log files also from hijackthis.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:47 AM, on 6/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Windows\System32\setup2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\VistaCodecPack\rm\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: blocker.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9dd5e2e428ee0) (gupdate1c9dd5e2e428ee0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10979 bytes

devilice
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-05
OS OS : windows vista ultimate
Points Points : 27460
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Winbluesoft infected

Post by Belahzur on 5th June 2009, 2:55 pm

Hello.

  • Open HijackThis again.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
    O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
    O20 - AppInit_DLLs: blocker.dll


  • Press "Fix Checked"
  • Close Hijack This.

Next,

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Norton)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Winbluesoft infected

Post by devilice on 5th June 2009, 3:46 pm

ComboFix 09-06-04.09 - Johnny 06/05/2009 10:28.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1915.1019 [GMT -5:00]
Running from: c:\users\Johnny\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Johnny\AppData\Roaming\inst.exe
c:\windows\10076ha9k5ozl785.ocx
c:\windows\10376zroj915.ocx
c:\windows\107539ot-a-vizus758.cpl
c:\windows\1145d5wz9oader454.ocx
c:\windows\1159spa9sez496.exe
c:\windows\11999wzr5199.bin
c:\windows\119zwor5991.dll
c:\windows\1265tr9jdbz.exe
c:\windows\12702hack9oo5bcz.bin
c:\windows\127z1tr5j3c9.cpl
c:\windows\12815no9-a-vzrusc4.bin
c:\windows\130345ack9ozl637.dll
c:\windows\13237hac9tozl25c.dll
c:\windows\1328not5a-vir9s307z.bin
c:\windows\13322no9-a-zirus153.bin
c:\windows\1342zpy5f9.exe
c:\windows\1364s9amb5t6z4.bin
c:\windows\13961hacktozl455.dll
c:\windows\145cdown9oa5zr954.ocx
c:\windows\145z9spy982.exe
c:\windows\1473zs5y790.dll
c:\windows\14758spzmbot19d5.exe
c:\windows\14z6vi9us77b5.exe
c:\windows\15422wz9mcc.bin
c:\windows\1562z9acktoo5378.ocx
c:\windows\15775zot-5-9irus1bc.dll
c:\windows\15785hzck9oold5.exe
c:\windows\15933wo5m7z8.exe
c:\windows\15959ackdoor15z0.ocx
c:\windows\1597spazbot322.bin
c:\windows\15d9adz9are2590.ocx
c:\windows\160835py49z.dll
c:\windows\1618dow9loa5er268z.exe
c:\windows\163495irus3z0.bin
c:\windows\16591hack5ool7a9z.cpl
c:\windows\1678s9y5arz2252.cpl
c:\windows\169759iruz2355.dll
c:\windows\16efdownloa5e9144z.exe
c:\windows\17384tz9j577.bin
c:\windows\17591s9amzot7f35.bin
c:\windows\17629vi5us19cz.cpl
c:\windows\1763zspa5bo930b.cpl
c:\windows\17z21tr5j96.ocx
c:\windows\18629szamb5t20e9.dll
c:\windows\18812haczto9l6465.bin
c:\windows\19422n9z-a-5irus4fc.cpl
c:\windows\19441zpa5bot9b5.bin
c:\windows\19540z9oj7a45.dll
c:\windows\19895hac5tool6zb.exe
c:\windows\19945zpy9e5.cpl
c:\windows\19958spy58z.exe
c:\windows\19e4v5z61.exe
c:\windows\19z5steal2175.ocx
c:\windows\19z99sp595.ocx
c:\windows\1a84threa51309z.dll
c:\windows\1a9zvir995.dll
c:\windows\1b95thzef808.cpl
c:\windows\1cz895ief1296.bin
c:\windows\1dz9bac5door977.ocx
c:\windows\1e5zthief19459.dll
c:\windows\1z12295cktool2c2.ocx
c:\windows\1z415hackto9l67c.exe
c:\windows\1z859w5r960a.exe
c:\windows\1z92259oj5b1.ocx
c:\windows\20455not-azv9rusfd.ocx
c:\windows\20509no9-azvirus1fc.dll
c:\windows\20539ha9kt5zl4c2.cpl
c:\windows\205zth9ef342.exe
c:\windows\20978worm3za5.dll
c:\windows\20cesteal958z.dll
c:\windows\21158z9t-a-virus5b05.dll
c:\windows\21433zot-a-virus75b9.dll
c:\windows\22028haz9too5343.exe
c:\windows\22100za9kt5ol44a.cpl
c:\windows\22320not5a-v9rus4dz.bin
c:\windows\223ea5d9are19z5.exe
c:\windows\224795orz49.ocx
c:\windows\23559zpambot739.exe
c:\windows\2363295rzs70e.ocx
c:\windows\23804zir5s9d.dll
c:\windows\2422tro951z.dll
c:\windows\24645s9amzot639.ocx
c:\windows\247345roj9fz.ocx
c:\windows\24760vir5szdd9.ocx
c:\windows\247espywz9e751.ocx
c:\windows\25050hacktool4z89.exe
c:\windows\2524zspamb9te5.exe
c:\windows\2533059rmzba.cpl
c:\windows\253dadd9arz2507.cpl
c:\windows\2552spzmbot49.bin
c:\windows\25544spa9bot2zb.dll
c:\windows\2559vi9uszcf.dll
c:\windows\2572spywar931z.dll
c:\windows\2590sp5wzre1000.ocx
c:\windows\25943zir9s495.ocx
c:\windows\25959z5oj963.dll
c:\windows\259919acztool625.cpl
c:\windows\2599vir2563z.ocx
c:\windows\25b9pyware820z.dll
c:\windows\25z5steal2529.cpl
c:\windows\2622hack9o5l40az.exe
c:\windows\26430notza-virus950.dll
c:\windows\2650znot-a9virus7645.bin
c:\windows\26546w9rm4ccz.exe
c:\windows\269z3sp5569.exe
c:\windows\26z86tro52d39.dll
c:\windows\27335w9rm3e8z.cpl
c:\windows\27bzt9ief1505.exe
c:\windows\28559s9y2z.dll
c:\windows\28683sp9mzotd5.cpl
c:\windows\290059rzj11d.exe
c:\windows\29042nz9-a-virus75c.dll
c:\windows\29558trzj409.dll
c:\windows\29626not9a5vizus22.bin
c:\windows\29821n5t-a-virus194z.dll
c:\windows\2998zr5j2f7.exe
c:\windows\2999vi5uz1d9.cpl
c:\windows\29b0th9ezt28588.exe
c:\windows\2a0spa9s51z10.ocx
c:\windows\2a5595zware3068.cpl
c:\windows\2c65s9arsz320.bin
c:\windows\2efcs5ealz69.ocx
c:\windows\2f27sza95e1348.cpl
c:\windows\2f65downloaz9r889.cpl
c:\windows\2f9fspyware2z57.cpl
c:\windows\2z57spamb9555c.exe
c:\windows\2z95v5r104.dll
c:\windows\3012d5wnloade9z79.bin
c:\windows\30687troj593z.bin
c:\windows\3094sparz96105.exe
c:\windows\3215z9irus7f8.exe
c:\windows\32591troz196.bin
c:\windows\32b9ad5waze2740.cpl
c:\windows\353119irus69z.cpl
c:\windows\35455troj5ez9.dll
c:\windows\3599backdoor889z.cpl
c:\windows\3644t5rea926841z.dll
c:\windows\3685sp9ware20z3.ocx
c:\windows\3685trojz59.exe
c:\windows\383fdo5nl9adzr343.cpl
c:\windows\384zvir90405.exe
c:\windows\3929threatz1582.ocx
c:\windows\393zs5eal1729.dll
c:\windows\3965sparse2z095.ocx
c:\windows\3965viruz4179.exe
c:\windows\39965zief989.ocx
c:\windows\39d5a9zware577.exe
c:\windows\3b28add5arez297.ocx
c:\windows\3c1dsp5r9z650.bin
c:\windows\3d19spz5se3091.exe
c:\windows\3d8ezdd9are351.ocx
c:\windows\3e9dzteal5925.exe
c:\windows\3eebs9yw5rez751.exe
c:\windows\3f89s5azs91999.cpl
c:\windows\3z535spambot579.ocx
c:\windows\3za5ste9l2443.exe
c:\windows\4160s9yware527z.cpl
c:\windows\418eb9ckd5orz55.cpl
c:\windows\41d0thz9f2533.ocx
c:\windows\4251s9arsz1010.ocx
c:\windows\42cb95r275z.ocx
c:\windows\435zspy9are290.dll
c:\windows\4398wo5z7e3.bin
c:\windows\43z55roj6b39.ocx
c:\windows\442sp5ze9.dll
c:\windows\448bspywz9e2415.bin
c:\windows\455a9parze2073.bin
c:\windows\45d3spywa5e429z.bin
c:\windows\45zaddw59e485.cpl
c:\windows\463szambot915.bin
c:\windows\46a59hrezt4268.exe
c:\windows\471zs59rse536.cpl
c:\windows\4813ad9w5re7z5.exe
c:\windows\4828hackt5ol649z.ocx
c:\windows\485csparse2906z.exe
c:\windows\48f9downlo5der26z79.ocx
c:\windows\4996thre5t18753z.ocx
c:\windows\49985pa9ze1655.cpl
c:\windows\49b9zpywar52413.dll
c:\windows\49f3zir27775.exe
c:\windows\49z4thi5f790.cpl
c:\windows\49zasparse21005.bin
c:\windows\4b79sz9rse26275.bin
c:\windows\4babdo5zloade9315.bin
c:\windows\4bd9backzoor31515.ocx
c:\windows\4be6downl9ader2z05.bin
c:\windows\4cbzstea923515.ocx
c:\windows\4z5bsp9ware1726.exe
c:\windows\50281zacktool981.cpl
c:\windows\510z9pam5ot46f.bin
c:\windows\51358not-a-vzrus589.exe
c:\windows\5155vzrus459.dll
c:\windows\51e0threzt127329.dll
c:\windows\52393spambot11z.exe
c:\windows\52525ackdoo91310z.cpl
c:\windows\5255sza9se2049.dll
c:\windows\526downlo9dzr2573.exe
c:\windows\52991sp9mbot4ze.ocx
c:\windows\52azt9re5t29434.cpl
c:\windows\52b9viz2504.dll
c:\windows\5358zown9oader2364.dll
c:\windows\53891trzj28c.cpl
c:\windows\5389threat1938z.bin
c:\windows\541fthiez7955.ocx
c:\windows\5434virz57459.exe
c:\windows\54425zir9s570.cpl
c:\windows\55119zroj588.exe
c:\windows\5577zow5lo9der1899.dll
c:\windows\5584sp5z9d.exe
c:\windows\5591h5cztool519.bin
c:\windows\562cvzr9651.exe
c:\windows\56519virus2ez.exe
c:\windows\565dthi9f1452z.ocx
c:\windows\5666z9rus542.bin
c:\windows\57969ir29z0.dll
c:\windows\57970zroja3.exe
c:\windows\57ceaddwaz9140.cpl
c:\windows\57e4t9ie59z3.exe
c:\windows\57z9ir25165.ocx
c:\windows\5815d9wnloader169z.bin
c:\windows\5846backdoor9z97.exe
c:\windows\58789zt-a-vir5s18.bin
c:\windows\5879sp5903z.cpl
c:\windows\58d89pywaze1592.cpl
c:\windows\590espyzar52853.exe
c:\windows\591aaddwzre919.cpl
c:\windows\59569spy4ze.bin
c:\windows\5959steal2z58.bin
c:\windows\5959thzef1532.bin
c:\windows\59648spam9ot795z.cpl
c:\windows\596virz837.ocx
c:\windows\5970sparz52296.ocx
c:\windows\5978tz5ef2873.cpl
c:\windows\598fspzrse23835.exe
c:\windows\59a4ba9kzoor1989.exe
c:\windows\59a5sparse5z94.dll
c:\windows\59c9downloader303z5.exe
c:\windows\59e0zhief3575.dll
c:\windows\59eazparse5571.ocx
c:\windows\5a0stez99.dll
c:\windows\5a7bzir1493.exe

devilice
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-05
OS OS : windows vista ultimate
Points Points : 27460
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Winbluesoft infected

Post by devilice on 5th June 2009, 3:48 pm

c:\windows\5b3db9c5dzor1903.dll
c:\windows\5b96threzt13819.ocx
c:\windows\5c769h5eat306z4.cpl
c:\windows\5c7back9oorz784.ocx
c:\windows\5c9cspyzare3296.dll
c:\windows\5cf85ownloz9er89.ocx
c:\windows\5d57addw95z432.ocx
c:\windows\5db9addzare992.cpl
c:\windows\5z5029pambot54.ocx
c:\windows\5z6fb5c9door3231.exe
c:\windows\60d7th9eat28z475.dll
c:\windows\6113back5ozr9212.exe
c:\windows\6133t5iez25089.cpl
c:\windows\61d4stezl93405.exe
c:\windows\63dcv9r15z6.cpl
c:\windows\644cste9l5155z.ocx
c:\windows\64z79tea52084.ocx
c:\windows\6532zpy9are2977.ocx
c:\windows\65aatz9ef2365.exe
c:\windows\65b095z886.bin
c:\windows\65b0spy5a9e32z3.exe
c:\windows\680fadzwa951953.exe
c:\windows\6892wozm5b9.cpl
c:\windows\6950zpyware1598.cpl
c:\windows\698ath5eat1464z.bin
c:\windows\69cbsp5wzre1132.bin
c:\windows\6a5695wnlzader1863.exe
c:\windows\6ab2a5dwaz91552.dll
c:\windows\6af4za5kdoor11979.bin
c:\windows\6b75b9ckdoor1z95.exe
c:\windows\6b79zi925905.ocx
c:\windows\6cfesteal574z9.dll
c:\windows\6df9zpywa5e2957.cpl
c:\windows\6e88s5a9ze1792.cpl
c:\windows\6ezadown9oad5r2770.bin
c:\windows\6f45d5wnloade931z1.exe
c:\windows\6z87backdoor24059.bin
c:\windows\71569hrezt13208.cpl
c:\windows\72299parse5z16.ocx
c:\windows\7255w5rm1z9.exe
c:\windows\73325owzloader1941.dll
c:\windows\7349steal26z35.exe
c:\windows\736b9ckdz5r1788.bin
c:\windows\74b7down5zader9569.dll
c:\windows\7503sp59are9z9.ocx
c:\windows\7512sp9zare120.exe
c:\windows\7553z9y58.ocx
c:\windows\7564thi9f1z23.cpl
c:\windows\7569azdware1570.exe
c:\windows\7591ste5l2862z.exe
c:\windows\7691vz5211.cpl
c:\windows\7950vi9z866.cpl
c:\windows\795edownload9z30165.bin
c:\windows\7cazth5ef9993.cpl
c:\windows\7d32sparze29735.exe
c:\windows\7d44zir3159.bin
c:\windows\7z99vi9580.ocx
c:\windows\8108not-z-vir5s519.cpl
c:\windows\8152sp5z749.ocx
c:\windows\820spars9z559.bin
c:\windows\825z9r752.dll
c:\windows\8397vi5uz9b8.dll
c:\windows\8560zpy963.bin
c:\windows\89379orm15az.ocx
c:\windows\902st5a9z035.exe
c:\windows\9036zor54d6.cpl
c:\windows\9040thief53z6.exe
c:\windows\9066t5oj3zf.dll
c:\windows\91453hzcktool758.exe
c:\windows\914z5spy652.bin
c:\windows\9156backdooz967.exe
c:\windows\92415worm3z.ocx
c:\windows\9295virus4z9.bin
c:\windows\93229hackz5ol633.cpl
c:\windows\9364not-a-zirus459.bin
c:\windows\9402backdo5rz008.exe
c:\windows\9495addware371z.bin
c:\windows\94z90w5rm77d.dll
c:\windows\9516spy115z.exe
c:\windows\9528spazbot4ca9.ocx
c:\windows\9537zspambot28d.cpl
c:\windows\95fv5r6z.bin
c:\windows\96055zamb9t42b.bin
c:\windows\96417wozm5d5.bin
c:\windows\97271woz5105.ocx
c:\windows\97325vir5s476z.bin
c:\windows\9850hacztoo9611.dll
c:\windows\9856downlzader2315.ocx
c:\windows\9879threat147z25.cpl
c:\windows\9898not-a-viruz3599.dll
c:\windows\98acspzrs52272.ocx
c:\windows\99155irz336.exe
c:\windows\9925wzr97a3.exe
c:\windows\993asteal1524z.exe
c:\windows\9952vizus6d.ocx
c:\windows\99785pzrse140.ocx
c:\windows\9c4c5ddware27z5.ocx
c:\windows\9c96threa5z88.exe
c:\windows\9e15ir276z.bin
c:\windows\9z51tro590.exe
c:\windows\9z809tr5j2f3.cpl
c:\windows\a3ethze524489.cpl
c:\windows\bcdsp5rsz22329.dll
c:\windows\c5aspywaz97585.exe
c:\windows\e45zpa9se917.exe

devilice
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-05
OS OS : windows vista ultimate
Points Points : 27460
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Winbluesoft infected

Post by devilice on 5th June 2009, 3:49 pm

c:\windows\system32\1019spars52z12.cpl
c:\windows\system32\10382hac5tooz49.cpl
c:\windows\system32\107z5viru944d.dll
c:\windows\system32\10a2backdoor969z5.dll
c:\windows\system32\11189not-a-59rzs404.cpl
c:\windows\system32\1119steaz2345.ocx
c:\windows\system32\11330zot-a-vi5us2f9.ocx
c:\windows\system32\11754vir9z3e7.exe
c:\windows\system32\12528tro93z.bin
c:\windows\system32\12570tzo95105.bin
c:\windows\system32\125at5izf913.ocx
c:\windows\system32\1275s9ywaze168.exe
c:\windows\system32\1296spyzd05.dll
c:\windows\system32\13135h9cktool7z4.ocx
c:\windows\system32\133495iruz2ec.cpl
c:\windows\system32\13436h5cztool951.bin
c:\windows\system32\13902sp59zot335.bin
c:\windows\system32\13e05h9zat28893.ocx
c:\windows\system32\14546wzr9255.dll
c:\windows\system32\14941nzt-a-vi9us3595.dll
c:\windows\system32\15067n9t-a-virusz5d.bin
c:\windows\system32\152995arsez513.bin
c:\windows\system32\155z9troj1e5.ocx
c:\windows\system32\15627spamb9z2d1.cpl
c:\windows\system32\15647spydz9.exe
c:\windows\system32\1572z9ot5a-virus62e.cpl
c:\windows\system32\1584zhacktool95a.ocx
c:\windows\system32\1592zspy61.cpl
c:\windows\system32\15fzth5ef1098.dll
c:\windows\system32\16554hz5ktool49e.cpl
c:\windows\system32\16595ackdozr2794.ocx
c:\windows\system32\16695hackto5l3z09.dll
c:\windows\system32\16z46spam9o510e.bin
c:\windows\system32\16z88vir5s9c5.dll
c:\windows\system32\17052vir9s496z.dll
c:\windows\system32\17075w9zm5d1.ocx
c:\windows\system32\17799not-a-virzs6595.bin
c:\windows\system32\1899thze5t94960.dll
c:\windows\system32\19145viruz5bb.bin
c:\windows\system32\19263h5ckzool7c8.bin
c:\windows\system32\19305hazktool153.bin
c:\windows\system32\19474spamzo9c5.cpl
c:\windows\system32\19585hazktool271.exe
c:\windows\system32\1967hzckto9l115.bin
c:\windows\system32\19820not5a-z9rus5aa.exe
c:\windows\system32\19831spamboz145.exe
c:\windows\system32\1995stealz417.dll
c:\windows\system32\19a5downl9ad5r323z.ocx
c:\windows\system32\19z835o9m2de.exe
c:\windows\system32\1dza9ir24565.ocx
c:\windows\system32\1f1c9ownlzad5r1325.ocx
c:\windows\system32\1z161tro9353.ocx
c:\windows\system32\1z371not-9-vir5sfc.ocx
c:\windows\system32\1z3threat58959.bin
c:\windows\system32\1z4b9p5rse1696.dll
c:\windows\system32\203739pamboz15.exe
c:\windows\system32\206zs9eal5048.dll
c:\windows\system32\20zavi9251.exe
c:\windows\system32\21981not5a-virus76z.ocx
c:\windows\system32\22185h9cktool7z3.bin
c:\windows\system32\223525orm979z.ocx
c:\windows\system32\22812zirus53a9.ocx
c:\windows\system32\22f19z5640.exe
c:\windows\system32\232765izus694.bin
c:\windows\system32\23508wzrm549.bin
c:\windows\system32\2379z5rm259.exe
c:\windows\system32\23856spambztc79.ocx
c:\windows\system32\23933tzoj559.cpl
c:\windows\system32\23933v95usz14.dll
c:\windows\system32\23b3stezl15129.ocx
c:\windows\system32\23b5z9r1005.bin
c:\windows\system32\24255not-a-vir9s5z8.ocx
c:\windows\system32\24366not5a-viru98z.dll
c:\windows\system32\245dzh9eat19116.cpl
c:\windows\system32\24635spam9ot50z.exe
c:\windows\system32\247669zr56f8.dll
c:\windows\system32\24774hackto5lz8d9.dll
c:\windows\system32\2497759oj7aaz.dll
c:\windows\system32\2498th5zat10487.bin
c:\windows\system32\24z4hac9tool5ca.cpl
c:\windows\system32\2501a5dza9e582.bin
c:\windows\system32\251zdown9oader915.exe
c:\windows\system32\25314zroj3ff9.ocx
c:\windows\system32\25369zorm1159.ocx
c:\windows\system32\255cth9ezt17725.cpl
c:\windows\system32\25819zo9579a.ocx
c:\windows\system32\25915spy558z.exe
c:\windows\system32\261ha5kt9olz3a.bin
c:\windows\system32\268z2hackto9l593.exe
c:\windows\system32\26995viruz5b2.dll
c:\windows\system32\26zf5ir1494.cpl
c:\windows\system32\271645roj794z.dll
c:\windows\system32\27557t9oj50z.cpl
c:\windows\system32\275z9hackt5ol21.cpl
c:\windows\system32\2835z5py9e5.bin
c:\windows\system32\28785zorm593.cpl
c:\windows\system32\28830z9ambot251.ocx
c:\windows\system32\2890z95rus16.exe
c:\windows\system32\28955sp9m5ozc9.bin
c:\windows\system32\29005spy7aaz.bin
c:\windows\system32\292045py15z9.exe
c:\windows\system32\29351szy52c5.bin
c:\windows\system32\295z3sp5230.exe
c:\windows\system32\2964459rm3z9.dll
c:\windows\system32\29809v9zus7ce5.cpl
c:\windows\system32\29830hack9oo5z26.exe
c:\windows\system32\29f5viz2492.bin
c:\windows\system32\29z00s594f5.bin
c:\windows\system32\2a065hr9at69z7.dll
c:\windows\system32\2c35z9ief415.dll
c:\windows\system32\2c55s9arse1407z.ocx
c:\windows\system32\2e7thr5at4969z.dll
c:\windows\system32\2z094worm575.exe
c:\windows\system32\2z0spar9e2582.bin
c:\windows\system32\2z7139roj7e5.bin
c:\windows\system32\2z888wo954cd.cpl
c:\windows\system32\2z89dow5loader9964.bin
c:\windows\system32\2zb5spy5ar91645.ocx

devilice
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-05
OS OS : windows vista ultimate
Points Points : 27460
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Winbluesoft infected

Post by devilice on 5th June 2009, 3:50 pm

c:\windows\system32\30251spy7z9.cpl
c:\windows\system32\30380no5-a-virusz92.cpl
c:\windows\system32\3051659cktoolz41.bin
c:\windows\system32\30582sz96b5.exe
c:\windows\system32\305cspyza9e5252.cpl
c:\windows\system32\3095szambot29d.cpl
c:\windows\system32\3114ba9kdooz5157.bin
c:\windows\system32\312cdo5nloazer5049.bin
c:\windows\system32\313z8tr5j797.dll
c:\windows\system32\31496trzj651.ocx
c:\windows\system32\31574not-a9viruz5c2.cpl
c:\windows\system32\3187z9r57d7.exe
c:\windows\system32\31974virz5995.bin
c:\windows\system32\31afaddw5re1932z.cpl
c:\windows\system32\320599acztoolc2.exe
c:\windows\system32\3246sparse259z.dll
c:\windows\system32\32535z9amb5t26.cpl
c:\windows\system32\32691zp55cf.dll
c:\windows\system32\3273v9r287z5.cpl
c:\windows\system32\32c59hreatz0485.ocx
c:\windows\system32\3310threz959818.exe
c:\windows\system32\347fspa5ze21569.ocx
c:\windows\system32\349bazkdoor2965.bin
c:\windows\system32\350dth9ez1181.cpl
c:\windows\system32\3533vir5z439.dll
c:\windows\system32\355dthie9z045.dll
c:\windows\system32\3566zddware904.exe
c:\windows\system32\35b9downloader154z.exe
c:\windows\system32\3633s95mbotz51.exe
c:\windows\system32\369baddware1585z.dll
c:\windows\system32\369esze5l28699.dll
c:\windows\system32\37759hreat1z248.exe
c:\windows\system32\3799sp5ware1z12.exe
c:\windows\system32\384b9hz5at13734.bin
c:\windows\system32\38585ackdoorz1759.cpl
c:\windows\system32\388c5teal967z.cpl
c:\windows\system32\3959stezl1454.dll
c:\windows\system32\3961zpywar512759.cpl
c:\windows\system32\39z69hac5tool7de.cpl
c:\windows\system32\39zvir3574.bin
c:\windows\system32\3b1ba5kdo9z2403.ocx
c:\windows\system32\3e1zba9kdoor2753.dll
c:\windows\system32\3e9dthz95384.cpl
c:\windows\system32\3f93stezl27995.exe
c:\windows\system32\3z749worm21f5.ocx
c:\windows\system32\3z97sp5ware2386.dll
c:\windows\system32\3z99addware17025.dll
c:\windows\system32\401cb95kdoorz281.ocx
c:\windows\system32\42609ac5door1z29.ocx
c:\windows\system32\4315spambo529z.cpl
c:\windows\system32\43dzd9wnloade52814.ocx
c:\windows\system32\43z99teal11385.ocx
c:\windows\system32\44aaba5kzoor3199.dll
c:\windows\system32\44z59roj524.dll
c:\windows\system32\45029ir275z.dll
c:\windows\system32\454cstezl9725.exe
c:\windows\system32\4550backdooz24139.bin
c:\windows\system32\4599downz9a5er904.bin
c:\windows\system32\468dspzwar91815.ocx
c:\windows\system32\47049hrea5z9042.dll
c:\windows\system32\488bsp9rsz2575.cpl
c:\windows\system32\48a1zd9ware1539.bin
c:\windows\system32\492d59wzloader2599.cpl
c:\windows\system32\49a2thr5at4709z.cpl
c:\windows\system32\4a95azdware2423.bin
c:\windows\system32\4a98zhi9f3045.ocx
c:\windows\system32\4bd0sp9w5re27z3.exe
c:\windows\system32\4d46t5reaz89909.bin
c:\windows\system32\4de3spy9arez258.bin
c:\windows\system32\4df45ownlozder9149.cpl
c:\windows\system32\4f56th5eat39497z.cpl
c:\windows\system32\4fz45ackdoor2598.dll
c:\windows\system32\5039zief2965.bin
c:\windows\system32\50593worm139z.exe
c:\windows\system32\5273add9are1z58.dll
c:\windows\system32\52e5s9eal32z1.ocx
c:\windows\system32\5366spy519z.dll
c:\windows\system32\53c9szars929555.ocx
c:\windows\system32\53fspzr9e17355.ocx
c:\windows\system32\54649irzs750.ocx
c:\windows\system32\549zroj490.dll
c:\windows\system32\54b2bac5doz92164.ocx
c:\windows\system32\54dzba9kdoor1495.ocx
c:\windows\system32\54z15worm49a.dll
c:\windows\system32\54z75py79.ocx
c:\windows\system32\551edownloa5zr1639.bin
c:\windows\system32\5522sparze9962.ocx
c:\windows\system32\5530spyw9re140z.dll
c:\windows\system32\553dspy5arez3169.exe
c:\windows\system32\5578s5arz9179.bin
c:\windows\system32\55999hief1z76.cpl
c:\windows\system32\55abzckdoor3097.exe
c:\windows\system32\55bdaddware17z79.bin
c:\windows\system32\5600ad9wa5e266z.bin
c:\windows\system32\5617noz-a-v9r5s556.exe
c:\windows\system32\5688thiz92551.cpl
c:\windows\system32\5708spamb5z42c9.dll
c:\windows\system32\5771spyzare5590.ocx
c:\windows\system32\577z6spambot9c.ocx
c:\windows\system32\57afs5a9sez792.dll
c:\windows\system32\581dthre5t19z999.bin
c:\windows\system32\5887s9azbot295.dll
c:\windows\system32\5892dzwnloader5849.dll
c:\windows\system32\58a4backdo9rz107.bin
c:\windows\system32\58aaspywzr59325.dll
c:\windows\system32\58fcth5ef2193z.exe
c:\windows\system32\5921backzoor5489.bin
c:\windows\system32\592zvi9use5.cpl
c:\windows\system32\5933backdzo5748.dll
c:\windows\system32\5989sp9mboz153.bin
c:\windows\system32\599395rzat29939.dll
c:\windows\system32\59963tzoj621.ocx
c:\windows\system32\59acthiefz311.ocx
c:\windows\system32\59bdvi52z309.exe
c:\windows\system32\59d5szeal1599.exe
c:\windows\system32\59d5zteal9595.ocx
c:\windows\system32\5a0as59az42.exe
c:\windows\system32\5a9caddwzre759.ocx
c:\windows\system32\5b45spzr9e1069.exe
c:\windows\system32\5bc5down9zader2995.exe
c:\windows\system32\5c5z9ow5loader1402.dll
c:\windows\system32\5cba5zr99.ocx
c:\windows\system32\5dbzback5o9r1036.dll
c:\windows\system32\5f98zhief500.ocx
c:\windows\system32\5z57spy579.dll
c:\windows\system32\5z94stea91237.cpl
c:\windows\system32\5zff9hreat1392.dll
c:\windows\system32\608zv5rus329.exe
c:\windows\system32\6294t5iez2526.cpl
c:\windows\system32\6429t95j3zb.cpl
c:\windows\system32\646zth5ef9302.ocx
c:\windows\system32\647a9teaz2365.bin
c:\windows\system32\6539addzare78.ocx
c:\windows\system32\6590zpyware21895.bin
c:\windows\system32\6599downloa9ez771.dll
c:\windows\system32\65c5thief14z29.cpl
c:\windows\system32\6793ad5ware327z.exe
c:\windows\system32\6799t5reat2643z.exe
c:\windows\system32\6894hazktool1145.exe
c:\windows\system32\6933tr5j162z.ocx
c:\windows\system32\69zdthrea5198409.dll
c:\windows\system32\6a34do5nloadez970.exe
c:\windows\system32\6a92spa5sz2447.dll
c:\windows\system32\6aefb9ckdzor2533.ocx
c:\windows\system32\6b5fthreaz8409.ocx
c:\windows\system32\6c2ezt5a91883.bin
c:\windows\system32\6c9cstza52737.exe
c:\windows\system32\6dz9addwa5e2779.cpl
c:\windows\system32\6eb9bzck5oor2214.cpl
c:\windows\system32\6efdownloade91956z.bin
c:\windows\system32\6fa1s9arse850z.exe
c:\windows\system32\6z985p9658.bin
c:\windows\system32\6z99thi5f3129.dll
c:\windows\system32\70479ackd5zr2164.bin
c:\windows\system32\711dthreaz99335.ocx
c:\windows\system32\71bcspzrs95133.exe
c:\windows\system32\7209a9dwar52651z.cpl
c:\windows\system32\7278ad5ware9196z.ocx
c:\windows\system32\733895ojz19.cpl
c:\windows\system32\73e5th9ez958.dll
c:\windows\system32\745zs9y2d4.cpl
c:\windows\system32\7479wor59za.cpl
c:\windows\system32\74e5s5ez91095.exe
c:\windows\system32\75125ddw9ze3006.cpl
c:\windows\system32\751zspywar938.exe
c:\windows\system32\75fczpyw9re1139.dll
c:\windows\system32\76c8bac9dooz5682.bin
c:\windows\system32\7705wozm9c9.exe
c:\windows\system32\782adzware1945.dll
c:\windows\system32\7939addwzre509.bin
c:\windows\system32\7a27addw5rz906.exe
c:\windows\system32\7c98downloadzr5992.dll
c:\windows\system32\7d5abackdzor9059.dll
c:\windows\system32\7e2sp5zse9908.cpl
c:\windows\system32\7e62baz5do9r231.exe
c:\windows\system32\7fcs5ywa9e23z9.exe
c:\windows\system32\7z16backdoor32695.cpl
c:\windows\system32\7z69download952765.exe
c:\windows\system32\7zf9ddware3574.dll
c:\windows\system32\8225zpamb9t2b1.dll
c:\windows\system32\8355nzt-a-vi5usa9.cpl
c:\windows\system32\856spaz9e1853.ocx
c:\windows\system32\8588viru9587z.dll
c:\windows\system32\89785pyz42.exe
c:\windows\system32\8zfa95ware1932.cpl
c:\windows\system32\90070hackto5z7e7.dll
c:\windows\system32\9054thiefz151.exe
c:\windows\system32\90937wzrm4005.dll
c:\windows\system32\91054noz-a-virus51d.ocx
c:\windows\system32\91b25ir435z.dll
c:\windows\system32\9215pywarez200.bin
c:\windows\system32\92deth5ef21z.ocx
c:\windows\system32\9351zvirus2e1.cpl
c:\windows\system32\935ste9l1986z.bin
c:\windows\system32\94495ownzoader2289.dll
c:\windows\system32\9450szambot592.dll
c:\windows\system32\95417not-a-v5rzs2ae.dll
c:\windows\system32\9545trojz18.exe
c:\windows\system32\9578zpyware2085.bin
c:\windows\system32\9582notza-virus711.cpl
c:\windows\system32\9583spy10z.cpl
c:\windows\system32\959cdownlza5er1280.exe
c:\windows\system32\95d8thiez3017.bin
c:\windows\system32\9608vir5729z.exe
c:\windows\system32\9659virus5cz.dll
c:\windows\system32\9704zpa9bot502.bin
c:\windows\system32\9712dowzloader3505.cpl
c:\windows\system32\9757spa9botc1z.dll
c:\windows\system32\9858szy509.ocx
c:\windows\system32\9956v5rus5zf.cpl
c:\windows\system32\9azcs5eal2464.cpl
c:\windows\system32\9c5fbzckdoor2306.bin
c:\windows\system32\9c5steaz2064.bin
c:\windows\system32\9c5szeal9762.dll
c:\windows\system32\9d53spywarz2301.exe
c:\windows\system32\9e3aspzware2255.exe
c:\windows\system32\9f56vir18z6.cpl
c:\windows\system32\9z176troj159.exe
c:\windows\system32\b29th5ezt871.cpl
c:\windows\system32\c95backdoo5z492.ocx
c:\windows\system32\d49h5ef227z.exe
c:\windows\system32\d53th9zf1894.exe
c:\windows\system32\drivers\gxvxcserv.sys
c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\f49zhreat53151.bin
c:\windows\system32\f599hzeat13918.dll
c:\windows\system32\f59zhief21155.bin
c:\windows\system32\setup2.exe
c:\windows\system32\z0319hacktool15f.dll
c:\windows\system32\z0752viru9659.bin
c:\windows\system32\z13b9h5eat11677.cpl
c:\windows\system32\z25cvi91366.dll
c:\windows\system32\z290st59l1710.bin
c:\windows\system32\z5935py72d.exe
c:\windows\system32\z5979spambot429.cpl
c:\windows\system32\z5e5pars9726.cpl
c:\windows\system32\z5fdvir9606.exe
c:\windows\system32\z717down9oader26355.bin
c:\windows\system32\z7295ac9tool5ee.dll
c:\windows\system32\z761spy9are32475.bin
c:\windows\system32\z9079wor59d.ocx
c:\windows\system32\z929spy7a65.dll
c:\windows\system32\z9dcspy5are490.exe
c:\windows\system32\za4athreat9655.cpl
c:\windows\system32\zbb05teal998.ocx
c:\windows\system32\zc14spy9are2599.exe
c:\windows\system32\zc3aaddwa5e1590.dll
c:\windows\system32\zddathie5695.dll
c:\windows\system32\ze76threat516919.ocx
c:\windows\z0651no9-a5virus43a.cpl
c:\windows\z1293virus635.cpl
c:\windows\z2502virus958.dll
c:\windows\z2dcthi59404.bin
c:\windows\z303backd5o92601.exe
c:\windows\z357spywa9e317.dll
c:\windows\z38dbac9doo51266.ocx
c:\windows\z42steal5955.exe
c:\windows\z445downloader9912.bin
c:\windows\z4795hief53.ocx
c:\windows\z58039pyd8.bin
c:\windows\z596addware51319.ocx
c:\windows\z5dcs9arse94.bin
c:\windows\z606spyware2519.dll
c:\windows\z62da5dwar92310.exe
c:\windows\z661v9r5.exe
c:\windows\z6bdspa9se7875.ocx
c:\windows\z705downloader53789.bin
c:\windows\z712spam5ot49c.exe
c:\windows\z792spywa5e1909.ocx
c:\windows\z795st5al798.cpl
c:\windows\z8869not-a-viru563.bin
c:\windows\z9059s5y55.ocx
c:\windows\z908addw5re1497.dll
c:\windows\z914v5r5099.exe
c:\windows\zc2ba9kdoor23685.cpl
c:\windows\zef4sp9rs53079.cpl
c:\windows\zf665par9e1982.bin

devilice
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-05
OS OS : windows vista ultimate
Points Points : 27460
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Winbluesoft infected

Post by devilice on 5th June 2009, 3:50 pm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.

2009-06-05 15:34 . 2009-06-05 15:34 -------- d-----w- C:\temp
2009-06-05 15:34 . 2009-06-05 15:34 -------- d-----w- \temp
2009-06-05 15:26 . 2009-06-05 15:37 -------- d-s---w- \Combo-Fix
2009-06-05 15:21 . 2009-06-05 15:21 6736 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2009-06-05 15:21 . 2009-06-05 15:26 -------- d-----w- \Qoobox
2009-06-05 14:28 . 2009-06-05 14:28 -------- d-----w- c:\program files\Trend Micro
2009-06-05 05:21 . 2009-06-05 05:21 -------- d-----w- c:\windows\system32\N360_BACKUP
2009-06-05 05:05 . 2009-06-05 05:05 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-05 05:04 . 2009-06-05 05:04 -------- d-----w- c:\users\Johnny\AppData\Roaming\Malwarebytes
2009-06-05 05:04 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 05:04 . 2009-06-05 05:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 05:04 . 2009-06-05 05:04 -------- d-----w- c:\programdata\Malwarebytes
2009-06-05 05:04 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 05:03 . 2009-06-05 15:36 2006994944 --sha-w- \hiberfil.sys
2009-06-05 02:09 . 2009-04-15 18:16 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVENG.SYS
2009-06-05 02:09 . 2009-04-15 18:16 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVEX15.SYS
2009-06-05 02:09 . 2009-04-15 18:16 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVENG32.DLL
2009-06-05 02:09 . 2009-04-15 18:16 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVEX32A.DLL
2009-06-05 02:09 . 2009-04-15 18:16 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\ERASER.SYS
2009-06-05 02:09 . 2009-04-15 18:16 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\EECTRL.SYS
2009-06-05 02:09 . 2009-04-15 18:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\ECMSVR32.DLL
2009-06-05 02:09 . 2009-04-15 18:16 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\CCERASER.DLL
2009-06-04 16:09 . 2009-04-15 18:16 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\NAVENG.SYS
2009-06-04 16:09 . 2009-04-15 18:16 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\NAVEX15.SYS
2009-06-04 16:09 . 2009-04-15 18:16 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\EECTRL.SYS
2009-06-04 16:09 . 2009-04-15 18:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\ECMSVR32.DLL
2009-06-04 16:09 . 2009-04-15 18:16 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\CCERASER.DLL
2009-06-04 16:09 . 2009-04-15 18:16 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\NAVENG32.DLL
2009-06-04 16:09 . 2009-04-15 18:16 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\NAVEX32A.DLL
2009-06-04 16:09 . 2009-04-15 18:16 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\ERASER.SYS
2009-06-04 00:35 . 2009-06-04 00:35 -------- d-----w- c:\programdata\Electronic Arts
2009-06-03 21:40 . 2009-06-03 21:40 10134 ----a-r- c:\users\Johnny\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-03 21:40 . 2009-06-03 21:40 -------- d-----w- c:\program files\Microsoft WSE
2009-06-03 21:23 . 2009-06-03 21:41 -------- d-----w- c:\program files\Electronic Arts
2009-06-03 21:16 . 2009-06-03 21:16 680 ----a-w- c:\users\Johnny\AppData\Local\d3d9caps.dat
2009-06-01 06:43 . 2009-06-01 06:43 -------- d-----w- c:\program files\DVDFab 5
2009-05-31 21:24 . 2009-05-31 21:24 -------- d-----w- c:\users\Johnny\AppData\Roaming\VistaCodecs
2009-05-31 21:24 . 2009-05-31 21:24 -------- d-----w- c:\program files\VistaCodecPack
2009-05-31 21:22 . 2009-05-31 21:24 -------- d-----w- c:\programdata\VistaCodecs
2009-05-29 21:52 . 2009-05-29 21:52 204800 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:47 . 2009-05-29 21:47 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-29 18:42 . 2009-04-28 04:14 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSxpx86.dll
2009-05-29 18:42 . 2009-04-28 04:14 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\Scxpx86.dll
2009-05-29 18:42 . 2009-04-28 04:14 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSviA64.sys
2009-05-29 18:42 . 2009-04-28 04:14 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSvix86.sys
2009-05-29 18:42 . 2009-04-28 04:14 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSco.sys
2009-05-29 18:42 . 2009-04-28 04:14 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSI.dll
2009-05-29 18:42 . 2009-04-28 04:14 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDS9xx86.dll
2009-05-29 10:11 . 2009-05-29 10:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-25 17:34 . 2009-05-25 17:34 -------- d-----w- c:\users\Johnny\AppData\Local\Real
2009-05-25 17:29 . 2009-05-25 17:29 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-25 17:29 . 2009-05-25 17:29 -------- d-----w- c:\program files\Real
2009-05-25 17:29 . 2009-05-25 17:29 -------- d-----w- c:\program files\Common Files\Real
2009-05-20 22:47 . 2009-04-28 04:14 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSxpx86.dll
2009-05-20 22:47 . 2009-04-28 04:14 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\Scxpx86.dll
2009-05-20 22:47 . 2009-04-28 04:14 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSviA64.sys
2009-05-20 22:47 . 2009-04-28 04:14 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSvix86.sys
2009-05-20 22:47 . 2009-04-28 04:14 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\SymIDSco.sys
2009-05-20 22:47 . 2009-04-28 04:14 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\SymIDSI.dll
2009-05-20 22:47 . 2009-04-28 04:14 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDS9xx86.dll
2009-05-17 19:36 . 2009-05-17 19:36 -------- d-----w- c:\programdata\SpinTop Games
2009-05-17 19:27 . 2009-05-17 19:27 -------- d-----w- c:\programdata\HipSoft
2009-05-16 23:26 . 2009-05-16 23:26 -------- d-----w- c:\program files\Apollo DivX to DVD Creator
2009-05-11 17:40 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-10 04:17 . 2009-05-11 01:44 -------- d-----w- c:\users\Johnny\AppData\Roaming\Digidesign
2009-05-10 04:17 . 2009-05-10 04:17 -------- d-----w- C:\Digidesign Databases
2009-05-10 04:17 . 2009-05-10 04:17 -------- d-----w- \Digidesign Databases
2009-05-10 03:15 . 2007-10-31 05:34 196608 ----a-w- c:\windows\system32\Digi32.dll
2009-05-10 03:03 . 2009-03-03 04:46 3547632 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-05-10 03:02 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-05-10 03:02 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-05-10 03:02 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-05-10 03:00 . 2008-12-05 04:32 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-05-10 03:00 . 2008-12-05 04:32 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-05-10 02:59 . 2009-04-15 18:16 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX15.SYS
2009-05-10 02:59 . 2009-04-15 18:16 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG32.DLL
2009-05-10 02:59 . 2009-04-15 18:16 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX32A.DLL
2009-05-10 02:59 . 2009-04-15 18:16 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG.SYS
2009-05-10 02:59 . 2009-04-15 18:16 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\EECTRL.SYS
2009-05-10 02:59 . 2009-04-15 18:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ECMSVR32.DLL
2009-05-10 02:59 . 2009-04-15 18:16 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\CCERASER.DLL
2009-05-10 02:59 . 2009-04-15 18:16 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.SYS
2009-05-10 02:59 . 2008-11-01 03:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-05-10 02:59 . 2008-11-01 01:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-10 02:59 . 2008-03-08 04:21 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-05-10 02:58 . 2008-04-26 08:08 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-05-10 02:58 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2009-05-10 02:58 . 2008-06-23 01:59 2868736 ----a-w- c:\windows\system32\mf.dll
2009-05-10 02:58 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-05-10 02:58 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2009-05-10 02:58 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-05-10 02:58 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-05-10 02:58 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-05-10 02:58 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-05-10 02:50 . 2008-09-10 03:40 1334272 ----a-w- c:\windows\system32\msxml6.dll
2009-05-10 02:44 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-10 02:44 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-10 02:44 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-05-10 02:44 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-10 02:43 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-10 02:43 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-10 02:43 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-05-10 02:42 . 2008-10-16 19:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-05-10 02:42 . 2008-10-16 18:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-05-10 02:42 . 2009-05-10 02:42 -------- d-----w- c:\users\Johnny\AppData\Local\Symantec
2009-05-10 02:42 . 2009-05-14 02:18 -------- d-----w- c:\users\Johnny\AppData\Roaming\DivX
2009-05-10 02:17 . 2009-05-10 02:17 -------- d-----w- c:\users\Johnny\AppData\Roaming\PACE Anti-Piracy
2009-05-10 02:17 . 2009-05-10 02:17 -------- d-----w- c:\programdata\PACE Anti-Piracy
2009-05-10 02:17 . 2009-05-10 02:17 -------- d-----w- c:\users\Johnny\AppData\Local\PACE Anti-Piracy
2009-05-10 01:54 . 2009-05-10 02:18 -------- d-----w- c:\users\Johnny\AppData\Roaming\Download Manager
2009-05-10 01:02 . 2009-05-09 23:45 -------- d-----w- c:\windows\Panther
2009-05-10 01:02 . 2009-05-02 18:41 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-10 01:02 . 2007-11-09 22:00 23640 ----a-w- c:\windows\system32\drivers\TVALZ_O.SYS
2009-05-10 01:02 . 2008-07-28 23:53 919552 ----a-w- c:\windows\system32\drivers\athr.sys
2009-05-10 01:02 . 2007-12-07 02:12 196400 ----a-w- c:\windows\system32\drivers\SynTP.sys
2009-05-10 01:02 . 2007-12-07 02:12 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2009-05-10 01:02 . 2007-12-07 01:20 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2009-05-10 01:02 . 2007-12-07 01:09 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2009-05-10 01:02 . 2007-12-07 01:08 163840 ----a-w- c:\windows\system32\SynCOM.dll
2009-05-10 01:02 . 2006-03-09 17:58 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2009-05-10 00:52 . 2009-05-10 00:52 -------- d--h--w- C:\$WINDOWS.~Q
2009-05-10 00:52 . 2009-05-10 00:52 -------- d--h--w- \$WINDOWS.~Q
2009-05-10 00:47 . 2009-05-10 00:47 -------- d--h--w- C:\$INPLACE.~TR
2009-05-10 00:47 . 2009-05-10 00:47 -------- d--h--w- \$INPLACE.~TR
2009-05-10 00:31 . 2009-05-10 00:31 -------- d-----w- c:\program files\InterLok

devilice
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-05
OS OS : windows vista ultimate
Points Points : 27460
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Winbluesoft infected

Post by devilice on 5th June 2009, 3:51 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 15:38 . 2009-05-02 03:03 -------- d-----w- c:\users\Johnny\AppData\Roaming\Skype
2009-06-05 15:38 . 2009-05-02 03:06 -------- d-----w- c:\users\Johnny\AppData\Roaming\skypePM
2009-06-05 15:36 . 2009-06-05 05:03 2006994944 --sha-w- \hiberfil.sys
2009-06-05 15:36 . 2009-03-06 14:36 2322862080 --sha-w- \pagefile.sys
2009-06-05 00:06 . 2009-05-02 16:21 -------- d-----w- c:\users\Johnny\AppData\Roaming\uTorrent
2009-06-04 21:46 . 2009-05-02 18:41 -------- d-----w- c:\users\Johnny\AppData\Roaming\Vso
2009-06-03 21:23 . 2008-09-30 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-01 06:43 . 2009-05-02 18:41 47360 ----a-w- c:\users\Johnny\AppData\Roaming\pcouffin.sys
2009-06-01 06:43 . 2009-05-02 18:41 47360 ----a-w- c:\users\Johnny\AppData\Roaming\pcouffin.sys
2009-05-26 15:18 . 2009-05-02 23:32 -------- d-----w- c:\users\Johnny\AppData\Roaming\TOSHIBA
2009-05-26 03:58 . 2008-09-30 19:09 -------- d-----w- c:\programdata\WildTangent
2009-05-26 03:55 . 2009-05-04 20:41 1608016 ----a-w- c:\programdata\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2009-05-26 03:55 . 2008-09-30 19:09 -------- d-----w- c:\program files\TOSHIBA Games
2009-05-25 17:28 . 2008-09-30 19:33 -------- d-----w- c:\program files\Google
2009-05-15 15:18 . 2009-05-03 19:01 -------- d-----w- c:\users\Johnny\AppData\Roaming\Ahead
2009-05-14 08:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-11 22:29 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-09 23:33 . 2009-05-03 22:29 -------- d-----w- c:\users\Johnny\AppData\Roaming\WildTangent
2009-05-09 23:33 . 2009-05-02 03:51 -------- d-----w- c:\users\Johnny\AppData\Roaming\Symantec
2009-05-09 23:24 . 2008-09-30 19:20 -------- d-----w- c:\programdata\Ulead Systems
2009-05-09 23:24 . 2008-09-30 19:43 -------- d-----w- c:\programdata\Symantec
2009-05-09 23:24 . 2008-09-30 19:03 -------- d-----w- c:\programdata\Toshiba
2009-05-09 23:24 . 2009-05-02 03:02 -------- d-----w- c:\programdata\Skype
2009-05-09 23:24 . 2009-05-03 19:20 -------- d-----w- c:\programdata\Nero
2009-05-09 23:24 . 2009-03-06 14:47 -------- d-----w- c:\programdata\Microsoft Help
2009-05-09 23:24 . 2009-05-03 19:23 -------- d-----w- c:\programdata\Ahead
2009-05-09 23:24 . 2009-03-06 15:10 -------- d-----w- c:\programdata\Atheros
2009-05-09 23:23 . 2009-05-02 16:43 -------- d-----w- c:\program files\VstPlugins
2009-05-09 23:23 . 2008-09-30 19:24 -------- d-----w- c:\program files\Windows Media Components
2009-05-09 23:23 . 2009-05-02 16:22 -------- d-----w- c:\program files\uTorrent
2009-05-09 23:23 . 2008-09-30 19:20 -------- d-----w- c:\program files\Ulead Systems
2009-05-09 23:23 . 2008-09-30 19:15 -------- d-----w- c:\program files\Toshiba Registration
2009-05-09 23:18 . 2008-09-30 17:56 -------- d-----w- c:\program files\Toshiba
2009-05-09 23:17 . 2008-09-30 19:44 -------- d-----w- c:\program files\Symantec
2009-05-09 23:17 . 2009-05-02 03:47 -------- d-----w- c:\program files\Sony
2009-05-09 23:16 . 2009-05-02 03:03 -------- d-----r- c:\program files\Skype
2009-05-09 23:16 . 2008-09-30 18:58 -------- d-----w- c:\program files\Realtek
2009-05-09 23:16 . 2008-09-30 19:34 -------- d-----w- c:\program files\Picasa2
2009-05-09 23:16 . 2009-05-02 16:42 -------- d-----w- c:\program files\Outsim
2009-05-09 23:16 . 2008-09-30 19:46 -------- d-----w- c:\program files\Norton 360
2009-05-09 23:16 . 2009-05-03 19:20 -------- d-----w- c:\program files\Nero
2009-05-09 23:16 . 2009-03-06 14:50 -------- d-----w- c:\program files\Microsoft Works
2009-05-09 23:16 . 2009-03-06 14:49 -------- d-----w- c:\program files\Microsoft.NET
2009-05-09 23:16 . 2009-03-06 14:54 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant
2009-05-09 23:15 . 2009-03-06 15:12 -------- d-----w- c:\program files\Jumpstart
2009-05-09 23:15 . 2009-03-06 15:03 -------- d-----w- c:\program files\ltmoh
2009-05-09 23:15 . 2008-09-30 19:28 -------- d-----w- c:\program files\Java
2009-05-09 23:15 . 2008-09-30 19:27 -------- d-----w- c:\program files\Intuit
2009-05-09 23:15 . 2008-09-30 19:25 -------- d-----w- c:\program files\InterVideo
2009-05-09 23:15 . 2008-09-30 18:56 -------- d-----w- c:\program files\Intel
2009-05-09 23:15 . 2009-05-02 16:41 -------- d-----w- c:\program files\Image-Line
2009-05-09 23:11 . 2009-05-03 18:57 -------- d-----w- c:\program files\Ahead
2009-05-09 23:11 . 2009-05-02 16:43 -------- d-----w- c:\program files\ASIO4ALL v2
2009-05-09 23:11 . 2009-03-06 15:10 -------- d-----w- c:\program files\Atheros
2009-05-02 03:51 . 2009-05-02 03:51 13 --sha-r- c:\windows\system32\drivers\fbd.sys
2009-05-02 03:51 . 2009-05-02 03:51 4 --sha-r- c:\windows\system32\drivers\taishop.sys
2009-05-02 03:12 . 2008-09-30 19:44 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-02 03:12 . 2008-09-30 19:44 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-02 03:12 . 2008-09-30 19:44 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 04:14 . 2009-05-02 03:13 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDS9xx86.dll
2009-04-28 04:14 . 2008-09-30 19:48 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\idsxpx86.dll
2009-04-28 04:14 . 2008-09-30 19:48 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\scxpx86.dll
2009-04-28 04:14 . 2008-09-30 19:48 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvia64.sys
2009-04-28 04:14 . 2008-09-30 19:48 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvix86.sys
2009-04-28 04:14 . 2008-09-30 19:48 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\symidsco.sys
2009-04-28 04:14 . 2008-09-30 19:48 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\SymIDSI.dll
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-01 04:46 . 2008-02-23 19:07 9584 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-03-30 06:57 . 2009-03-30 06:57 62149 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-03-17 03:38 . 2009-05-10 02:57 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-05-10 02:57 24064 ----a-w- c:\windows\system32\amxread.dll

devilice
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-05
OS OS : windows vista ultimate
Points Points : 27460
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Winbluesoft infected

Post by devilice on 5th June 2009, 3:52 pm

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-30 29744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=Digi32.dll
"midi1"=mbx2midu.dll
"MIDI2"=diomidi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{251D7A40-9C29-4489-8DCF-9BF36553A7F3}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{9F0A77B6-F95B-426D-B1A7-7B544D56FAE1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{935C58F4-343A-4BC5-8743-415371261A3F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E1FD762A-DD31-4944-9697-1A4E98144639}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0C1DE576-0D18-4D2C-90E1-553038F0A2E9}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090528.001\IDSvix86.sys [5/29/2009 1:42 PM 272432]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [4/17/2008 2:19 AM 40960]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\System32\drivers\diginet.sys [5/9/2009 10:14 PM 16400]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 7:37 AM 149352]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [9/30/2008 2:16 PM 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 8:03 PM 126976]
R3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [1/12/2008 2:32 PM 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/1/2009 10:13 PM 101936]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [5/9/2009 8:01 PM 7168]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 2:31 PM 41008]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [3/6/2009 10:12 AM 20384]
S2 gupdate1c9dd5e2e428ee0;Google Update Service (gupdate1c9dd5e2e428ee0);c:\program files\Google\Update\GoogleUpdate.exe [5/25/2009 12:28 PM 133104]
S3 dalwdmservice;dal service;c:\windows\System32\drivers\Dalwdm.sys [5/9/2009 10:14 PM 97808]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/30/2008 2:33 PM 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [3/6/2009 10:12 AM 954368]
S3 MBX2DFU;MBX2DFU;c:\windows\System32\drivers\mbx2dfu.sys [5/9/2009 10:14 PM 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\System32\drivers\mbx2midk.sys [5/9/2009 10:14 PM 21904]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [9/30/2008 4:00 PM 9216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-06-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 17:27]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TkBellExe - c:\program files\VistaCodecPack\rm\Update_OB\realsched.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-05 10:37
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Common Client\ccService\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_ccAppPlgMgr_3772"="{052156DA-638A-4F5D-94F8-7D647ED62C2F}"
"ccSvcHst_Seshlp_3772"="{052156DA-638A-4F5D-94F8-7D647ED62C2F}"
"ccSvcHst_ccAppPlgMgr_3784"="{B44A6F49-0472-4D87-9AE1-BAE72AC9039F}"
"ccSvcHst_ccAppPlgMgr_3640"="{B5D3E9DC-8F8A-4610-9846-46915B8F6C9E}"
"ccSvcHst_ccAppPlgMgr_3688"="{D157E57F-74AA-4479-B8B3-3298383063C9}"
"ccSvcHst_Seshlp_3688"="{D157E57F-74AA-4479-B8B3-3298383063C9}"
"ccSvcHst_ccAppPlgMgr_3532"="{BDDEDE90-FAC6-4967-A871-332AB4350187}"
"ccSvcHst_Seshlp_3532"="{BDDEDE90-FAC6-4967-A871-332AB4350187}"
"ccSvcHst_ccAppPlgMgr_3868"="{16D0B98E-B377-4810-9416-C09F8FF99655}"
"ccSvcHst_Seshlp_3868"="{16D0B98E-B377-4810-9416-C09F8FF99655}"
"ccSvcHst_ccAppPlgMgr_3768"="{EA7190B8-3360-46F7-ABC6-DD818BB574D5}"
"ccSvcHst_Seshlp_3768"="{EA7190B8-3360-46F7-ABC6-DD818BB574D5}"
"ccSvcHst_ccSetMgr"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"ccSvcHst_CLTNetCnService"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"cltIPCServer_Channel"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"ccSettingsService"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineCallbackIPC"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"SNDServiceRequestChannel"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"SNDLocationChannel"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"ccSvcHst_LiveUpdate Notice"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"ccSvcHst_ccEvtMgr"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"ccEvtCli"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"NortonNetServiceIPC"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"NetMapServiceIPC"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"_tpDataSvcComm_"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"ShieldDataServiceChannel"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"IPS_COMMAND_CHANNEL"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"ccSvcHst_Seshlp_3876"="{5D150339-C87D-4D9E-9E85-D481A6D83AE6}"
"ccSvcHst_ccAppPlgMgr_3876"="{5D150339-C87D-4D9E-9E85-D481A6D83AE6}"
"ToasterNotify\\SessionID_1"="{2E332008-B37E-4408-B3A7-B036E9A3F74B}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{2E332008-B37E-4408-B3A7-B036E9A3F74B}"
"ccSvcHst_Seshlp_2944"="{2E332008-B37E-4408-B3A7-B036E9A3F74B}"
"ccSvcHst_ccAppPlgMgr_2944"="{2E332008-B37E-4408-B3A7-B036E9A3F74B}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\igfxext.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-06-05 10:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-05 15:41

Pre-Run: 108,975,357,952 bytes free
Post-Run: 108,598,382,592 bytes free

1123 --- E O F --- 2009-05-14 08:01

devilice
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-06-05
OS OS : windows vista ultimate
Points Points : 27460
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Winbluesoft infected

Post by Belahzur on 5th June 2009, 6:23 pm

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Folder::
c:\program files\uTorrent

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{251D7A40-9C29-4489-8DCF-9BF36553A7F3}"=-
"{9F0A77B6-F95B-426D-B1A7-7B544D56FAE1}"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum