WIN BLUE SOFT VICTIM

View previous topic View next topic Go down

WIN BLUE SOFT VICTIM

Post by xxzozo on 6th June 2009, 5:22 am

Im running XP The only thing I can do on my PC is open up firefox. Ive downloaded Hijackthis Malware Bytes Combofix Iexplore and everything else Ive read on the different posts. Nothing runs or opens up. I download them and they just sit there.Tried to run in safe mode nothing happens. Ive read all the other post and it seems Im the only one that cant even get a Hijackthis scan !! I await Some ones instructions..

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Origin on 6th June 2009, 5:40 am

Find and delete this file C:\windows\system32\blocker.dll

Now see if you can run HijackThis.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Jumpsteady on 7th June 2009, 6:59 am

I did that and still can't run anything

Jumpsteady
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-06-07
OS OS : XP
Points Points : 27431
# Likes # Likes : 0

View user profile

Back to top Go down

Found the file and am not able to delete it

Post by xxzozo on 7th June 2009, 4:36 pm

Found the file and am not able to delete it

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on 7th June 2009, 6:49 pm

Please try running MGTools from here:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

I downloaded it. Didnt work

Post by xxzozo on 7th June 2009, 7:16 pm

When I tried to run the program a little box popped open and shut real quick. I must really have this disease BAD huh ??

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on 7th June 2009, 8:02 pm

Hello.

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

See if you can run Hijack This from safe mode.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by xxzozo on 7th June 2009, 10:19 pm

I went to Safe Mode and still it did not allow me to run the program, or any program for that matter.

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on 9th June 2009, 4:53 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by xxzozo on 9th June 2009, 9:05 pm

It feels like its time for the hammer !! I downloaded the first and tried to run it and it did nothing. Then I Dloaded the second .. I even tried them in "safe mode" Nothing. I aoppreciate your patience..

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on 10th June 2009, 12:50 am

Hello.

Lets try the Killbox.

Please download the Pocket Killbox from [You must be registered and logged in to see this link.]

1. Open the Killbox.
2. Under "Full path of file to delete", copy and paste in the following:

C:\windows\system32\blocker.dll

3. Press the Red X to delete the file.
4. It will ask if you want to make a backup of the file we deleted, select Yes to the prompt.
5. It will now delete the file, and popup with another prompt saying so, press Ok.
6. Close the Killbox.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Kill Box

Post by xxzozo on 10th June 2009, 8:02 pm

I downloaded the program Once again it would not open.. I got an error message saying "Component 'MSCOMCTL.OCX' or one of its dependencies not correctly registered ;a file is missing or invalid " I tried it 2 times same reSponse both times..

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on 10th June 2009, 9:50 pm

Hello.

Please download this file:
[You must be registered and logged in to see this link.]

Save it to your Desktop.
Now open "My Computer" and navigate to the following folder: C:\Windows\system32

Now go back to your Desktop for a second, right click the downloaded ocx file > Cut it, and paste it in the system32 folder.

Next, we need to register the file. Go to Start > Run. In the run box, copy and paste in the following:

regsvr32 MSCOMCTL.OCX

Hit enter.

Now try running the Killbox.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Another NO GO

Post by xxzozo on 11th June 2009, 8:55 pm

I went to that page numerous times and it failed to initiate the page looked like Binary Codes or something like that all symbols numbers and letters..

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on 11th June 2009, 9:10 pm

Sorry, my bad.
Right click the link > "Save link as..."


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

I think I see daylight

Post by xxzozo on 12th June 2009, 10:37 pm

OK So I got the KILLBOX to work Pop up said "This file could not be deleted" @ least the killbox opened up

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on 12th June 2009, 10:38 pm

Okay, re-open the Killbox again, select the same blocker.dll file again.
This time though, switch the option from "Standard File Kill" to "Delete on reboot" and press the red X.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

I think I can run programs now!!

Post by xxzozo on 12th June 2009, 10:52 pm

It rebooted the stupid DANGER screen saver is still there but I can run programs what to do next ??

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on 12th June 2009, 11:03 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by xxzozo on 12th June 2009, 11:18 pm

I did everything Hit install and nothing happened ..

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on 12th June 2009, 11:25 pm

Can you try running DDS now blocker.dll is gone?

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

soorry I dont know how to ZIP

Post by xxzozo on 13th June 2009, 1:16 am

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/6/2009 4:25:16 PM
System Uptime: 6/12/2009 7:13:45 PM (0 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VL
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 234.108 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&35F762C4&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&35F762C4&0
Service: i8042prt

==== System Restore Points ===================

RP109: 3/2/2009 10:07:38 AM - System Checkpoint
RP110: 3/3/2009 10:55:40 AM - System Checkpoint
RP111: 3/4/2009 11:55:40 AM - System Checkpoint
RP112: 3/5/2009 1:45:46 PM - System Checkpoint
RP113: 3/6/2009 1:55:40 PM - System Checkpoint
RP114: 3/7/2009 2:56:50 PM - System Checkpoint
RP115: 3/8/2009 3:55:40 PM - System Checkpoint
RP116: 3/9/2009 3:59:21 PM - System Checkpoint
RP117: 3/10/2009 4:07:48 PM - System Checkpoint
RP118: 3/11/2009 2:00:22 AM - Software Distribution Service 3.0
RP119: 3/12/2009 2:11:34 AM - System Checkpoint
RP120: 3/13/2009 3:11:34 AM - System Checkpoint
RP121: 3/14/2009 3:41:31 AM - System Checkpoint
RP122: 3/15/2009 5:41:24 AM - System Checkpoint
RP123: 3/16/2009 6:06:13 AM - System Checkpoint
RP124: 3/17/2009 6:42:09 AM - System Checkpoint
RP125: 3/18/2009 7:42:08 AM - System Checkpoint
RP126: 3/19/2009 6:34:57 PM - System Checkpoint
RP127: 3/20/2009 6:42:09 PM - System Checkpoint
RP128: 3/21/2009 3:00:20 AM - Software Distribution Service 3.0
RP129: 3/22/2009 3:57:33 AM - System Checkpoint
RP130: 3/23/2009 5:14:42 AM - System Checkpoint
RP131: 3/24/2009 5:57:30 AM - System Checkpoint
RP132: 3/25/2009 6:57:35 AM - System Checkpoint
RP133: 3/26/2009 7:26:40 AM - System Checkpoint
RP134: 3/27/2009 8:26:39 AM - System Checkpoint
RP135: 3/28/2009 8:59:37 AM - System Checkpoint
RP136: 3/29/2009 9:42:07 AM - System Checkpoint
RP137: 3/30/2009 10:42:08 AM - System Checkpoint
RP138: 3/30/2009 4:37:55 PM - Installed Windows Media Player 11
RP139: 3/30/2009 4:38:25 PM - Software Distribution Service 3.0
RP140: 3/31/2009 3:00:28 AM - Software Distribution Service 3.0
RP141: 4/1/2009 3:00:19 AM - Software Distribution Service 3.0
RP142: 4/1/2009 4:45:36 AM - Software Distribution Service 3.0
RP143: 4/2/2009 5:11:59 PM - Software Distribution Service 3.0
RP144: 4/2/2009 5:13:25 PM - Installed Windows XP WgaNotify.
RP145: 4/2/2009 5:26:26 PM - Software Distribution Service 3.0
RP146: 4/3/2009 3:00:24 AM - Software Distribution Service 3.0
RP147: 4/4/2009 7:17:28 AM - System Checkpoint
RP148: 4/5/2009 8:51:47 AM - System Checkpoint
RP149: 4/5/2009 6:21:27 PM - Installed Adobe Reader 9.1.
RP150: 4/6/2009 6:46:06 PM - System Checkpoint
RP151: 4/7/2009 7:46:00 PM - System Checkpoint
RP152: 4/8/2009 8:46:00 PM - System Checkpoint
RP153: 4/10/2009 9:13:00 AM - System Checkpoint
RP154: 4/10/2009 5:50:37 PM - Installed Microsoft .NET Framework 1.1
RP155: 4/13/2009 9:39:06 PM - System Checkpoint
RP156: 4/14/2009 3:00:30 AM - Software Distribution Service 3.0
RP157: 4/15/2009 3:00:31 AM - Software Distribution Service 3.0
RP158: 4/16/2009 3:19:13 AM - System Checkpoint
RP159: 4/17/2009 4:19:12 AM - System Checkpoint
RP160: 4/18/2009 4:22:30 AM - System Checkpoint
RP161: 4/19/2009 6:25:38 AM - System Checkpoint
RP162: 4/20/2009 7:22:27 AM - System Checkpoint
RP163: 4/21/2009 8:22:29 AM - System Checkpoint
RP164: 4/22/2009 9:22:30 AM - System Checkpoint
RP165: 4/23/2009 10:01:27 AM - System Checkpoint
RP166: 4/24/2009 11:01:25 AM - System Checkpoint
RP167: 4/25/2009 11:29:27 AM - System Checkpoint
RP168: 4/26/2009 12:02:30 PM - System Checkpoint
RP169: 4/27/2009 1:01:24 PM - System Checkpoint
RP170: 4/28/2009 2:01:22 PM - System Checkpoint
RP171: 4/29/2009 3:01:23 PM - System Checkpoint
RP172: 4/30/2009 4:01:22 PM - System Checkpoint
RP173: 5/1/2009 5:02:27 PM - System Checkpoint
RP174: 5/2/2009 12:18:05 AM - Restore Operation
RP175: 5/3/2009 12:23:53 AM - System Checkpoint
RP176: 5/4/2009 2:47:58 AM - System Checkpoint
RP177: 5/5/2009 5:28:13 PM - System Checkpoint
RP178: 5/6/2009 5:45:52 PM - System Checkpoint
RP179: 5/8/2009 4:02:46 PM - System Checkpoint
RP180: 5/9/2009 4:44:56 PM - System Checkpoint
RP181: 5/10/2009 5:44:56 PM - System Checkpoint
RP182: 5/11/2009 6:45:16 PM - System Checkpoint
RP183: 5/12/2009 7:44:57 PM - System Checkpoint
RP184: 5/13/2009 3:00:16 AM - Software Distribution Service 3.0
RP185: 5/14/2009 3:44:55 AM - System Checkpoint
RP186: 5/17/2009 12:55:58 PM - System Checkpoint
RP187: 5/18/2009 1:04:29 PM - System Checkpoint
RP188: 5/19/2009 2:28:35 PM - System Checkpoint
RP189: 5/20/2009 4:27:00 PM - System Checkpoint
RP190: 5/21/2009 4:43:20 PM - System Checkpoint
RP191: 5/22/2009 4:44:05 PM - Software Distribution Service 3.0
RP192: 5/23/2009 6:00:53 PM - System Checkpoint
RP193: 5/24/2009 6:51:14 PM - System Checkpoint
RP194: 5/25/2009 6:52:43 PM - System Checkpoint
RP195: 5/26/2009 7:19:48 PM - System Checkpoint
RP196: 5/27/2009 7:51:10 PM - System Checkpoint
RP197: 5/28/2009 8:51:13 PM - System Checkpoint
RP198: 5/29/2009 9:48:18 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AiO_Scan
ATI Display Driver (Omega 3.8.442)
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Personal Firewall
Combined Community Codec Pack 2008-09-21 16:18
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DVD Shrink 3.2
Free Download Manager 3.0
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
Intel(R) PRO Network Adapters and Drivers
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB954430)
MultiRes (remove only)
Nero 7 Ultra Edition
Nero Mega Plugin Pack
PartyPoker
PluginVideo
QFolder
Radeon Omega Drivers v4.8.442 Setup Files and Tools
RegCure 1.6.0.0
Scan
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sims2Pack Clean Installer
Spyware Terminator
SUPERAntiSpyware Free Edition
The Sims 2
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.2.1 final uninstall

==== Event Viewer Messages From Past Week ========

6/5/2009 9:38:22 PM, error: ati2mtag [45062] - CRT invalid display type
6/5/2009 11:47:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD atitray Fips i8042prt intelppm IPSec KmxAgent KmxFile KmxFw KmxStart MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip VET-FILT VET-REC VETEFILE VETMONNT
6/5/2009 11:47:42 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2009 11:47:42 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2009 11:47:42 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2009 11:47:42 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2009 11:46:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/5/2009 11:46:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/5/2009 11:46:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
6/12/2009 7:12:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

==== End Of File ===========================

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on 13th June 2009, 1:12 pm

Wrong log, that's attach.txt, I need to see DDS.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

DDS.Txt

Post by xxzozo on 13th June 2009, 1:51 pm

DDS (Ver_09-05-14.01) - NTFSx86
Run by Big Bad Jean at 9:47:47.68 on Sat 06/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.53 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Big Bad Jean\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [AtiPTA] atiptaxx.exe
dRun: [tempo-setup2.exe] c:\windows\system32\tempo-setup2.exe
uPolicies-system: NoDispBackgroundPage = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: NoDispBackgroundPage = 1 (0x1)
IE: Download all with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - [You must be registered and logged in to see this link.] files\free download manager\dllink.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\VetRedir.dll
TCP: NameServer = 85.255.112.101,85.255.112.113
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bigbad~1\applic~1\mozilla\firefox\profiles\u5oyro29.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 atitray;atitray;c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [2009-1-19 17952]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-2-18 26376]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-2-18 21128]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-2-18 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-2-18 21512]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-2-18 32264]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-2-18 144960]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-2-18 242952]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-2-18 108368]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]

=============== Created Last 30 ================

2009-06-12 21:20 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-12 21:20 --d----- c:\docume~1\bigbad~1\applic~1\Spyware Terminator
2009-06-12 19:11 161,792 a------- c:\windows\SWREG.exe
2009-06-12 19:11 154,624 a------- c:\windows\PEV.exe
2009-06-12 19:11 98,816 a------- c:\windows\sed.exe
2009-06-12 19:11 --ds---- C:\Combo-Fix
2009-06-12 19:11 389,120 a------- c:\windows\system32\CF13664.exe
2009-06-12 19:06 116,623 a------- C:\MGlogs.zip
2009-06-12 18:30 --d----- C:\!KillBox
2009-06-12 18:27 1,066,176 a------- c:\windows\system32\MSCOMCTL.OCX
2009-06-12 16:40 6,315 a------- c:\windows\28534hacktooz1a29.cpl
2009-06-11 17:48 3,388 a------- c:\windows\4570spamb9t23z.cpl
2009-06-11 16:58 --d----- c:\docume~1\alluse~1\applic~1\RegCure
2009-06-11 12:23 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 12:23 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-11 12:23 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-11 12:23 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-11 12:14 6,512 a------- c:\windows\1686back5oor79z.exe
2009-06-10 22:44 4,214 a------- c:\windows\system32\5a129hzeat20081.dll
2009-06-09 16:50 --d----- c:\windows\pss
2009-06-07 18:46 6,339 a------- c:\windows\system32\3952not-a-viru5z46.exe
2009-06-07 15:10 --d----- C:\MGtools
2009-06-07 15:10 1,342,151 a------- C:\MGtools.exe
2009-06-07 12:59 451,655 a------- c:\temp\RootRepeal.zip
2009-06-07 09:18 --d-h--- c:\windows\system32\GroupPolicy
2009-06-07 08:55 --d----- c:\program files\Spyware Terminator
2009-06-07 08:55 --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-06-07 02:16 14,105 a------- c:\windows\29851hackt9ol6f3z.bin
2009-06-06 00:08 --d----- c:\program files\Trend Micro
2009-06-05 23:36 --d----- C:\_OTM
2009-06-05 22:37 10,614 a------- c:\windows\649atzrea525717.cpl
2009-06-04 17:57 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 17:57 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-04 17:57 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-04 17:57 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 00:51 8,658 a------- c:\windows\z6175sp9mbot5f7.ocx
2009-06-01 08:25 7,766 a------- c:\windows\system32\459zth9ef2036.cpl
2009-05-30 09:58 --d----- c:\program files\PluginVideo
2009-05-27 15:19 18,083 a------- c:\windows\system32\209789zrus5d1.cpl
2009-05-26 18:41 --dsh--- c:\documents and settings\big bad jean\PrivacIE
2009-05-26 16:32 4,870 a------- c:\windows\28beb9ck5oorz04.dll
2009-05-25 09:10 --dsh--- c:\documents and settings\big bad jean\IECompatCache
2009-05-25 06:03 3,183 a------- c:\windows\system32\18zfs9eal2553.cpl
2009-05-22 23:51 4,403 a------- c:\windows\39f4t5ief14z9.exe
2009-05-22 17:36 --dsh--- c:\documents and settings\big bad jean\IETldCache
2009-05-22 17:00 --d----- c:\windows\ie8updates
2009-05-22 17:00 102,400 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-22 16:58 -cd-h--- c:\windows\ie8
2009-05-20 15:11 10,999 a------- c:\windows\49435ownloader1199z.bin
2009-05-20 10:23 14,591 a------- c:\windows\b7dtzi952572.dll
2009-05-20 06:30 8,851 a------- c:\windows\system32\c2359arsz2453.cpl
2009-05-18 10:16 2,744 a------- c:\windows\21968not-a5viru97dz.cpl
2009-05-17 00:50 8,696 a------- c:\windows\system32\9d7db5ckdozr1815.dll

==================== Find3M ====================

2009-06-12 23:26 90,586 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-06-12 23:26 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-06-12 23:26 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-06-12 23:26 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-06-12 23:26 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-06-12 23:26 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-06-12 23:26 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-06-12 23:26 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-05-13 13:45 7,874 a------- c:\windows\system32\5z19ad9ware1405.exe
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 23:11 16,440 a------- c:\windows\system32\246edoznl95der1935.exe
2009-05-12 16:59 17,083 a------- c:\windows\system32\5z688spambot19.exe
2009-05-09 09:56 6,325 a------- c:\windows\system32\14643woz955a.dll
2009-05-08 09:42 10,026 a------- c:\windows\system32\68dcsp5zs92170.bin
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-05 21:34 8,937 a------- c:\windows\5e299oznloader2550.bin
2009-05-02 03:03 10,004 a------- c:\windows\system32\9598not-a-virus59az.bin
2009-05-01 09:16 3,380 a------- c:\windows\system32\z5235pambot690.bin
2009-04-27 04:12 14,585 a------- c:\windows\system32\6c875ownloa9er2163z.bin
2009-04-26 19:29 8,689 a------- c:\windows\5z735o9m14a.bin
2009-04-25 04:21 3,185 a------- c:\windows\system32\9372hacktzol62b5.exe
2009-04-22 15:06 10,138 a------- c:\windows\9z99troj55.bin
2009-04-18 10:41 12,174 a------- c:\windows\287fspyw5r91839z.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 23:05 5,049 a------- c:\windows\26859vizu91ab.bin
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-14 03:01 13,752 a------- c:\windows\6f99zpywar95235.bin
2009-04-11 10:20 18,076 a------- c:\windows\system32\23657s5ambot3ze9.dll
2009-04-10 20:06 2,913 a------- c:\windows\system32\3a61thizf9485.exe
2009-04-09 21:53 9,646 a------- c:\windows\2b64spywzr51690.dll
2009-04-09 15:48 17,943 a------- c:\windows\4b6adownload5r17z69.bin
2009-04-08 13:41 7,433 a------- c:\windows\system32\395fa5zware1113.exe
2009-04-05 13:19 14,676 a------- c:\windows\system32\15439not-z-5irus7bb.dll
2009-04-05 10:28 68,268 a------- c:\windows\hpoins05.dat
2009-04-02 17:19 4,128 a------- c:\windows\237995orm3d7z.dll
2009-04-01 09:27 13,971 a------- c:\windows\595zir2774.dll
2009-03-26 19:33 15,409 a------- c:\windows\852spars92z85.exe
2009-03-23 19:34 11,417 a------- c:\windows\system32\190465rojzb9.exe
2009-03-22 21:02 3,042 a------- c:\windows\e1bthreat901z75.exe
2009-03-22 16:10 11,988 a------- c:\windows\system32\2b89backz5or16089.exe
2009-03-22 02:22 3,148 a------- c:\windows\system32\29954spz3dc.exe
2009-03-20 19:26 9,436 a------- c:\windows\193365zamb9t421.dll
2009-03-20 17:20 11,412 a------- c:\windows\45abz9k5oor2647.bin
2009-03-17 14:56 13,822 a------- c:\windows\system32\39f5vir500z.exe
2009-03-16 11:37 7,956 a------- c:\windows\system32\5d95addware314z.bin
2009-03-16 09:41 8,446 a------- c:\windows\56159oznloader2148.bin
2004-12-07 13:13 3,578,547 a------- c:\program files\ManagedDX.CAB
2004-12-07 13:13 1,156,363 a------- c:\program files\BDANT.cab
2004-12-07 13:13 703,080 a------- c:\program files\BDA.cab
2004-12-07 13:13 479,432 a------- c:\program files\dxsetup.exe
2004-12-07 13:13 13,265,040 a----r-- c:\program files\dxnt.cab
2004-12-07 13:13 2,249,416 a------- c:\program files\dsetup32.dll
2004-12-07 13:13 69,832 a------- c:\program files\DSETUP.dll
2004-12-07 13:13 15,493,481 a------- c:\program files\DirectX.cab
2004-12-07 13:13 976,020 a------- c:\program files\BDAXP.cab
2004-12-07 12:47 20,717 a------- c:\program files\DirectX SDK EULA.txt

============= FINISH: 9:49:02.10 ===============

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on 13th June 2009, 2:01 pm


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (CA)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

saying the message is too big

Post by xxzozo on 13th June 2009, 11:48 pm

ComboFix 09-06-12.04 - Big Bad Jean 06/13/2009 12:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.217 [GMT -4:00]
Running from: c:\documents and settings\Big Bad Jean\Desktop\Combo-Fix.exe
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10945zroj505.exe
c:\windows\11195vi9uz220.cpl
c:\windows\12042hacz5ool93.ocx
c:\windows\12523w9r539z.cpl
c:\windows\1258backzoo9124.bin
c:\windows\12937not-a-virzs4d5.dll
c:\windows\12za5ir1998.ocx
c:\windows\13195hizf1759.exe
c:\windows\141bthief1z915.cpl
c:\windows\14822n5z-a-viru922b.exe
c:\windows\1489downloade5z58.exe
c:\windows\14944zirus33b5.dll
c:\windows\149539zy6db5.dll
c:\windows\15595hac9zool328.cpl
c:\windows\15698s5amz9t5c4.dll
c:\windows\15913hackzo9l10.exe
c:\windows\15fdaddwa9ez1955.dll
c:\windows\15z67sp9454.bin
c:\windows\1624notza-virus4539.cpl
c:\windows\1673695zmbot5b2.exe
c:\windows\1686back5oor79z.exe
c:\windows\169z2hacktool695.ocx
c:\windows\17065vir9szf5.cpl
c:\windows\17501spambot569z.cpl
c:\windows\17572h9cktzolc65.exe
c:\windows\175985irus79z.bin
c:\windows\176fbac5dozr9.exe
c:\windows\17z109r5j2f3.cpl
c:\windows\1809s5arsz1067.ocx
c:\windows\18693szambo5458.cpl
c:\windows\18812h9ckt5olz22.cpl
c:\windows\18czd9wnloader65.bin
c:\windows\18e2t9ze51282.cpl
c:\windows\18z31hac9to5l41e.cpl
c:\windows\18zc95arse350.dll
c:\windows\1932addw5re31z4.bin
c:\windows\193365zamb9t421.dll
c:\windows\195zspy55a.ocx
c:\windows\19z05worma6.exe
c:\windows\1a85zparse3095.bin
c:\windows\1azdbac9door2558.exe
c:\windows\1b22b5ckz9or169.bin
c:\windows\1b35zhrea98855.ocx
c:\windows\1d80spywaze18859.bin
c:\windows\1e155hiefz99.exe
c:\windows\1z146t9oj556.exe
c:\windows\1z405virus5719.bin
c:\windows\1zbc5hreat91143.cpl
c:\windows\20084not-az95rus583.bin
c:\windows\2049spa5ze2598.cpl
c:\windows\204z5pambotde9.cpl
c:\windows\2057not-z59irus40a.cpl
c:\windows\20605trojcz9.dll
c:\windows\21317w5rm29z.ocx
c:\windows\21392sz9mbo57b9.bin
c:\windows\21569not-9-viruz5f4.bin
c:\windows\21968not-a5viru97dz.cpl
c:\windows\2259hacktz5lea.bin
c:\windows\2291z9or574b.ocx
c:\windows\22z14wo5979b.bin
c:\windows\23249ackdzor2935.ocx
c:\windows\23490spa5zotd1.exe
c:\windows\237995orm3d7z.dll
c:\windows\23z41spambot597.exe
c:\windows\245105izus98.ocx
c:\windows\24869not-a-vzru59d.ocx
c:\windows\25357hzck9ool4d4.bin
c:\windows\25592zirus165.ocx
c:\windows\25826zac9tool5e7.ocx
c:\windows\25910spy2z9.ocx
c:\windows\25922wzr97ee.exe
c:\windows\25a6sza5se13189.ocx
c:\windows\25b7za9kdoor3076.cpl
c:\windows\25c5spz9are816.dll
c:\windows\25f9dozn5oader1415.dll
c:\windows\25z65ha95tool334.ocx
c:\windows\2656zvi9us5f.ocx
c:\windows\26773vizu5239.ocx
c:\windows\26859vizu91ab.bin
c:\windows\26882szy559.cpl
c:\windows\270559wnzoader2660.dll
c:\windows\27695vir9z92.exe
c:\windows\27822trojz059.dll
c:\windows\279709zt-a-viru53ec.ocx
c:\windows\28032vi5zs7b39.dll
c:\windows\281275pamzot29a.cpl
c:\windows\284959zrus564.dll
c:\windows\28534hacktooz1a29.cpl
c:\windows\28555not-a9v5ruz71.cpl
c:\windows\287fspyw5r91839z.dll
c:\windows\28beb9ck5oorz04.dll
c:\windows\28z0spyw59e1032.dll
c:\windows\290asparse215z.ocx
c:\windows\290z5ief9375.bin
c:\windows\29160spambotz75.dll
c:\windows\29250h9cktool1ze.dll
c:\windows\292ddow5zoader2477.exe
c:\windows\29580szy191.dll
c:\windows\29655ir14z1.ocx
c:\windows\297fthrez54517.bin
c:\windows\29813notza-virus530.bin
c:\windows\29851hackt9ol6f3z.bin
c:\windows\29953troz237.cpl
c:\windows\29a8zh5eat17961.bin
c:\windows\29e9spyw5re20z4.bin
c:\windows\2a81spar5ez1349.exe
c:\windows\2affa9dwzre2105.dll
c:\windows\2b07thzea94854.cpl
c:\windows\2b64spywzr51690.dll
c:\windows\2b6zadd9a5e1265.bin
c:\windows\2c9bthrezt10654.exe
c:\windows\2d6z5hi9f807.cpl
c:\windows\2d8zaddwar59032.ocx
c:\windows\2e99baczdoor351.ocx
c:\windows\2fe9spyw5rz2423.ocx
c:\windows\2z513w9rm1f0.exe
c:\windows\2ze4vi927635.cpl
c:\windows\30269tr9zf5.bin
c:\windows\30313viruz945.exe
c:\windows\30815vi5zs694.dll
c:\windows\30888hazkto95758.cpl
c:\windows\30925z9y341.cpl
c:\windows\30936s5y2z9.cpl
c:\windows\30945worm5z4.dll
c:\windows\30949zrus35e.dll
c:\windows\30999szy5a5.ocx
c:\windows\31152virus593z.ocx
c:\windows\31997not-a-zirus1599.bin
c:\windows\31z959py4c45.ocx
c:\windows\323235rzj491.ocx
c:\windows\32z57ha5kto9l6b6.ocx
c:\windows\3397h9ckto5z70b.exe
c:\windows\369zthie52279.dll
c:\windows\398thizf5172.bin
c:\windows\3992zte5l503.exe
c:\windows\39dadzwnlo5der461.bin
c:\windows\39f4t5ief14z9.exe
c:\windows\3a35sz9rse69.bin
c:\windows\3a9cthreat399z85.cpl
c:\windows\3d7esza5se3179.dll
c:\windows\3e2dth5eat1z290.ocx
c:\windows\3f4bdown5ozder5459.cpl
c:\windows\3z4ast5al159.cpl
c:\windows\3z531sp9mbotbd.ocx
c:\windows\3z54s9ywar53261.ocx
c:\windows\3z799spyda5.bin
c:\windows\3zab5o9nloader487.exe
c:\windows\3zc5spars9107.dll
c:\windows\405zsteal9655.bin
c:\windows\40e0zpyw9re10555.ocx
c:\windows\4119spa9bo5z45.dll
c:\windows\41f9tz5ef1389.exe
c:\windows\4324threz97075.exe
c:\windows\4349t5oj7z9.bin
c:\windows\4382not9z5virus18e.exe
c:\windows\45579zr5sff.exe
c:\windows\4557spy64z9.exe
c:\windows\4570spamb9t23z.cpl
c:\windows\45abz9k5oor2647.bin
c:\windows\45d2spar9ez096.dll
c:\windows\4697not-z-v5rus7bb.ocx
c:\windows\4717b9c5door1698z.exe
c:\windows\47519tealz723.ocx
c:\windows\4909vir3z65.bin
c:\windows\490fadd5aze2244.ocx
c:\windows\4916spyware9z56.cpl
c:\windows\49435ownloader1199z.bin
c:\windows\4955zhi9f2499.ocx
c:\windows\4994spyw5ze1624.bin
c:\windows\4998zddware7465.bin
c:\windows\4b6adownload5r17z69.bin
c:\windows\4c92threat275z7.cpl
c:\windows\4e71spy9arez1425.ocx
c:\windows\4ff5addwar91z02.cpl
c:\windows\4z04spa95e2829.bin
c:\windows\4z30addwa9e2556.ocx
c:\windows\503zw9rm2d5.bin
c:\windows\518szeal2439.cpl
c:\windows\51z3spy9dd5.dll
c:\windows\52c4spy5a9e2536z.exe
c:\windows\53918spyz49.ocx
c:\windows\539downloadez1558.dll
c:\windows\53zfspywar91754.bin
c:\windows\5444zddwa9e1198.ocx
c:\windows\545179orm2z5.ocx
c:\windows\54fbthrezt10990.exe
c:\windows\5512vzru9370.exe
c:\windows\553a9ir3z7.dll
c:\windows\55497spambozfd.ocx
c:\windows\559esparse5994z.exe
c:\windows\55c0thzeat25495.dll
c:\windows\55cdba9kdzor2523.cpl
c:\windows\55czs5eal9027.dll
c:\windows\56159oznloader2148.bin
c:\windows\564fbac5do9r3194z.ocx
c:\windows\5735add5a9ez138.ocx
c:\windows\575zroj29a.dll
c:\windows\59217spy4zb.dll
c:\windows\595zir2774.dll
c:\windows\596cs9yware53z.ocx
c:\windows\597ezi52774.dll
c:\windows\5984haczto5l391.dll
c:\windows\5999zteal1176.bin
c:\windows\59z5thief900.exe
c:\windows\59z85troj5fc.exe
c:\windows\5a5bthiez18189.bin
c:\windows\5a9asp5ware1602z.ocx
c:\windows\5b59baczdoo9804.exe
c:\windows\5b8zvir15519.bin
c:\windows\5b9edownloader5358z.bin
c:\windows\5c14spywzre1591.dll
c:\windows\5c66thizf1489.exe
c:\windows\5cc0ba9kzoor5923.dll
c:\windows\5cfb5z9al3145.bin
c:\windows\5d7cspa5se30z9.cpl
c:\windows\5e299oznloader2550.bin
c:\windows\5e5bthiz91322.ocx
c:\windows\5e5zvir1998.bin
c:\windows\5fdddownl9adez1965.dll
c:\windows\5z24hacktool4995.ocx
c:\windows\5z3cthie91890.bin
c:\windows\5z735o9m14a.bin
c:\windows\5z989troj5559.exe
c:\windows\5zaaspy9are652.bin
c:\windows\5zd2spy59re2843.exe
c:\windows\5ze5steal965.bin
c:\windows\5zff9hie51204.dll
c:\windows\6026a9dw5rz2527.cpl
c:\windows\6126thief1597z.exe
c:\windows\615fbackz9or1257.cpl
c:\windows\619zs5arse25759.dll
c:\windows\61z9vir2955.exe
c:\windows\63195o9z157.bin
c:\windows\632bst5alz849.dll
c:\windows\645zparse2239.bin
c:\windows\649atzrea525717.cpl
c:\windows\6594virus65z.bin
c:\windows\6596steal997z.exe
c:\windows\6615wor5b9z.cpl
c:\windows\6997spyw5rez603.bin
c:\windows\69985roz599.cpl
c:\windows\69c3tzr5at200069.ocx
c:\windows\6a48threa92z5975.exe
c:\windows\6aa0t5ie95z9.cpl
c:\windows\6azcsp5w9re921.cpl
c:\windows\6bc7back5o9r1z45.dll
c:\windows\6ce99ow5loaderz191.exe
c:\windows\6d469ackdoor574z.ocx
c:\windows\6d8ca9dwarz2553.exe
c:\windows\6e8ca9dwar523z0.ocx
c:\windows\6f99zpywar95235.bin
c:\windows\6fc5sp9r5z2194.exe
c:\windows\7038noz-a-v5ru92b9.exe
c:\windows\709b5parse18z1.exe
c:\windows\7352zroj995.bin
c:\windows\7532zot-a-9irusf6.ocx
c:\windows\75zdback5oor9729.ocx
c:\windows\781fsza9se3151.ocx
c:\windows\7902zac5door1455.cpl
c:\windows\7949sparz9805.cpl
c:\windows\799zthie9657.ocx
c:\windows\79b5steal29z7.cpl
c:\windows\7b0t9zef2577.ocx
c:\windows\7b95spywa5e255z.dll
c:\windows\7bcddow5loade9z160.bin
c:\windows\7fc3b9c5door1587z.dll
c:\windows\7z47virus695.bin
c:\windows\7z52v5r18289.dll
c:\windows\7z5evir1790.bin
c:\windows\7zb5sp9rse2300.cpl
c:\windows\7zd6spa59e2726.cpl
c:\windows\852spars92z85.exe
c:\windows\85419pamzot1b1.bin
c:\windows\855vzr23259.ocx
c:\windows\902dbackdo5r1334z.ocx
c:\windows\90zspy5are1735.ocx
c:\windows\911dozn9oader10995.exe
c:\windows\91305trojz9.ocx
c:\windows\9158spywar52z67.bin
c:\windows\92182wozm415.bin
c:\windows\9252adz5are941.exe
c:\windows\9294vi5us6z9.cpl
c:\windows\92b5downloaderz30.bin
c:\windows\9305h9cktozl366.cpl
c:\windows\9330s5yzare2670.ocx
c:\windows\9351viz5165.cpl
c:\windows\93847hz5ktool740.bin
c:\windows\94143virus508z.ocx
c:\windows\9417spywarz544.bin
c:\windows\9442th5ef2711z.bin
c:\windows\951375py570z.bin
c:\windows\95277worm3e2z.cpl
c:\windows\9595vir9z1c0.cpl
c:\windows\96973not-a-vir5s117z.ocx
c:\windows\97176zirus595.ocx
c:\windows\9751trojz95.ocx
c:\windows\97zasparse357.exe
c:\windows\982cth5ef3z2.cpl
c:\windows\9923s5y9z5.ocx
c:\windows\99324no5-a-virus25z.exe
c:\windows\993z1sp5mbot538.ocx
c:\windows\9945spa59zt7cc.bin
c:\windows\9953spamboz4285.dll
c:\windows\9e7th5ezt111299.exe
c:\windows\9f965tzal2944.dll
c:\windows\9z05hack5ool9c9.bin
c:\windows\9z959py3d0.ocx
c:\windows\9z99troj55.bin
c:\windows\b7dtzi952572.dll
c:\windows\be19ddware1559z.exe
c:\windows\d38zt59l2411.cpl
c:\windows\e1bthreat901z75.exe
c:\windows\fz95pyware1051.ocx
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\10369zpambot25c.ocx
c:\windows\system32\10437not-9-v5rzs748.bin
c:\windows\system32\10e5vi9850z.ocx
c:\windows\system32\11195n5t-a-zirus719.exe
c:\windows\system32\1141595rzs760.bin
c:\windows\system32\11795zpy68.bin
c:\windows\system32\1179znot-a5virus4b7.exe
c:\windows\system32\12019not-a9virzs1b5.exe
c:\windows\system32\12228not-9-v5rusz9c.exe
c:\windows\system32\1236downz9ader3549.ocx
c:\windows\system32\1245stezl9261.exe
c:\windows\system32\12561h9cktoz5ac.dll
c:\windows\system32\12953zirus9b0.ocx
c:\windows\system32\129bst5zl489.cpl
c:\windows\system32\12z3wo5m7639.bin
c:\windows\system32\13075wo9m2z.bin
c:\windows\system32\13367s9amb5t54fz.ocx
c:\windows\system32\135819ot-azviru557b.cpl
c:\windows\system32\13z26tr591fe.cpl
c:\windows\system32\14263s5926z.dll
c:\windows\system32\14325spy92z.ocx
c:\windows\system32\14643woz955a.dll
c:\windows\system32\14755no9-a-vi5uzb5.dll
c:\windows\system32\1483zhi953157.exe
c:\windows\system32\1496thzef5819.dll
c:\windows\system32\149ebackdoorz9635.dll
c:\windows\system32\1530zwor5390.bin
c:\windows\system32\1540znot-a-vi59s5c1.dll
c:\windows\system32\154259acktzol580.dll
c:\windows\system32\15439not-z-5irus7bb.dll
c:\windows\system32\15691not-a-viru51fz.bin
c:\windows\system32\15937spy32cz.dll
c:\windows\system32\1595vir2699z.cpl
c:\windows\system32\15zfthie922135.exe
c:\windows\system32\16981spzmbot57b5.cpl
c:\windows\system32\173dsp5wzre289.dll
c:\windows\system32\17888zpy595.cpl
c:\windows\system32\17892worz952.ocx
c:\windows\system32\17b1thi9z5071.dll
c:\windows\system32\17b9downloader5572z.ocx
c:\windows\system32\18119sp95z6.bin
c:\windows\system32\18354n5t-z-vi9us1d8.bin
c:\windows\system32\1857sparz92384.cpl
c:\windows\system32\18854wor95zf.exe
c:\windows\system32\18915zpydd.bin
c:\windows\system32\18918hackt5ol7a5z.bin
c:\windows\system32\18a9vir258z.dll
c:\windows\system32\18zfs9eal2553.cpl
c:\windows\system32\18zspy905.bin
c:\windows\system32\190465rojzb9.exe
c:\windows\system32\190z5virus15b.dll
c:\windows\system32\19197vir5s399z.cpl
c:\windows\system32\19409not-a-viru512az.ocx
c:\windows\system32\19492wzr51aa9.ocx
c:\windows\system32\19493spydz5.exe
c:\windows\system32\19807zo5mda.dll
c:\windows\system32\1985threat29991z.ocx
c:\windows\system32\198825orm7za9.bin

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

part 2

Post by xxzozo on 13th June 2009, 11:49 pm

c:\windows\system32\1azbsp5r9e1002.ocx
c:\windows\system32\1b2ddowzloader5912.ocx
c:\windows\system32\1b945ackdoor580z.cpl
c:\windows\system32\1bz45ackdoor609.cpl
c:\windows\system32\1c0b5py9are2952z.cpl
c:\windows\system32\1c9zback5oor894.bin
c:\windows\system32\1d5athief829z.dll
c:\windows\system32\1decsp5ware192z.ocx
c:\windows\system32\1e5cvi9146z.bin
c:\windows\system32\1e76zte95302.ocx
c:\windows\system32\1e80spy95ze1457.ocx
c:\windows\system32\1e88doznloader2095.cpl
c:\windows\system32\1e995zwnloader984.cpl
c:\windows\system32\1fbddownlzader5919.exe
c:\windows\system32\1z15downloade95903.bin
c:\windows\system32\1z201hacktool5795.cpl
c:\windows\system32\1z295hackto9l6e6.dll
c:\windows\system32\1z559virus2e5.ocx
c:\windows\system32\1z677hack9oo5261.bin
c:\windows\system32\20265n5z-a-9irus70.dll
c:\windows\system32\20557zorm5f59.exe
c:\windows\system32\20592s9z2755.ocx
c:\windows\system32\206abazkdo5r1739.bin
c:\windows\system32\20790t5oj1ze.cpl
c:\windows\system32\209789zrus5d1.cpl
c:\windows\system32\219e5hiez3075.cpl
c:\windows\system32\222no5-azvi9us495.bin
c:\windows\system32\222zr5j9a.dll
c:\windows\system32\226985ormzb0.cpl
c:\windows\system32\22905zpy359.ocx
c:\windows\system32\22995tr5jz66.dll
c:\windows\system32\22996worm25bz.bin
c:\windows\system32\229d5zeal1041.ocx
c:\windows\system32\22bcth9ez555.exe
c:\windows\system32\23496not9a-zir5s3de.ocx
c:\windows\system32\23657s5ambot3ze9.dll
c:\windows\system32\23966spa9bot35z.ocx
c:\windows\system32\2420vi514z59.ocx
c:\windows\system32\24554zot5a-vir9s267.dll
c:\windows\system32\24619wormz95.exe
c:\windows\system32\246edoznl95der1935.exe
c:\windows\system32\2503zvirus3895.cpl
c:\windows\system32\250559ot-a-virzs329.ocx
c:\windows\system32\2510n9t-a-virus2z6.ocx
c:\windows\system32\25315ha9ktool649z.bin
c:\windows\system32\2583addwzre23549.dll
c:\windows\system32\259475ot-a-z9rus655.ocx
c:\windows\system32\2597zt59j7a6.cpl
c:\windows\system32\25987spambot50z.cpl
c:\windows\system32\2599wozm6d5.ocx
c:\windows\system32\25z4h9cktool6145.ocx
c:\windows\system32\25z75hackt9ol575.bin
c:\windows\system32\26488z9t-5-virus428.dll
c:\windows\system32\26496trojz755.bin
c:\windows\system32\266509ot-a-vizus1bb.cpl
c:\windows\system32\274845ot9z-virus7c7.dll
c:\windows\system32\2779zsp95ea.bin
c:\windows\system32\27e39teaz1575.exe
c:\windows\system32\28249zpy795.cpl
c:\windows\system32\2899zs5y5ff.ocx
c:\windows\system32\28e9spywa5e2z91.exe
c:\windows\system32\29152wo9m25z.cpl
c:\windows\system32\29545worz921.cpl
c:\windows\system32\29553szy7259.dll
c:\windows\system32\297559irus22dz.exe
c:\windows\system32\29785orm7z9.cpl
c:\windows\system32\29954spz3dc.exe
c:\windows\system32\2b6fdown5oadzr9191.ocx
c:\windows\system32\2b89backz5or16089.exe
c:\windows\system32\2c59zownloader1216.dll
c:\windows\system32\2da2zownl5ader1679.ocx
c:\windows\system32\2f54backd5zr9969.ocx
c:\windows\system32\2f68ad5wzre2946.bin
c:\windows\system32\2f959ir2756z.cpl
c:\windows\system32\2f97backdoz916325.exe
c:\windows\system32\2z1a5ddware9045.cpl
c:\windows\system32\2z35459oj5c2.bin
c:\windows\system32\3039zvi5us9f7.ocx
c:\windows\system32\30657viruz983.bin
c:\windows\system32\30695not-5-zirus5c.dll
c:\windows\system32\30729not-a-viru57ez.exe
c:\windows\system32\308z759rus149.ocx
c:\windows\system32\30916not-a-v5ruz677.bin
c:\windows\system32\30z5thief2359.cpl
c:\windows\system32\30z95teal767.bin
c:\windows\system32\3114ztroj5965.ocx
c:\windows\system32\3119v5z2359.dll
c:\windows\system32\31396zirus975.cpl
c:\windows\system32\3185zworm908.exe
c:\windows\system32\31924virzs5f9.cpl
c:\windows\system32\31925not-9-zirus7b3.dll
c:\windows\system32\3193z5ot-a-virus4b3.exe
c:\windows\system32\32194worz95e5.dll
c:\windows\system32\32259spambot43z.exe
c:\windows\system32\325z3worm9b4.cpl
c:\windows\system32\33z8thr59t1476.exe
c:\windows\system32\3559zroj3aa9.ocx
c:\windows\system32\372zthr5at29985.cpl
c:\windows\system32\3759zhie93069.dll
c:\windows\system32\381fspywzre5958.exe
c:\windows\system32\3909not5a9viruz524.dll
c:\windows\system32\39189s5z45f.exe
c:\windows\system32\392ethi5f936z.exe
c:\windows\system32\393e5pywa9e2267z.ocx
c:\windows\system32\3952not-a-viru5z46.exe
c:\windows\system32\395aviz342.dll
c:\windows\system32\395fa5zware1113.exe
c:\windows\system32\39d2spyw9re1z675.exe
c:\windows\system32\39f5vir500z.exe
c:\windows\system32\3a61thizf9485.exe
c:\windows\system32\3ae15tzal139.exe
c:\windows\system32\3b579tezl1953.ocx
c:\windows\system32\3bbfad5ware2z259.cpl
c:\windows\system32\3cz8thre5t82369.exe
c:\windows\system32\3d0cs5yz9re274.cpl
c:\windows\system32\3d9zba9kdoor225.dll
c:\windows\system32\3z77wor96ab5.exe
c:\windows\system32\3z84vir92965.bin
c:\windows\system32\3z89thi9f5473.exe
c:\windows\system32\40425ownl9adez2681.exe
c:\windows\system32\40e8dzwnlo5der59.exe
c:\windows\system32\40fat5reat17559z.dll
c:\windows\system32\40zb5ddwar91326.cpl
c:\windows\system32\4155threaz187859.exe
c:\windows\system32\4179vir3z57.ocx
c:\windows\system32\42fcthr5at9408z.exe
c:\windows\system32\43d9thzef2359.ocx
c:\windows\system32\4509stzal1532.ocx
c:\windows\system32\4556t9rza511172.bin
c:\windows\system32\4594stea52z70.ocx
c:\windows\system32\4597zpambot8a.cpl
c:\windows\system32\459zth9ef2036.cpl
c:\windows\system32\467fs5y9aze1425.dll
c:\windows\system32\4703wor5z91.ocx
c:\windows\system32\475c9ownloaderz04.cpl
c:\windows\system32\479bzparse2576.cpl
c:\windows\system32\491aspzware9549.bin
c:\windows\system32\493bstezl5475.ocx
c:\windows\system32\4955spyw9re8z6.cpl
c:\windows\system32\4959sparse2z07.bin
c:\windows\system32\49ddzackd9or1561.bin
c:\windows\system32\4b52zhief2359.cpl
c:\windows\system32\4cc9ste5l857z.cpl
c:\windows\system32\4cf5th9eaz13591.ocx
c:\windows\system32\4e1f9ir52z1.ocx
c:\windows\system32\4edat5rea9155z0.dll
c:\windows\system32\4ef5ste95z272.exe
c:\windows\system32\4f9ezparse1558.dll
c:\windows\system32\4z1bthr9at8365.exe
c:\windows\system32\4z52threat28849.dll
c:\windows\system32\5069zroj243.cpl
c:\windows\system32\507309zrus7b2.cpl
c:\windows\system32\511cdown9oazer3127.dll
c:\windows\system32\51f9zpywa9e1847.dll
c:\windows\system32\5253thief2z49.ocx
c:\windows\system32\5291bzckdoor2123.bin
c:\windows\system32\53329virus9fz.cpl
c:\windows\system32\5439t9rzat181375.bin
c:\windows\system32\549fdownloaderz7495.cpl
c:\windows\system32\54a5viz11049.ocx
c:\windows\system32\54z1b9ckdoor2568.cpl
c:\windows\system32\54z5backd9or1570.ocx
c:\windows\system32\5509troj5c1z.bin
c:\windows\system32\55315i9us48z.ocx
c:\windows\system32\5551not-9zvirus559.ocx
c:\windows\system32\555bsparse2z09.ocx
c:\windows\system32\55609worm61cz.cpl
c:\windows\system32\55779zrus65f.exe
c:\windows\system32\558cth9ef5z9.exe
c:\windows\system32\55dc9hie5z194.exe
c:\windows\system32\56z9hac9t5ol582.exe
c:\windows\system32\5731thre9t9030z.ocx
c:\windows\system32\57899wor947z.cpl
c:\windows\system32\585799py53z.exe
c:\windows\system32\58708not-a-zirus9d8.ocx
c:\windows\system32\589z5ac9tool2e7.dll
c:\windows\system32\590avir18z39.exe
c:\windows\system32\59463not-a-viruz938.exe
c:\windows\system32\59601h9cktzol45c.exe
c:\windows\system32\5970vir19z1.exe
c:\windows\system32\5991wzrm5955.bin
c:\windows\system32\599bsteal549z.ocx
c:\windows\system32\59c7spazse9335.dll
c:\windows\system32\59d1spars51199z.ocx
c:\windows\system32\5a129hzeat20081.dll
c:\windows\system32\5bccba9kdozr1673.bin
c:\windows\system32\5c3es9arz51477.exe
c:\windows\system32\5c7cstea5z569.exe
c:\windows\system32\5c95thr9at916z.bin
c:\windows\system32\5czab9c5door775.cpl
c:\windows\system32\5d89zh5eat16888.exe
c:\windows\system32\5d95addware314z.bin
c:\windows\system32\5est9al1510z.dll
c:\windows\system32\5z19ad9ware1405.exe
c:\windows\system32\5z688spambot19.exe
c:\windows\system32\5zf3sparse2908.cpl
c:\windows\system32\62z7vir54309.ocx
c:\windows\system32\640fspa5se9763z.exe

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

part3

Post by xxzozo on 13th June 2009, 11:50 pm

c:\windows\system32\6529threat256z9.bin
c:\windows\system32\6540thie9z187.cpl
c:\windows\system32\656ds9zal1228.exe
c:\windows\system32\658estzal2997.ocx
c:\windows\system32\6599vi5usza9.ocx
c:\windows\system32\65dz9parse186.exe
c:\windows\system32\65zcste9l1508.exe
c:\windows\system32\6694tro9552z.bin
c:\windows\system32\68dcsp5zs92170.bin
c:\windows\system32\6911tro9651z.bin
c:\windows\system32\6992w5rz173.ocx
c:\windows\system32\69z3th5ef872.ocx
c:\windows\system32\6a15add9arez265.ocx
c:\windows\system32\6ac6z9a5se2264.cpl
c:\windows\system32\6b84spy9arez589.bin
c:\windows\system32\6c875ownloa9er2163z.bin
c:\windows\system32\6dcdt9iefz5005.cpl
c:\windows\system32\6e559ownloadzr1912.ocx
c:\windows\system32\6z115teal699.ocx
c:\windows\system32\6ze5v9r12365.cpl
c:\windows\system32\6ze7a5dwar91259.exe
c:\windows\system32\6zeaspar591525.bin
c:\windows\system32\7051zroj97.bin
c:\windows\system32\709not-a-vi9uz5ad.exe
c:\windows\system32\710zs9yware22425.cpl
c:\windows\system32\735fvirz9555.exe
c:\windows\system32\73zdspyw5re795.dll
c:\windows\system32\75d1s9arse21z5.cpl
c:\windows\system32\76z0n95-a-virus451.dll
c:\windows\system32\7728sze5l1977.cpl
c:\windows\system32\772e5ddwzr9358.bin
c:\windows\system32\77e5ste9z21775.bin
c:\windows\system32\77e9thze51111.dll
c:\windows\system32\785zspyware9175.cpl
c:\windows\system32\791bdownloaderz542.bin
c:\windows\system32\79zfdownlo9der14035.cpl
c:\windows\system32\7b15zackdoo9474.ocx
c:\windows\system32\7b97thr5at1974z.dll
c:\windows\system32\7ba9tzie5702.dll
c:\windows\system32\7d31b5c9zoor2767.bin
c:\windows\system32\7z5dthie92665.ocx
c:\windows\system32\7z85vir3901.cpl
c:\windows\system32\8076ha9ktooz510.cpl
c:\windows\system32\8242z9r5s720.dll
c:\windows\system32\8291vzr594dc.ocx
c:\windows\system32\85szeal1759.cpl
c:\windows\system32\8829troz365.dll
c:\windows\system32\8995hack5oolz8d.ocx
c:\windows\system32\902995acktool34z.cpl
c:\windows\system32\9116zspy556.bin
c:\windows\system32\91468spamb5t363z.ocx
c:\windows\system32\91815trzj116.bin
c:\windows\system32\92165hackzool743.cpl
c:\windows\system32\92451worm7z1.bin
c:\windows\system32\92513not-a5vzrus3ce.bin
c:\windows\system32\9263vzrus95c.cpl
c:\windows\system32\92965o9m4z4.exe
c:\windows\system32\9304hackzoo573d.cpl
c:\windows\system32\9372hacktzol62b5.exe
c:\windows\system32\93z65spy4bb5.bin
c:\windows\system32\957zr5j6c.ocx
c:\windows\system32\9598not-a-virus59az.bin
c:\windows\system32\95zbvir1874.exe
c:\windows\system32\962th9eatz8855.bin
c:\windows\system32\9637z5roj54b.ocx
c:\windows\system32\9759hreat31235z.bin
c:\windows\system32\9812s5eal2581z.cpl
c:\windows\system32\9835szambot395.bin
c:\windows\system32\98zaddwar53982.cpl
c:\windows\system32\993ev5r81z.cpl
c:\windows\system32\99a4downloz5er996.bin
c:\windows\system32\99zvir5813.exe
c:\windows\system32\9c8bspy5arez492.bin
c:\windows\system32\9d7db5ckdozr1815.dll
c:\windows\system32\9ec5azkdoor2176.bin
c:\windows\system32\9f7baz5door2040.exe
c:\windows\system32\9z9not-a-viru5921.bin
c:\windows\system32\a05s9arsz1504.bin
c:\windows\system32\bz9spy5are3069.bin
c:\windows\system32\c0caddwar5z699.dll
c:\windows\system32\c2359arsz2453.cpl
c:\windows\system32\cb8sze591232.ocx
c:\windows\system32\d55spzrse3192.exe
c:\windows\system32\df5downl95der1z44.ocx
c:\windows\system32\z1023not-a-viru53b89.exe
c:\windows\system32\z15cv9r1297.bin
c:\windows\system32\z16759oj15f.dll
c:\windows\system32\z1ef9d5ware1739.ocx
c:\windows\system32\z359hief1742.bin
c:\windows\system32\z408troj59e.bin
c:\windows\system32\z4bf59eal2092.ocx
c:\windows\system32\z50419roj692.exe
c:\windows\system32\z5235pambot690.bin
c:\windows\system32\z544vir21109.cpl
c:\windows\system32\z551steal1197.ocx
c:\windows\system32\z559backdoor1319.exe
c:\windows\system32\z55csteal1229.ocx
c:\windows\system32\z59th5ef911.cpl
c:\windows\system32\z610thief27295.dll
c:\windows\system32\z669downl5ader3215.exe
c:\windows\system32\z6a5spyware1391.bin
c:\windows\system32\z945spyware2616.ocx
c:\windows\system32\z9579s9y523.cpl
c:\windows\system32\z9a35hrea932429.dll
c:\windows\system32\z9fedownlo5der2270.exe
c:\windows\system32\zadeba5kdoor1749.ocx
c:\windows\system32\zb3as9ar5e459.dll
c:\windows\system32\zc01backdoor559.bin
c:\windows\system32\zc9bt9re5t15089.bin
c:\windows\system32\zfe7steal22195.exe
c:\windows\z0285wo9m46b.dll
c:\windows\z19th9ea514978.exe
c:\windows\z273steal95165.bin
c:\windows\z3015hack59ol45f.ocx
c:\windows\z3522not-a-v9rus5d.dll
c:\windows\z43509roj558.exe
c:\windows\z474s5ambot329.ocx
c:\windows\z568worm49a9.cpl
c:\windows\z5c6s9arse593.exe
c:\windows\z615v9rus55d.bin
c:\windows\z6175sp9mbot5f7.ocx
c:\windows\z786sp9rse5558.exe
c:\windows\z85troj59f5.exe
c:\windows\z91threat27599.exe
c:\windows\z9455o9-a-virus77.dll
c:\windows\z950v9ru55f4.bin
c:\windows\z9598worm6ad.bin
c:\windows\z99955roj94.dll
c:\windows\zdd5b9ckdoo51514.exe
.
---- Previous Run -------
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-11-03 17:59 . 2009-11-03 17:59 8824 ----a-w- c:\windows\zd5aspyware69.bin
2009-09-26 11:46 . 2009-09-26 11:46 16745 ----a-w- c:\windows\580959tza-virus2.exe
2009-06-13 01:20 . 2009-06-13 01:20 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-06-13 01:20 . 2009-06-13 01:20 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-06-13 01:20 . 2009-06-13 01:20 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-13 01:20 . 2009-06-13 01:21 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Spyware Terminator
2009-06-12 23:09 . 2009-06-12 23:09 -------- d-----w- C:\rsit
2009-06-12 23:06 . 2009-06-12 23:10 116623 ----a-w- C:\MGlogs.zip
2009-06-12 22:30 . 2009-06-12 22:30 -------- d-----w- C:\!KillBox
2009-06-11 20:58 . 2009-06-11 20:58 -------- d-----w- c:\program files\RegCure
2009-06-11 20:58 . 2009-06-11 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-06-11 16:23 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 16:23 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 16:23 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 16:23 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-07 19:10 . 2009-06-12 23:10 -------- d-----w- C:\MGtools
2009-06-07 19:10 . 2009-06-07 19:10 1342151 ----a-w- C:\MGtools.exe
2009-06-07 16:59 . 2009-06-07 16:59 451655 ----a-w- c:\temp\RootRepeal.zip
2009-06-07 13:18 . 2009-06-07 13:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-07 12:55 . 2009-06-13 03:23 -------- d-----w- c:\program files\Spyware Terminator
2009-06-07 12:55 . 2009-06-13 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-06 04:08 . 2009-06-07 13:00 -------- d-----w- c:\program files\Trend Micro
2009-06-06 03:36 . 2009-06-06 03:36 -------- d-----w- C:\_OTM
2009-06-04 21:57 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 21:57 . 2009-06-04 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-04 21:57 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 21:57 . 2009-06-12 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 23:16 . 2009-06-02 23:16 361472 ----a-w- c:\windows\system32\tempo-setup2.exe
2009-05-30 14:23 . 2009-05-30 14:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-30 14:01 . 2009-05-30 14:01 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-05-30 13:58 . 2009-05-30 13:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-05-30 13:58 . 2009-05-30 13:58 -------- d-----w- c:\program files\PluginVideo
2009-05-26 22:41 . 2009-05-26 22:41 -------- d-sh--w- c:\documents and settings\Big Bad Jean\PrivacIE
2009-05-25 13:10 . 2009-05-25 13:10 -------- d-sh--w- c:\documents and settings\Big Bad Jean\IECompatCache
2009-05-24 16:02 . 2009-05-24 16:02 53248 ----a-w- c:\documents and settings\Zee\Application Data\Thinstall\Microsoft Office Enterprise 2007\4000006800002h\HPZSTC12.exe
2009-05-24 15:32 . 2009-05-24 15:32 53248 ----a-w- c:\documents and settings\Zee\Application Data\Thinstall\Microsoft Office Enterprise 2007\400000600002h\ctfmon.exe
2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\documents and settings\Zee\Application Data\Thinstall
2009-05-24 15:31 . 2009-05-24 15:31 -------- d-sh--w- c:\documents and settings\Zee\IETldCache
2009-05-22 21:36 . 2009-05-22 21:36 -------- d-sh--w- c:\documents and settings\Big Bad Jean\IETldCache
2009-05-22 21:00 . 2009-06-12 22:27 -------- d-----w- c:\windows\ie8updates
2009-05-22 21:00 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-22 20:58 . 2009-05-22 20:59 -------- dc-h--w- c:\windows\ie8
2009-05-22 20:48 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

pt 4

Post by xxzozo on 13th June 2009, 11:52 pm

.
2009-06-13 16:27 . 2009-04-01 08:45 117760 ----a-w- c:\documents and settings\Big Bad Jean\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-13 16:23 . 2009-02-19 21:44 90586 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-06-02 23:18 . 2009-02-17 21:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-02 23:17 . 2009-02-15 23:46 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Free Download Manager
2009-05-27 20:03 . 2009-04-10 21:52 -------- d-----w- c:\program files\Sims2Pack Clean Installer
2009-05-13 05:15 . 2009-02-17 04:07 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2009-02-17 04:07 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 21:53 . 2009-02-16 21:57 -------- d-----w- c:\program files\PartyGaming
2009-04-24 20:44 . 2009-04-24 20:44 -------- d-----w- c:\program files\Coupons
2009-04-24 01:37 . 2009-04-24 01:37 53248 ----a-w- c:\documents and settings\Big Bad Jean\Application Data\Thinstall\Microsoft Office Enterprise 2007\4000006800002h\HPZSTC12.exe
2009-04-24 01:35 . 2009-04-24 01:35 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Thinstall
2009-04-22 21:05 . 2009-04-22 21:05 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\U3
2009-04-17 12:26 . 2009-02-17 04:07 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2009-02-17 04:07 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 20:44 . 2009-04-14 20:44 135 ----a-w- c:\documents and settings\Big Bad Jean\Local Settings\Application Data\fusioncache.dat
2009-04-10 22:15 . 2009-04-10 22:15 126 ----a-w- c:\documents and settings\Zee\Local Settings\Application Data\fusioncache.dat
2009-04-05 14:28 . 2009-04-05 14:23 68268 ----a-w- c:\windows\hpoins05.dat
2004-12-07 17:13 . 2004-12-07 17:13 703080 ----a-w- c:\program files\BDA.cab
2004-12-07 17:13 . 2004-12-07 17:13 3578547 ----a-w- c:\program files\ManagedDX.CAB
2004-12-07 17:13 . 2004-12-07 17:13 1156363 ----a-w- c:\program files\BDANT.cab
2004-12-07 17:13 . 2004-12-07 17:13 479432 ----a-w- c:\program files\dxsetup.exe
2004-12-07 17:13 . 2004-12-07 17:13 69832 ----a-w- c:\program files\DSETUP.dll
2004-12-07 17:13 . 2004-12-07 17:13 2249416 ----a-w- c:\program files\dsetup32.dll
2004-12-07 17:13 . 2004-12-07 17:13 13265040 ----a-r- c:\program files\dxnt.cab
2004-12-07 17:13 . 2004-12-07 17:13 976020 ----a-w- c:\program files\BDAXP.cab
2004-12-07 17:13 . 2004-12-07 17:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-12-07 16:47 . 2004-12-07 16:47 20717 ----a-w- c:\program files\DirectX SDK EULA.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"tempo-setup2.exe"="c:\windows\system32\tempo-setup2.exe" [2009-06-02 361472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 18:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 8:08 PM 93712]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [1/19/2009 3:25 PM 17952]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 8:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 8:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 8:08 PM 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 2:50 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 8:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 8:08 PM 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 11:24 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 11:24 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 8:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 8:08 PM 88816]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 10:10 PM 189704]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\windows\Tasks\CAAntiSpywareScan_Daily as Big Bad Jean at 4 15 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

2009-06-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-13 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Download all with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dllink.htm
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-13 13:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(128)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(480)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
Completion time: 2009-06-13 13:07
ComboFix-quarantined-files.txt 2009-06-13 17:07

Pre-Run: 256,961,261,568 bytes free
Post-Run: 257,119,682,560 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
895 --- E O F --- 2009-06-12 22:27

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on 14th June 2009, 12:11 am

Hello.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\zd5aspyware69.bin
c:\windows\580959tza-virus2.exe
C:\MGlogs.zip
C:\MGtools.exe
c:\temp\RootRepeal.zip
c:\windows\system32\tempo-setup2.exe

Folder::
c:\program files\Coupons
C:\rsit
C:\!KillBox
C:\MGtools
C:\_OTM

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"tempo-setup2.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

WIN BLUE SOFT FIX B_S_WARNING FOR DELETING BLOCKER_DLL_FILE

Post by the_broken_pccomp on 14th June 2009, 4:32 am

I have win blue soft with the following symptoms on XP:

-cannot open programs
-safe mode does identical stuff to regualar mode
-cannot open task manager
-attomatic shut down in 5 min because the pointer drags itself to the start menu and logs off

I came across this so called help file but WARNING! I deleted the blocker.dll and my computer will no longer turn on. It just starts for about 2 seconds and the no power, no nothing. Reading this blog I am wondering if its a pile of junk and blocker.dll is important. I was starting to trying to get rid on the winbluesoft by deleting the 0whatev23.dll in the windows but why does it have to come to this. Im assuming that the hackers are posting the help files. With this broken computer, I wonder the next stages for this computer. How would you go about resetting the computer when it does not do anything. Just disaster. Please comment if you think not.

the_broken_pccomp
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-06-14
OS OS : xp
Points Points : 27363
# Likes # Likes : 0

View user profile

Back to top Go down

NM BLOCKER_DLL MIGHT BE THE ISSUE

Post by the_broken_pccomp on 14th June 2009, 4:41 am

I had a frustrating 2 weeks of trying to fix this bug called winbluesoft. These instructions could be correct therefore ignore my previous message. Thanks

the_broken_pccomp
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-06-14
OS OS : xp
Points Points : 27363
# Likes # Likes : 0

View user profile

Back to top Go down

COMPUTER FIXED

Post by the_broken_pccomp on 14th June 2009, 5:42 am

Honestly, these simple steps work:

1. Get rid of blocker.dll in windows32 folder by using software killbox
2. Run Combo-Fix

THANKS SO MUCH. I want to kiss you

the_broken_pccomp
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-06-14
OS OS : xp
Points Points : 27363
# Likes # Likes : 0

View user profile

Back to top Go down

Good Morning !! For some reason This did not want to work !! Took all night to f

Post by xxzozo on 14th June 2009, 12:12 pm

ComboFix 09-06-13.09 - Big Bad Jean 06/14/2009 7:46.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.160 [GMT -4:00]
Running from: c:\documents and settings\Big Bad Jean\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Big Bad Jean\Desktop\CFScript.txt,.txt
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

FILE ::
"C:\MGlogs.zip"
"C:\MGtools.exe"
"c:\temp\RootRepeal.zip"
"c:\windows\580959tza-virus2.exe"
"c:\windows\system32\tempo-setup2.exe"
"c:\windows\zd5aspyware69.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\!KillBox
C:\_OTM
C:\MGtools
c:\program files\Coupons
C:\rsit
c:\!killbox\blocker.dll( 1)
c:\!killbox\blocker.dll( 2)
c:\!killbox\Logs\kb.log
c:\_otm\MovedFiles\06052009_233606.log
c:\_otm\MovedFiles\06052009_233606.res
C:\MGlogs.zip
C:\MGtools.exe
c:\mgtools\analyse.exe
c:\mgtools\chodefix.bat
c:\mgtools\config.reg
c:\mgtools\DisableUAC.reg
c:\mgtools\EnableUAC.reg
c:\mgtools\ffdata.txt
c:\mgtools\filelog.txt
c:\mgtools\FindOVL.bat
c:\mgtools\FixBagle.bat
c:\mgtools\fixBagle.reg
c:\mgtools\FixCF.bat
c:\mgtools\fixCF.reg
c:\mgtools\fixChode.reg
c:\mgtools\FixFA.bat
c:\mgtools\fixFA.reg
c:\mgtools\GetDetails.exe
c:\mgtools\GetLogs.Bat
c:\mgtools\GetRunKey.bat
c:\mgtools\GetUnKey.txt
c:\mgtools\GetUnKeys.bat
c:\mgtools\grep.exe
c:\mgtools\GRK64.bat
c:\mgtools\hide.reg
c:\mgtools\hijackthis.log
c:\mgtools\history.txt
c:\mgtools\HTAfind.bat
c:\mgtools\IEFIX.reg
c:\mgtools\locate.com
c:\mgtools\ltime.exe
c:\mgtools\newfiles.txt
c:\mgtools\procdll.txt
c:\mgtools\Process.exe
c:\mgtools\ProcessDll.exe
c:\mgtools\Regfix.bat
c:\mgtools\runkeys.txt
c:\mgtools\sed.exe
c:\mgtools\ShowNew.bat
c:\mgtools\SN64.bat
c:\mgtools\swreg.exe
c:\mgtools\swwhoami.exe
c:\mgtools\sysinfo.txt
c:\mgtools\sysrest.txt
c:\mgtools\unhide.reg
c:\mgtools\UserInfo.bat
c:\mgtools\UserInfo.txt
c:\mgtools\vfind.exe
c:\mgtools\VunFind.bat
c:\mgtools\winfiles.txt
c:\mgtools\zip.exe
c:\program files\Coupons\Coupons.com.url
c:\program files\Coupons\uninstall.exe
c:\program files\Coupons\Uninstall\IRIMG1.JPG
c:\program files\Coupons\Uninstall\IRIMG2.JPG
c:\program files\Coupons\Uninstall\IRIMG3.JPG
c:\program files\Coupons\Uninstall\IRIMG4.JPG
c:\program files\Coupons\Uninstall\IRIMG5.JPG
c:\program files\Coupons\Uninstall\IRIMG6.JPG
c:\program files\Coupons\Uninstall\IRIMG7.JPG
c:\program files\Coupons\Uninstall\IRIMG8.JPG
c:\program files\Coupons\Uninstall\uninstall.dat
c:\program files\Coupons\Uninstall\uninstall.xml
c:\rsit\info.txt
c:\rsit\log.txt
c:\temp\RootRepeal.zip
c:\windows\580959tza-virus2.exe
c:\windows\system32\tempo-setup2.exe
c:\windows\zd5aspyware69.bin

.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.

2009-06-13 01:20 . 2009-06-13 01:20 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-06-13 01:20 . 2009-06-13 01:20 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-06-13 01:20 . 2009-06-13 01:20 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-13 01:20 . 2009-06-13 01:21 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Spyware Terminator
2009-06-11 20:58 . 2009-06-14 00:40 -------- d-----w- c:\program files\RegCure
2009-06-11 20:58 . 2009-06-11 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-06-11 16:23 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 16:23 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 16:23 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 16:23 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-07 13:18 . 2009-06-07 13:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-07 12:55 . 2009-06-13 03:23 -------- d-----w- c:\program files\Spyware Terminator
2009-06-07 12:55 . 2009-06-13 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-06 04:08 . 2009-06-07 13:00 -------- d-----w- c:\program files\Trend Micro
2009-06-04 21:57 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 21:57 . 2009-06-04 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-04 21:57 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 21:57 . 2009-06-12 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-30 14:23 . 2009-05-30 14:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-30 14:01 . 2009-05-30 14:01 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-05-30 13:58 . 2009-05-30 13:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-05-30 13:58 . 2009-06-14 02:15 -------- d-----w- c:\program files\PluginVideo
2009-05-26 22:41 . 2009-05-26 22:41 -------- d-sh--w- c:\documents and settings\Big Bad Jean\PrivacIE
2009-05-25 13:10 . 2009-05-25 13:10 -------- d-sh--w- c:\documents and settings\Big Bad Jean\IECompatCache
2009-05-24 16:02 . 2009-05-24 16:02 53248 ----a-w- c:\documents and settings\Zee\Application Data\Thinstall\Microsoft Office Enterprise 2007\4000006800002h\HPZSTC12.exe
2009-05-24 15:32 . 2009-05-24 15:32 53248 ----a-w- c:\documents and settings\Zee\Application Data\Thinstall\Microsoft Office Enterprise 2007\400000600002h\ctfmon.exe
2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\documents and settings\Zee\Application Data\Thinstall
2009-05-24 15:31 . 2009-05-24 15:31 -------- d-sh--w- c:\documents and settings\Zee\IETldCache
2009-05-22 21:36 . 2009-05-22 21:36 -------- d-sh--w- c:\documents and settings\Big Bad Jean\IETldCache
2009-05-22 21:00 . 2009-06-12 22:27 -------- d-----w- c:\windows\ie8updates
2009-05-22 21:00 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-22 20:58 . 2009-05-22 20:59 -------- dc-h--w- c:\windows\ie8
2009-05-22 20:48 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 12:04 . 2009-04-01 08:45 117760 ----a-w- c:\documents and settings\Big Bad Jean\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-06-14 11:58 . 2009-02-19 21:44 212734 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-06-14 02:58 . 2009-02-15 23:46 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Free Download Manager
2009-06-02 23:18 . 2009-02-17 21:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-27 20:03 . 2009-04-10 21:52 -------- d-----w- c:\program files\Sims2Pack Clean Installer
2009-05-13 05:15 . 2009-02-17 04:07 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2009-02-17 04:07 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 21:53 . 2009-02-16 21:57 -------- d-----w- c:\program files\PartyGaming
2009-04-24 01:37 . 2009-04-24 01:37 53248 ----a-w- c:\documents and settings\Big Bad Jean\Application Data\Thinstall\Microsoft Office Enterprise 2007\4000006800002h\HPZSTC12.exe
2009-04-24 01:35 . 2009-04-24 01:35 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Thinstall
2009-04-22 21:05 . 2009-04-22 21:05 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\U3
2009-04-17 12:26 . 2009-02-17 04:07 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2009-02-17 04:07 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 20:44 . 2009-04-14 20:44 135 ----a-w- c:\documents and settings\Big Bad Jean\Local Settings\Application Data\fusioncache.dat
2009-04-10 22:15 . 2009-04-10 22:15 126 ----a-w- c:\documents and settings\Zee\Local Settings\Application Data\fusioncache.dat
2009-04-05 14:28 . 2009-04-05 14:23 68268 ----a-w- c:\windows\hpoins05.dat
2004-12-07 17:13 . 2004-12-07 17:13 703080 ----a-w- c:\program files\BDA.cab
2004-12-07 17:13 . 2004-12-07 17:13 3578547 ----a-w- c:\program files\ManagedDX.CAB
2004-12-07 17:13 . 2004-12-07 17:13 1156363 ----a-w- c:\program files\BDANT.cab
2004-12-07 17:13 . 2004-12-07 17:13 479432 ----a-w- c:\program files\dxsetup.exe
2004-12-07 17:13 . 2004-12-07 17:13 69832 ----a-w- c:\program files\DSETUP.dll
2004-12-07 17:13 . 2004-12-07 17:13 2249416 ----a-w- c:\program files\dsetup32.dll
2004-12-07 17:13 . 2004-12-07 17:13 13265040 ----a-r- c:\program files\dxnt.cab
2004-12-07 17:13 . 2004-12-07 17:13 976020 ----a-w- c:\program files\BDAXP.cab
2004-12-07 17:13 . 2004-12-07 17:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-12-07 16:47 . 2004-12-07 16:47 20717 ----a-w- c:\program files\DirectX SDK EULA.txt

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Pt 2

Post by xxzozo on 14th June 2009, 12:12 pm

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-02-18 177392]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-02-18 259312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-02-18 173296]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-02-18 1193200]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 18:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinBlueSoft

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 8:08 PM 93712]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [1/19/2009 3:25 PM 17952]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 8:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 8:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 8:08 PM 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 2:50 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 8:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 8:08 PM 66576]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 8:08 PM 88816]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 11:24 AM 1010192]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 11:24 AM 801296]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 8:10 PM 281104]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 10:10 PM 189704]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\windows\Tasks\CAAntiSpywareScan_Daily as Big Bad Jean at 4 15 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

2009-06-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-14 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Download all with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dllink.htm
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-14 08:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,7c,96,c8,79,ac,87,44,bc,f1,1f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,7c,96,c8,79,ac,87,44,bc,f1,1f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1660)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(1900)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(3416)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\windows\system32\CF21395.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-14 8:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-14 12:07
ComboFix2.txt 2009-06-13 17:07

Pre-Run: 256,687,218,688 bytes free
Post-Run: 256,668,573,696 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
308 --- E O F --- 2009-06-12 22:27

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on 14th June 2009, 12:15 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

could not have done it withou you !!

Post by xxzozo on 14th June 2009, 11:15 pm

[b][i]It seems all cleared up now !! It seems to be running better than B4.. I still have a bunch of programs on here dont know if I need them or not..Reg Cure....MG Tools....RSIT...ieexplorer...Hijack this..Malwarebytes..dds...revosetup..and Killbox..Also What do you recommend I use to keep myself safe. The CA Supersntispyware .and windows were all on when this thing got thu

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27632
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on 14th June 2009, 11:20 pm

Delete everything apart from MBAM.
Uninstall CA, it's not very good. Look under add/remove programs and uninstall everything related to CA.

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum