WIN BLUE SOFT VICTIM

View previous topic View next topic Go down

saying the message is too big

Post by xxzozo on Sat Jun 13, 2009 11:48 pm

ComboFix 09-06-12.04 - Big Bad Jean 06/13/2009 12:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.217 [GMT -4:00]
Running from: c:\documents and settings\Big Bad Jean\Desktop\Combo-Fix.exe
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10945zroj505.exe
c:\windows\11195vi9uz220.cpl
c:\windows\12042hacz5ool93.ocx
c:\windows\12523w9r539z.cpl
c:\windows\1258backzoo9124.bin
c:\windows\12937not-a-virzs4d5.dll
c:\windows\12za5ir1998.ocx
c:\windows\13195hizf1759.exe
c:\windows\141bthief1z915.cpl
c:\windows\14822n5z-a-viru922b.exe
c:\windows\1489downloade5z58.exe
c:\windows\14944zirus33b5.dll
c:\windows\149539zy6db5.dll
c:\windows\15595hac9zool328.cpl
c:\windows\15698s5amz9t5c4.dll
c:\windows\15913hackzo9l10.exe
c:\windows\15fdaddwa9ez1955.dll
c:\windows\15z67sp9454.bin
c:\windows\1624notza-virus4539.cpl
c:\windows\1673695zmbot5b2.exe
c:\windows\1686back5oor79z.exe
c:\windows\169z2hacktool695.ocx
c:\windows\17065vir9szf5.cpl
c:\windows\17501spambot569z.cpl
c:\windows\17572h9cktzolc65.exe
c:\windows\175985irus79z.bin
c:\windows\176fbac5dozr9.exe
c:\windows\17z109r5j2f3.cpl
c:\windows\1809s5arsz1067.ocx
c:\windows\18693szambo5458.cpl
c:\windows\18812h9ckt5olz22.cpl
c:\windows\18czd9wnloader65.bin
c:\windows\18e2t9ze51282.cpl
c:\windows\18z31hac9to5l41e.cpl
c:\windows\18zc95arse350.dll
c:\windows\1932addw5re31z4.bin
c:\windows\193365zamb9t421.dll
c:\windows\195zspy55a.ocx
c:\windows\19z05worma6.exe
c:\windows\1a85zparse3095.bin
c:\windows\1azdbac9door2558.exe
c:\windows\1b22b5ckz9or169.bin
c:\windows\1b35zhrea98855.ocx
c:\windows\1d80spywaze18859.bin
c:\windows\1e155hiefz99.exe
c:\windows\1z146t9oj556.exe
c:\windows\1z405virus5719.bin
c:\windows\1zbc5hreat91143.cpl
c:\windows\20084not-az95rus583.bin
c:\windows\2049spa5ze2598.cpl
c:\windows\204z5pambotde9.cpl
c:\windows\2057not-z59irus40a.cpl
c:\windows\20605trojcz9.dll
c:\windows\21317w5rm29z.ocx
c:\windows\21392sz9mbo57b9.bin
c:\windows\21569not-9-viruz5f4.bin
c:\windows\21968not-a5viru97dz.cpl
c:\windows\2259hacktz5lea.bin
c:\windows\2291z9or574b.ocx
c:\windows\22z14wo5979b.bin
c:\windows\23249ackdzor2935.ocx
c:\windows\23490spa5zotd1.exe
c:\windows\237995orm3d7z.dll
c:\windows\23z41spambot597.exe
c:\windows\245105izus98.ocx
c:\windows\24869not-a-vzru59d.ocx
c:\windows\25357hzck9ool4d4.bin
c:\windows\25592zirus165.ocx
c:\windows\25826zac9tool5e7.ocx
c:\windows\25910spy2z9.ocx
c:\windows\25922wzr97ee.exe
c:\windows\25a6sza5se13189.ocx
c:\windows\25b7za9kdoor3076.cpl
c:\windows\25c5spz9are816.dll
c:\windows\25f9dozn5oader1415.dll
c:\windows\25z65ha95tool334.ocx
c:\windows\2656zvi9us5f.ocx
c:\windows\26773vizu5239.ocx
c:\windows\26859vizu91ab.bin
c:\windows\26882szy559.cpl
c:\windows\270559wnzoader2660.dll
c:\windows\27695vir9z92.exe
c:\windows\27822trojz059.dll
c:\windows\279709zt-a-viru53ec.ocx
c:\windows\28032vi5zs7b39.dll
c:\windows\281275pamzot29a.cpl
c:\windows\284959zrus564.dll
c:\windows\28534hacktooz1a29.cpl
c:\windows\28555not-a9v5ruz71.cpl
c:\windows\287fspyw5r91839z.dll
c:\windows\28beb9ck5oorz04.dll
c:\windows\28z0spyw59e1032.dll
c:\windows\290asparse215z.ocx
c:\windows\290z5ief9375.bin
c:\windows\29160spambotz75.dll
c:\windows\29250h9cktool1ze.dll
c:\windows\292ddow5zoader2477.exe
c:\windows\29580szy191.dll
c:\windows\29655ir14z1.ocx
c:\windows\297fthrez54517.bin
c:\windows\29813notza-virus530.bin
c:\windows\29851hackt9ol6f3z.bin
c:\windows\29953troz237.cpl
c:\windows\29a8zh5eat17961.bin
c:\windows\29e9spyw5re20z4.bin
c:\windows\2a81spar5ez1349.exe
c:\windows\2affa9dwzre2105.dll
c:\windows\2b07thzea94854.cpl
c:\windows\2b64spywzr51690.dll
c:\windows\2b6zadd9a5e1265.bin
c:\windows\2c9bthrezt10654.exe
c:\windows\2d6z5hi9f807.cpl
c:\windows\2d8zaddwar59032.ocx
c:\windows\2e99baczdoor351.ocx
c:\windows\2fe9spyw5rz2423.ocx
c:\windows\2z513w9rm1f0.exe
c:\windows\2ze4vi927635.cpl
c:\windows\30269tr9zf5.bin
c:\windows\30313viruz945.exe
c:\windows\30815vi5zs694.dll
c:\windows\30888hazkto95758.cpl
c:\windows\30925z9y341.cpl
c:\windows\30936s5y2z9.cpl
c:\windows\30945worm5z4.dll
c:\windows\30949zrus35e.dll
c:\windows\30999szy5a5.ocx
c:\windows\31152virus593z.ocx
c:\windows\31997not-a-zirus1599.bin
c:\windows\31z959py4c45.ocx
c:\windows\323235rzj491.ocx
c:\windows\32z57ha5kto9l6b6.ocx
c:\windows\3397h9ckto5z70b.exe
c:\windows\369zthie52279.dll
c:\windows\398thizf5172.bin
c:\windows\3992zte5l503.exe
c:\windows\39dadzwnlo5der461.bin
c:\windows\39f4t5ief14z9.exe
c:\windows\3a35sz9rse69.bin
c:\windows\3a9cthreat399z85.cpl
c:\windows\3d7esza5se3179.dll
c:\windows\3e2dth5eat1z290.ocx
c:\windows\3f4bdown5ozder5459.cpl
c:\windows\3z4ast5al159.cpl
c:\windows\3z531sp9mbotbd.ocx
c:\windows\3z54s9ywar53261.ocx
c:\windows\3z799spyda5.bin
c:\windows\3zab5o9nloader487.exe
c:\windows\3zc5spars9107.dll
c:\windows\405zsteal9655.bin
c:\windows\40e0zpyw9re10555.ocx
c:\windows\4119spa9bo5z45.dll
c:\windows\41f9tz5ef1389.exe
c:\windows\4324threz97075.exe
c:\windows\4349t5oj7z9.bin
c:\windows\4382not9z5virus18e.exe
c:\windows\45579zr5sff.exe
c:\windows\4557spy64z9.exe
c:\windows\4570spamb9t23z.cpl
c:\windows\45abz9k5oor2647.bin
c:\windows\45d2spar9ez096.dll
c:\windows\4697not-z-v5rus7bb.ocx
c:\windows\4717b9c5door1698z.exe
c:\windows\47519tealz723.ocx
c:\windows\4909vir3z65.bin
c:\windows\490fadd5aze2244.ocx
c:\windows\4916spyware9z56.cpl
c:\windows\49435ownloader1199z.bin
c:\windows\4955zhi9f2499.ocx
c:\windows\4994spyw5ze1624.bin
c:\windows\4998zddware7465.bin
c:\windows\4b6adownload5r17z69.bin
c:\windows\4c92threat275z7.cpl
c:\windows\4e71spy9arez1425.ocx
c:\windows\4ff5addwar91z02.cpl
c:\windows\4z04spa95e2829.bin
c:\windows\4z30addwa9e2556.ocx
c:\windows\503zw9rm2d5.bin
c:\windows\518szeal2439.cpl
c:\windows\51z3spy9dd5.dll
c:\windows\52c4spy5a9e2536z.exe
c:\windows\53918spyz49.ocx
c:\windows\539downloadez1558.dll
c:\windows\53zfspywar91754.bin
c:\windows\5444zddwa9e1198.ocx
c:\windows\545179orm2z5.ocx
c:\windows\54fbthrezt10990.exe
c:\windows\5512vzru9370.exe
c:\windows\553a9ir3z7.dll
c:\windows\55497spambozfd.ocx
c:\windows\559esparse5994z.exe
c:\windows\55c0thzeat25495.dll
c:\windows\55cdba9kdzor2523.cpl
c:\windows\55czs5eal9027.dll
c:\windows\56159oznloader2148.bin
c:\windows\564fbac5do9r3194z.ocx
c:\windows\5735add5a9ez138.ocx
c:\windows\575zroj29a.dll
c:\windows\59217spy4zb.dll
c:\windows\595zir2774.dll
c:\windows\596cs9yware53z.ocx
c:\windows\597ezi52774.dll
c:\windows\5984haczto5l391.dll
c:\windows\5999zteal1176.bin
c:\windows\59z5thief900.exe
c:\windows\59z85troj5fc.exe
c:\windows\5a5bthiez18189.bin
c:\windows\5a9asp5ware1602z.ocx
c:\windows\5b59baczdoo9804.exe
c:\windows\5b8zvir15519.bin
c:\windows\5b9edownloader5358z.bin
c:\windows\5c14spywzre1591.dll
c:\windows\5c66thizf1489.exe
c:\windows\5cc0ba9kzoor5923.dll
c:\windows\5cfb5z9al3145.bin
c:\windows\5d7cspa5se30z9.cpl
c:\windows\5e299oznloader2550.bin
c:\windows\5e5bthiz91322.ocx
c:\windows\5e5zvir1998.bin
c:\windows\5fdddownl9adez1965.dll
c:\windows\5z24hacktool4995.ocx
c:\windows\5z3cthie91890.bin
c:\windows\5z735o9m14a.bin
c:\windows\5z989troj5559.exe
c:\windows\5zaaspy9are652.bin
c:\windows\5zd2spy59re2843.exe
c:\windows\5ze5steal965.bin
c:\windows\5zff9hie51204.dll
c:\windows\6026a9dw5rz2527.cpl
c:\windows\6126thief1597z.exe
c:\windows\615fbackz9or1257.cpl
c:\windows\619zs5arse25759.dll
c:\windows\61z9vir2955.exe
c:\windows\63195o9z157.bin
c:\windows\632bst5alz849.dll
c:\windows\645zparse2239.bin
c:\windows\649atzrea525717.cpl
c:\windows\6594virus65z.bin
c:\windows\6596steal997z.exe
c:\windows\6615wor5b9z.cpl
c:\windows\6997spyw5rez603.bin
c:\windows\69985roz599.cpl
c:\windows\69c3tzr5at200069.ocx
c:\windows\6a48threa92z5975.exe
c:\windows\6aa0t5ie95z9.cpl
c:\windows\6azcsp5w9re921.cpl
c:\windows\6bc7back5o9r1z45.dll
c:\windows\6ce99ow5loaderz191.exe
c:\windows\6d469ackdoor574z.ocx
c:\windows\6d8ca9dwarz2553.exe
c:\windows\6e8ca9dwar523z0.ocx
c:\windows\6f99zpywar95235.bin
c:\windows\6fc5sp9r5z2194.exe
c:\windows\7038noz-a-v5ru92b9.exe
c:\windows\709b5parse18z1.exe
c:\windows\7352zroj995.bin
c:\windows\7532zot-a-9irusf6.ocx
c:\windows\75zdback5oor9729.ocx
c:\windows\781fsza9se3151.ocx
c:\windows\7902zac5door1455.cpl
c:\windows\7949sparz9805.cpl
c:\windows\799zthie9657.ocx
c:\windows\79b5steal29z7.cpl
c:\windows\7b0t9zef2577.ocx
c:\windows\7b95spywa5e255z.dll
c:\windows\7bcddow5loade9z160.bin
c:\windows\7fc3b9c5door1587z.dll
c:\windows\7z47virus695.bin
c:\windows\7z52v5r18289.dll
c:\windows\7z5evir1790.bin
c:\windows\7zb5sp9rse2300.cpl
c:\windows\7zd6spa59e2726.cpl
c:\windows\852spars92z85.exe
c:\windows\85419pamzot1b1.bin
c:\windows\855vzr23259.ocx
c:\windows\902dbackdo5r1334z.ocx
c:\windows\90zspy5are1735.ocx
c:\windows\911dozn9oader10995.exe
c:\windows\91305trojz9.ocx
c:\windows\9158spywar52z67.bin
c:\windows\92182wozm415.bin
c:\windows\9252adz5are941.exe
c:\windows\9294vi5us6z9.cpl
c:\windows\92b5downloaderz30.bin
c:\windows\9305h9cktozl366.cpl
c:\windows\9330s5yzare2670.ocx
c:\windows\9351viz5165.cpl
c:\windows\93847hz5ktool740.bin
c:\windows\94143virus508z.ocx
c:\windows\9417spywarz544.bin
c:\windows\9442th5ef2711z.bin
c:\windows\951375py570z.bin
c:\windows\95277worm3e2z.cpl
c:\windows\9595vir9z1c0.cpl
c:\windows\96973not-a-vir5s117z.ocx
c:\windows\97176zirus595.ocx
c:\windows\9751trojz95.ocx
c:\windows\97zasparse357.exe
c:\windows\982cth5ef3z2.cpl
c:\windows\9923s5y9z5.ocx
c:\windows\99324no5-a-virus25z.exe
c:\windows\993z1sp5mbot538.ocx
c:\windows\9945spa59zt7cc.bin
c:\windows\9953spamboz4285.dll
c:\windows\9e7th5ezt111299.exe
c:\windows\9f965tzal2944.dll
c:\windows\9z05hack5ool9c9.bin
c:\windows\9z959py3d0.ocx
c:\windows\9z99troj55.bin
c:\windows\b7dtzi952572.dll
c:\windows\be19ddware1559z.exe
c:\windows\d38zt59l2411.cpl
c:\windows\e1bthreat901z75.exe
c:\windows\fz95pyware1051.ocx
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\10369zpambot25c.ocx
c:\windows\system32\10437not-9-v5rzs748.bin
c:\windows\system32\10e5vi9850z.ocx
c:\windows\system32\11195n5t-a-zirus719.exe
c:\windows\system32\1141595rzs760.bin
c:\windows\system32\11795zpy68.bin
c:\windows\system32\1179znot-a5virus4b7.exe
c:\windows\system32\12019not-a9virzs1b5.exe
c:\windows\system32\12228not-9-v5rusz9c.exe
c:\windows\system32\1236downz9ader3549.ocx
c:\windows\system32\1245stezl9261.exe
c:\windows\system32\12561h9cktoz5ac.dll
c:\windows\system32\12953zirus9b0.ocx
c:\windows\system32\129bst5zl489.cpl
c:\windows\system32\12z3wo5m7639.bin
c:\windows\system32\13075wo9m2z.bin
c:\windows\system32\13367s9amb5t54fz.ocx
c:\windows\system32\135819ot-azviru557b.cpl
c:\windows\system32\13z26tr591fe.cpl
c:\windows\system32\14263s5926z.dll
c:\windows\system32\14325spy92z.ocx
c:\windows\system32\14643woz955a.dll
c:\windows\system32\14755no9-a-vi5uzb5.dll
c:\windows\system32\1483zhi953157.exe
c:\windows\system32\1496thzef5819.dll
c:\windows\system32\149ebackdoorz9635.dll
c:\windows\system32\1530zwor5390.bin
c:\windows\system32\1540znot-a-vi59s5c1.dll
c:\windows\system32\154259acktzol580.dll
c:\windows\system32\15439not-z-5irus7bb.dll
c:\windows\system32\15691not-a-viru51fz.bin
c:\windows\system32\15937spy32cz.dll
c:\windows\system32\1595vir2699z.cpl
c:\windows\system32\15zfthie922135.exe
c:\windows\system32\16981spzmbot57b5.cpl
c:\windows\system32\173dsp5wzre289.dll
c:\windows\system32\17888zpy595.cpl
c:\windows\system32\17892worz952.ocx
c:\windows\system32\17b1thi9z5071.dll
c:\windows\system32\17b9downloader5572z.ocx
c:\windows\system32\18119sp95z6.bin
c:\windows\system32\18354n5t-z-vi9us1d8.bin
c:\windows\system32\1857sparz92384.cpl
c:\windows\system32\18854wor95zf.exe
c:\windows\system32\18915zpydd.bin
c:\windows\system32\18918hackt5ol7a5z.bin
c:\windows\system32\18a9vir258z.dll
c:\windows\system32\18zfs9eal2553.cpl
c:\windows\system32\18zspy905.bin
c:\windows\system32\190465rojzb9.exe
c:\windows\system32\190z5virus15b.dll
c:\windows\system32\19197vir5s399z.cpl
c:\windows\system32\19409not-a-viru512az.ocx
c:\windows\system32\19492wzr51aa9.ocx
c:\windows\system32\19493spydz5.exe
c:\windows\system32\19807zo5mda.dll
c:\windows\system32\1985threat29991z.ocx
c:\windows\system32\198825orm7za9.bin

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27582
# Likes # Likes : 0

View user profile

Back to top Go down

part 2

Post by xxzozo on Sat Jun 13, 2009 11:49 pm

c:\windows\system32\1azbsp5r9e1002.ocx
c:\windows\system32\1b2ddowzloader5912.ocx
c:\windows\system32\1b945ackdoor580z.cpl
c:\windows\system32\1bz45ackdoor609.cpl
c:\windows\system32\1c0b5py9are2952z.cpl
c:\windows\system32\1c9zback5oor894.bin
c:\windows\system32\1d5athief829z.dll
c:\windows\system32\1decsp5ware192z.ocx
c:\windows\system32\1e5cvi9146z.bin
c:\windows\system32\1e76zte95302.ocx
c:\windows\system32\1e80spy95ze1457.ocx
c:\windows\system32\1e88doznloader2095.cpl
c:\windows\system32\1e995zwnloader984.cpl
c:\windows\system32\1fbddownlzader5919.exe
c:\windows\system32\1z15downloade95903.bin
c:\windows\system32\1z201hacktool5795.cpl
c:\windows\system32\1z295hackto9l6e6.dll
c:\windows\system32\1z559virus2e5.ocx
c:\windows\system32\1z677hack9oo5261.bin
c:\windows\system32\20265n5z-a-9irus70.dll
c:\windows\system32\20557zorm5f59.exe
c:\windows\system32\20592s9z2755.ocx
c:\windows\system32\206abazkdo5r1739.bin
c:\windows\system32\20790t5oj1ze.cpl
c:\windows\system32\209789zrus5d1.cpl
c:\windows\system32\219e5hiez3075.cpl
c:\windows\system32\222no5-azvi9us495.bin
c:\windows\system32\222zr5j9a.dll
c:\windows\system32\226985ormzb0.cpl
c:\windows\system32\22905zpy359.ocx
c:\windows\system32\22995tr5jz66.dll
c:\windows\system32\22996worm25bz.bin
c:\windows\system32\229d5zeal1041.ocx
c:\windows\system32\22bcth9ez555.exe
c:\windows\system32\23496not9a-zir5s3de.ocx
c:\windows\system32\23657s5ambot3ze9.dll
c:\windows\system32\23966spa9bot35z.ocx
c:\windows\system32\2420vi514z59.ocx
c:\windows\system32\24554zot5a-vir9s267.dll
c:\windows\system32\24619wormz95.exe
c:\windows\system32\246edoznl95der1935.exe
c:\windows\system32\2503zvirus3895.cpl
c:\windows\system32\250559ot-a-virzs329.ocx
c:\windows\system32\2510n9t-a-virus2z6.ocx
c:\windows\system32\25315ha9ktool649z.bin
c:\windows\system32\2583addwzre23549.dll
c:\windows\system32\259475ot-a-z9rus655.ocx
c:\windows\system32\2597zt59j7a6.cpl
c:\windows\system32\25987spambot50z.cpl
c:\windows\system32\2599wozm6d5.ocx
c:\windows\system32\25z4h9cktool6145.ocx
c:\windows\system32\25z75hackt9ol575.bin
c:\windows\system32\26488z9t-5-virus428.dll
c:\windows\system32\26496trojz755.bin
c:\windows\system32\266509ot-a-vizus1bb.cpl
c:\windows\system32\274845ot9z-virus7c7.dll
c:\windows\system32\2779zsp95ea.bin
c:\windows\system32\27e39teaz1575.exe
c:\windows\system32\28249zpy795.cpl
c:\windows\system32\2899zs5y5ff.ocx
c:\windows\system32\28e9spywa5e2z91.exe
c:\windows\system32\29152wo9m25z.cpl
c:\windows\system32\29545worz921.cpl
c:\windows\system32\29553szy7259.dll
c:\windows\system32\297559irus22dz.exe
c:\windows\system32\29785orm7z9.cpl
c:\windows\system32\29954spz3dc.exe
c:\windows\system32\2b6fdown5oadzr9191.ocx
c:\windows\system32\2b89backz5or16089.exe
c:\windows\system32\2c59zownloader1216.dll
c:\windows\system32\2da2zownl5ader1679.ocx
c:\windows\system32\2f54backd5zr9969.ocx
c:\windows\system32\2f68ad5wzre2946.bin
c:\windows\system32\2f959ir2756z.cpl
c:\windows\system32\2f97backdoz916325.exe
c:\windows\system32\2z1a5ddware9045.cpl
c:\windows\system32\2z35459oj5c2.bin
c:\windows\system32\3039zvi5us9f7.ocx
c:\windows\system32\30657viruz983.bin
c:\windows\system32\30695not-5-zirus5c.dll
c:\windows\system32\30729not-a-viru57ez.exe
c:\windows\system32\308z759rus149.ocx
c:\windows\system32\30916not-a-v5ruz677.bin
c:\windows\system32\30z5thief2359.cpl
c:\windows\system32\30z95teal767.bin
c:\windows\system32\3114ztroj5965.ocx
c:\windows\system32\3119v5z2359.dll
c:\windows\system32\31396zirus975.cpl
c:\windows\system32\3185zworm908.exe
c:\windows\system32\31924virzs5f9.cpl
c:\windows\system32\31925not-9-zirus7b3.dll
c:\windows\system32\3193z5ot-a-virus4b3.exe
c:\windows\system32\32194worz95e5.dll
c:\windows\system32\32259spambot43z.exe
c:\windows\system32\325z3worm9b4.cpl
c:\windows\system32\33z8thr59t1476.exe
c:\windows\system32\3559zroj3aa9.ocx
c:\windows\system32\372zthr5at29985.cpl
c:\windows\system32\3759zhie93069.dll
c:\windows\system32\381fspywzre5958.exe
c:\windows\system32\3909not5a9viruz524.dll
c:\windows\system32\39189s5z45f.exe
c:\windows\system32\392ethi5f936z.exe
c:\windows\system32\393e5pywa9e2267z.ocx
c:\windows\system32\3952not-a-viru5z46.exe
c:\windows\system32\395aviz342.dll
c:\windows\system32\395fa5zware1113.exe
c:\windows\system32\39d2spyw9re1z675.exe
c:\windows\system32\39f5vir500z.exe
c:\windows\system32\3a61thizf9485.exe
c:\windows\system32\3ae15tzal139.exe
c:\windows\system32\3b579tezl1953.ocx
c:\windows\system32\3bbfad5ware2z259.cpl
c:\windows\system32\3cz8thre5t82369.exe
c:\windows\system32\3d0cs5yz9re274.cpl
c:\windows\system32\3d9zba9kdoor225.dll
c:\windows\system32\3z77wor96ab5.exe
c:\windows\system32\3z84vir92965.bin
c:\windows\system32\3z89thi9f5473.exe
c:\windows\system32\40425ownl9adez2681.exe
c:\windows\system32\40e8dzwnlo5der59.exe
c:\windows\system32\40fat5reat17559z.dll
c:\windows\system32\40zb5ddwar91326.cpl
c:\windows\system32\4155threaz187859.exe
c:\windows\system32\4179vir3z57.ocx
c:\windows\system32\42fcthr5at9408z.exe
c:\windows\system32\43d9thzef2359.ocx
c:\windows\system32\4509stzal1532.ocx
c:\windows\system32\4556t9rza511172.bin
c:\windows\system32\4594stea52z70.ocx
c:\windows\system32\4597zpambot8a.cpl
c:\windows\system32\459zth9ef2036.cpl
c:\windows\system32\467fs5y9aze1425.dll
c:\windows\system32\4703wor5z91.ocx
c:\windows\system32\475c9ownloaderz04.cpl
c:\windows\system32\479bzparse2576.cpl
c:\windows\system32\491aspzware9549.bin
c:\windows\system32\493bstezl5475.ocx
c:\windows\system32\4955spyw9re8z6.cpl
c:\windows\system32\4959sparse2z07.bin
c:\windows\system32\49ddzackd9or1561.bin
c:\windows\system32\4b52zhief2359.cpl
c:\windows\system32\4cc9ste5l857z.cpl
c:\windows\system32\4cf5th9eaz13591.ocx
c:\windows\system32\4e1f9ir52z1.ocx
c:\windows\system32\4edat5rea9155z0.dll
c:\windows\system32\4ef5ste95z272.exe
c:\windows\system32\4f9ezparse1558.dll
c:\windows\system32\4z1bthr9at8365.exe
c:\windows\system32\4z52threat28849.dll
c:\windows\system32\5069zroj243.cpl
c:\windows\system32\507309zrus7b2.cpl
c:\windows\system32\511cdown9oazer3127.dll
c:\windows\system32\51f9zpywa9e1847.dll
c:\windows\system32\5253thief2z49.ocx
c:\windows\system32\5291bzckdoor2123.bin
c:\windows\system32\53329virus9fz.cpl
c:\windows\system32\5439t9rzat181375.bin
c:\windows\system32\549fdownloaderz7495.cpl
c:\windows\system32\54a5viz11049.ocx
c:\windows\system32\54z1b9ckdoor2568.cpl
c:\windows\system32\54z5backd9or1570.ocx
c:\windows\system32\5509troj5c1z.bin
c:\windows\system32\55315i9us48z.ocx
c:\windows\system32\5551not-9zvirus559.ocx
c:\windows\system32\555bsparse2z09.ocx
c:\windows\system32\55609worm61cz.cpl
c:\windows\system32\55779zrus65f.exe
c:\windows\system32\558cth9ef5z9.exe
c:\windows\system32\55dc9hie5z194.exe
c:\windows\system32\56z9hac9t5ol582.exe
c:\windows\system32\5731thre9t9030z.ocx
c:\windows\system32\57899wor947z.cpl
c:\windows\system32\585799py53z.exe
c:\windows\system32\58708not-a-zirus9d8.ocx
c:\windows\system32\589z5ac9tool2e7.dll
c:\windows\system32\590avir18z39.exe
c:\windows\system32\59463not-a-viruz938.exe
c:\windows\system32\59601h9cktzol45c.exe
c:\windows\system32\5970vir19z1.exe
c:\windows\system32\5991wzrm5955.bin
c:\windows\system32\599bsteal549z.ocx
c:\windows\system32\59c7spazse9335.dll
c:\windows\system32\59d1spars51199z.ocx
c:\windows\system32\5a129hzeat20081.dll
c:\windows\system32\5bccba9kdozr1673.bin
c:\windows\system32\5c3es9arz51477.exe
c:\windows\system32\5c7cstea5z569.exe
c:\windows\system32\5c95thr9at916z.bin
c:\windows\system32\5czab9c5door775.cpl
c:\windows\system32\5d89zh5eat16888.exe
c:\windows\system32\5d95addware314z.bin
c:\windows\system32\5est9al1510z.dll
c:\windows\system32\5z19ad9ware1405.exe
c:\windows\system32\5z688spambot19.exe
c:\windows\system32\5zf3sparse2908.cpl
c:\windows\system32\62z7vir54309.ocx
c:\windows\system32\640fspa5se9763z.exe

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27582
# Likes # Likes : 0

View user profile

Back to top Go down

part3

Post by xxzozo on Sat Jun 13, 2009 11:50 pm

c:\windows\system32\6529threat256z9.bin
c:\windows\system32\6540thie9z187.cpl
c:\windows\system32\656ds9zal1228.exe
c:\windows\system32\658estzal2997.ocx
c:\windows\system32\6599vi5usza9.ocx
c:\windows\system32\65dz9parse186.exe
c:\windows\system32\65zcste9l1508.exe
c:\windows\system32\6694tro9552z.bin
c:\windows\system32\68dcsp5zs92170.bin
c:\windows\system32\6911tro9651z.bin
c:\windows\system32\6992w5rz173.ocx
c:\windows\system32\69z3th5ef872.ocx
c:\windows\system32\6a15add9arez265.ocx
c:\windows\system32\6ac6z9a5se2264.cpl
c:\windows\system32\6b84spy9arez589.bin
c:\windows\system32\6c875ownloa9er2163z.bin
c:\windows\system32\6dcdt9iefz5005.cpl
c:\windows\system32\6e559ownloadzr1912.ocx
c:\windows\system32\6z115teal699.ocx
c:\windows\system32\6ze5v9r12365.cpl
c:\windows\system32\6ze7a5dwar91259.exe
c:\windows\system32\6zeaspar591525.bin
c:\windows\system32\7051zroj97.bin
c:\windows\system32\709not-a-vi9uz5ad.exe
c:\windows\system32\710zs9yware22425.cpl
c:\windows\system32\735fvirz9555.exe
c:\windows\system32\73zdspyw5re795.dll
c:\windows\system32\75d1s9arse21z5.cpl
c:\windows\system32\76z0n95-a-virus451.dll
c:\windows\system32\7728sze5l1977.cpl
c:\windows\system32\772e5ddwzr9358.bin
c:\windows\system32\77e5ste9z21775.bin
c:\windows\system32\77e9thze51111.dll
c:\windows\system32\785zspyware9175.cpl
c:\windows\system32\791bdownloaderz542.bin
c:\windows\system32\79zfdownlo9der14035.cpl
c:\windows\system32\7b15zackdoo9474.ocx
c:\windows\system32\7b97thr5at1974z.dll
c:\windows\system32\7ba9tzie5702.dll
c:\windows\system32\7d31b5c9zoor2767.bin
c:\windows\system32\7z5dthie92665.ocx
c:\windows\system32\7z85vir3901.cpl
c:\windows\system32\8076ha9ktooz510.cpl
c:\windows\system32\8242z9r5s720.dll
c:\windows\system32\8291vzr594dc.ocx
c:\windows\system32\85szeal1759.cpl
c:\windows\system32\8829troz365.dll
c:\windows\system32\8995hack5oolz8d.ocx
c:\windows\system32\902995acktool34z.cpl
c:\windows\system32\9116zspy556.bin
c:\windows\system32\91468spamb5t363z.ocx
c:\windows\system32\91815trzj116.bin
c:\windows\system32\92165hackzool743.cpl
c:\windows\system32\92451worm7z1.bin
c:\windows\system32\92513not-a5vzrus3ce.bin
c:\windows\system32\9263vzrus95c.cpl
c:\windows\system32\92965o9m4z4.exe
c:\windows\system32\9304hackzoo573d.cpl
c:\windows\system32\9372hacktzol62b5.exe
c:\windows\system32\93z65spy4bb5.bin
c:\windows\system32\957zr5j6c.ocx
c:\windows\system32\9598not-a-virus59az.bin
c:\windows\system32\95zbvir1874.exe
c:\windows\system32\962th9eatz8855.bin
c:\windows\system32\9637z5roj54b.ocx
c:\windows\system32\9759hreat31235z.bin
c:\windows\system32\9812s5eal2581z.cpl
c:\windows\system32\9835szambot395.bin
c:\windows\system32\98zaddwar53982.cpl
c:\windows\system32\993ev5r81z.cpl
c:\windows\system32\99a4downloz5er996.bin
c:\windows\system32\99zvir5813.exe
c:\windows\system32\9c8bspy5arez492.bin
c:\windows\system32\9d7db5ckdozr1815.dll
c:\windows\system32\9ec5azkdoor2176.bin
c:\windows\system32\9f7baz5door2040.exe
c:\windows\system32\9z9not-a-viru5921.bin
c:\windows\system32\a05s9arsz1504.bin
c:\windows\system32\bz9spy5are3069.bin
c:\windows\system32\c0caddwar5z699.dll
c:\windows\system32\c2359arsz2453.cpl
c:\windows\system32\cb8sze591232.ocx
c:\windows\system32\d55spzrse3192.exe
c:\windows\system32\df5downl95der1z44.ocx
c:\windows\system32\z1023not-a-viru53b89.exe
c:\windows\system32\z15cv9r1297.bin
c:\windows\system32\z16759oj15f.dll
c:\windows\system32\z1ef9d5ware1739.ocx
c:\windows\system32\z359hief1742.bin
c:\windows\system32\z408troj59e.bin
c:\windows\system32\z4bf59eal2092.ocx
c:\windows\system32\z50419roj692.exe
c:\windows\system32\z5235pambot690.bin
c:\windows\system32\z544vir21109.cpl
c:\windows\system32\z551steal1197.ocx
c:\windows\system32\z559backdoor1319.exe
c:\windows\system32\z55csteal1229.ocx
c:\windows\system32\z59th5ef911.cpl
c:\windows\system32\z610thief27295.dll
c:\windows\system32\z669downl5ader3215.exe
c:\windows\system32\z6a5spyware1391.bin
c:\windows\system32\z945spyware2616.ocx
c:\windows\system32\z9579s9y523.cpl
c:\windows\system32\z9a35hrea932429.dll
c:\windows\system32\z9fedownlo5der2270.exe
c:\windows\system32\zadeba5kdoor1749.ocx
c:\windows\system32\zb3as9ar5e459.dll
c:\windows\system32\zc01backdoor559.bin
c:\windows\system32\zc9bt9re5t15089.bin
c:\windows\system32\zfe7steal22195.exe
c:\windows\z0285wo9m46b.dll
c:\windows\z19th9ea514978.exe
c:\windows\z273steal95165.bin
c:\windows\z3015hack59ol45f.ocx
c:\windows\z3522not-a-v9rus5d.dll
c:\windows\z43509roj558.exe
c:\windows\z474s5ambot329.ocx
c:\windows\z568worm49a9.cpl
c:\windows\z5c6s9arse593.exe
c:\windows\z615v9rus55d.bin
c:\windows\z6175sp9mbot5f7.ocx
c:\windows\z786sp9rse5558.exe
c:\windows\z85troj59f5.exe
c:\windows\z91threat27599.exe
c:\windows\z9455o9-a-virus77.dll
c:\windows\z950v9ru55f4.bin
c:\windows\z9598worm6ad.bin
c:\windows\z99955roj94.dll
c:\windows\zdd5b9ckdoo51514.exe
.
---- Previous Run -------
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-11-03 17:59 . 2009-11-03 17:59 8824 ----a-w- c:\windows\zd5aspyware69.bin
2009-09-26 11:46 . 2009-09-26 11:46 16745 ----a-w- c:\windows\580959tza-virus2.exe
2009-06-13 01:20 . 2009-06-13 01:20 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-06-13 01:20 . 2009-06-13 01:20 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-06-13 01:20 . 2009-06-13 01:20 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-13 01:20 . 2009-06-13 01:21 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Spyware Terminator
2009-06-12 23:09 . 2009-06-12 23:09 -------- d-----w- C:\rsit
2009-06-12 23:06 . 2009-06-12 23:10 116623 ----a-w- C:\MGlogs.zip
2009-06-12 22:30 . 2009-06-12 22:30 -------- d-----w- C:\!KillBox
2009-06-11 20:58 . 2009-06-11 20:58 -------- d-----w- c:\program files\RegCure
2009-06-11 20:58 . 2009-06-11 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-06-11 16:23 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 16:23 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 16:23 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 16:23 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-07 19:10 . 2009-06-12 23:10 -------- d-----w- C:\MGtools
2009-06-07 19:10 . 2009-06-07 19:10 1342151 ----a-w- C:\MGtools.exe
2009-06-07 16:59 . 2009-06-07 16:59 451655 ----a-w- c:\temp\RootRepeal.zip
2009-06-07 13:18 . 2009-06-07 13:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-07 12:55 . 2009-06-13 03:23 -------- d-----w- c:\program files\Spyware Terminator
2009-06-07 12:55 . 2009-06-13 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-06 04:08 . 2009-06-07 13:00 -------- d-----w- c:\program files\Trend Micro
2009-06-06 03:36 . 2009-06-06 03:36 -------- d-----w- C:\_OTM
2009-06-04 21:57 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 21:57 . 2009-06-04 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-04 21:57 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 21:57 . 2009-06-12 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 23:16 . 2009-06-02 23:16 361472 ----a-w- c:\windows\system32\tempo-setup2.exe
2009-05-30 14:23 . 2009-05-30 14:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-30 14:01 . 2009-05-30 14:01 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-05-30 13:58 . 2009-05-30 13:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-05-30 13:58 . 2009-05-30 13:58 -------- d-----w- c:\program files\PluginVideo
2009-05-26 22:41 . 2009-05-26 22:41 -------- d-sh--w- c:\documents and settings\Big Bad Jean\PrivacIE
2009-05-25 13:10 . 2009-05-25 13:10 -------- d-sh--w- c:\documents and settings\Big Bad Jean\IECompatCache
2009-05-24 16:02 . 2009-05-24 16:02 53248 ----a-w- c:\documents and settings\Zee\Application Data\Thinstall\Microsoft Office Enterprise 2007\4000006800002h\HPZSTC12.exe
2009-05-24 15:32 . 2009-05-24 15:32 53248 ----a-w- c:\documents and settings\Zee\Application Data\Thinstall\Microsoft Office Enterprise 2007\400000600002h\ctfmon.exe
2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\documents and settings\Zee\Application Data\Thinstall
2009-05-24 15:31 . 2009-05-24 15:31 -------- d-sh--w- c:\documents and settings\Zee\IETldCache
2009-05-22 21:36 . 2009-05-22 21:36 -------- d-sh--w- c:\documents and settings\Big Bad Jean\IETldCache
2009-05-22 21:00 . 2009-06-12 22:27 -------- d-----w- c:\windows\ie8updates
2009-05-22 21:00 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-22 20:58 . 2009-05-22 20:59 -------- dc-h--w- c:\windows\ie8
2009-05-22 20:48 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27582
# Likes # Likes : 0

View user profile

Back to top Go down

pt 4

Post by xxzozo on Sat Jun 13, 2009 11:52 pm

.
2009-06-13 16:27 . 2009-04-01 08:45 117760 ----a-w- c:\documents and settings\Big Bad Jean\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-13 16:23 . 2009-02-19 21:44 90586 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-06-02 23:18 . 2009-02-17 21:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-02 23:17 . 2009-02-15 23:46 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Free Download Manager
2009-05-27 20:03 . 2009-04-10 21:52 -------- d-----w- c:\program files\Sims2Pack Clean Installer
2009-05-13 05:15 . 2009-02-17 04:07 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2009-02-17 04:07 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 21:53 . 2009-02-16 21:57 -------- d-----w- c:\program files\PartyGaming
2009-04-24 20:44 . 2009-04-24 20:44 -------- d-----w- c:\program files\Coupons
2009-04-24 01:37 . 2009-04-24 01:37 53248 ----a-w- c:\documents and settings\Big Bad Jean\Application Data\Thinstall\Microsoft Office Enterprise 2007\4000006800002h\HPZSTC12.exe
2009-04-24 01:35 . 2009-04-24 01:35 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Thinstall
2009-04-22 21:05 . 2009-04-22 21:05 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\U3
2009-04-17 12:26 . 2009-02-17 04:07 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2009-02-17 04:07 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 20:44 . 2009-04-14 20:44 135 ----a-w- c:\documents and settings\Big Bad Jean\Local Settings\Application Data\fusioncache.dat
2009-04-10 22:15 . 2009-04-10 22:15 126 ----a-w- c:\documents and settings\Zee\Local Settings\Application Data\fusioncache.dat
2009-04-05 14:28 . 2009-04-05 14:23 68268 ----a-w- c:\windows\hpoins05.dat
2004-12-07 17:13 . 2004-12-07 17:13 703080 ----a-w- c:\program files\BDA.cab
2004-12-07 17:13 . 2004-12-07 17:13 3578547 ----a-w- c:\program files\ManagedDX.CAB
2004-12-07 17:13 . 2004-12-07 17:13 1156363 ----a-w- c:\program files\BDANT.cab
2004-12-07 17:13 . 2004-12-07 17:13 479432 ----a-w- c:\program files\dxsetup.exe
2004-12-07 17:13 . 2004-12-07 17:13 69832 ----a-w- c:\program files\DSETUP.dll
2004-12-07 17:13 . 2004-12-07 17:13 2249416 ----a-w- c:\program files\dsetup32.dll
2004-12-07 17:13 . 2004-12-07 17:13 13265040 ----a-r- c:\program files\dxnt.cab
2004-12-07 17:13 . 2004-12-07 17:13 976020 ----a-w- c:\program files\BDAXP.cab
2004-12-07 17:13 . 2004-12-07 17:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-12-07 16:47 . 2004-12-07 16:47 20717 ----a-w- c:\program files\DirectX SDK EULA.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"tempo-setup2.exe"="c:\windows\system32\tempo-setup2.exe" [2009-06-02 361472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 18:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 8:08 PM 93712]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [1/19/2009 3:25 PM 17952]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 8:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 8:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 8:08 PM 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 2:50 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 8:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 8:08 PM 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 11:24 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 11:24 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 8:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 8:08 PM 88816]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 10:10 PM 189704]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\windows\Tasks\CAAntiSpywareScan_Daily as Big Bad Jean at 4 15 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

2009-06-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-13 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Download all with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dllink.htm
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-13 13:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(128)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(480)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
Completion time: 2009-06-13 13:07
ComboFix-quarantined-files.txt 2009-06-13 17:07

Pre-Run: 256,961,261,568 bytes free
Post-Run: 257,119,682,560 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
895 --- E O F --- 2009-06-12 22:27

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27582
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on Sun Jun 14, 2009 12:11 am

Hello.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\zd5aspyware69.bin
c:\windows\580959tza-virus2.exe
C:\MGlogs.zip
C:\MGtools.exe
c:\temp\RootRepeal.zip
c:\windows\system32\tempo-setup2.exe

Folder::
c:\program files\Coupons
C:\rsit
C:\!KillBox
C:\MGtools
C:\_OTM

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"tempo-setup2.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

WIN BLUE SOFT FIX B_S_WARNING FOR DELETING BLOCKER_DLL_FILE

Post by the_broken_pccomp on Sun Jun 14, 2009 4:32 am

I have win blue soft with the following symptoms on XP:

-cannot open programs
-safe mode does identical stuff to regualar mode
-cannot open task manager
-attomatic shut down in 5 min because the pointer drags itself to the start menu and logs off

I came across this so called help file but WARNING! I deleted the blocker.dll and my computer will no longer turn on. It just starts for about 2 seconds and the no power, no nothing. Reading this blog I am wondering if its a pile of junk and blocker.dll is important. I was starting to trying to get rid on the winbluesoft by deleting the 0whatev23.dll in the windows but why does it have to come to this. Im assuming that the hackers are posting the help files. With this broken computer, I wonder the next stages for this computer. How would you go about resetting the computer when it does not do anything. Just disaster. Please comment if you think not.

the_broken_pccomp
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-06-14
OS OS : xp
Points Points : 27313
# Likes # Likes : 0

View user profile

Back to top Go down

NM BLOCKER_DLL MIGHT BE THE ISSUE

Post by the_broken_pccomp on Sun Jun 14, 2009 4:41 am

I had a frustrating 2 weeks of trying to fix this bug called winbluesoft. These instructions could be correct therefore ignore my previous message. Thanks

the_broken_pccomp
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-06-14
OS OS : xp
Points Points : 27313
# Likes # Likes : 0

View user profile

Back to top Go down

COMPUTER FIXED

Post by the_broken_pccomp on Sun Jun 14, 2009 5:42 am

Honestly, these simple steps work:

1. Get rid of blocker.dll in windows32 folder by using software killbox
2. Run Combo-Fix

THANKS SO MUCH. I want to kiss you

the_broken_pccomp
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-06-14
OS OS : xp
Points Points : 27313
# Likes # Likes : 0

View user profile

Back to top Go down

Good Morning !! For some reason This did not want to work !! Took all night to f

Post by xxzozo on Sun Jun 14, 2009 12:12 pm

ComboFix 09-06-13.09 - Big Bad Jean 06/14/2009 7:46.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.160 [GMT -4:00]
Running from: c:\documents and settings\Big Bad Jean\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Big Bad Jean\Desktop\CFScript.txt,.txt
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

FILE ::
"C:\MGlogs.zip"
"C:\MGtools.exe"
"c:\temp\RootRepeal.zip"
"c:\windows\580959tza-virus2.exe"
"c:\windows\system32\tempo-setup2.exe"
"c:\windows\zd5aspyware69.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\!KillBox
C:\_OTM
C:\MGtools
c:\program files\Coupons
C:\rsit
c:\!killbox\blocker.dll( 1)
c:\!killbox\blocker.dll( 2)
c:\!killbox\Logs\kb.log
c:\_otm\MovedFiles\06052009_233606.log
c:\_otm\MovedFiles\06052009_233606.res
C:\MGlogs.zip
C:\MGtools.exe
c:\mgtools\analyse.exe
c:\mgtools\chodefix.bat
c:\mgtools\config.reg
c:\mgtools\DisableUAC.reg
c:\mgtools\EnableUAC.reg
c:\mgtools\ffdata.txt
c:\mgtools\filelog.txt
c:\mgtools\FindOVL.bat
c:\mgtools\FixBagle.bat
c:\mgtools\fixBagle.reg
c:\mgtools\FixCF.bat
c:\mgtools\fixCF.reg
c:\mgtools\fixChode.reg
c:\mgtools\FixFA.bat
c:\mgtools\fixFA.reg
c:\mgtools\GetDetails.exe
c:\mgtools\GetLogs.Bat
c:\mgtools\GetRunKey.bat
c:\mgtools\GetUnKey.txt
c:\mgtools\GetUnKeys.bat
c:\mgtools\grep.exe
c:\mgtools\GRK64.bat
c:\mgtools\hide.reg
c:\mgtools\hijackthis.log
c:\mgtools\history.txt
c:\mgtools\HTAfind.bat
c:\mgtools\IEFIX.reg
c:\mgtools\locate.com
c:\mgtools\ltime.exe
c:\mgtools\newfiles.txt
c:\mgtools\procdll.txt
c:\mgtools\Process.exe
c:\mgtools\ProcessDll.exe
c:\mgtools\Regfix.bat
c:\mgtools\runkeys.txt
c:\mgtools\sed.exe
c:\mgtools\ShowNew.bat
c:\mgtools\SN64.bat
c:\mgtools\swreg.exe
c:\mgtools\swwhoami.exe
c:\mgtools\sysinfo.txt
c:\mgtools\sysrest.txt
c:\mgtools\unhide.reg
c:\mgtools\UserInfo.bat
c:\mgtools\UserInfo.txt
c:\mgtools\vfind.exe
c:\mgtools\VunFind.bat
c:\mgtools\winfiles.txt
c:\mgtools\zip.exe
c:\program files\Coupons\Coupons.com.url
c:\program files\Coupons\uninstall.exe
c:\program files\Coupons\Uninstall\IRIMG1.JPG
c:\program files\Coupons\Uninstall\IRIMG2.JPG
c:\program files\Coupons\Uninstall\IRIMG3.JPG
c:\program files\Coupons\Uninstall\IRIMG4.JPG
c:\program files\Coupons\Uninstall\IRIMG5.JPG
c:\program files\Coupons\Uninstall\IRIMG6.JPG
c:\program files\Coupons\Uninstall\IRIMG7.JPG
c:\program files\Coupons\Uninstall\IRIMG8.JPG
c:\program files\Coupons\Uninstall\uninstall.dat
c:\program files\Coupons\Uninstall\uninstall.xml
c:\rsit\info.txt
c:\rsit\log.txt
c:\temp\RootRepeal.zip
c:\windows\580959tza-virus2.exe
c:\windows\system32\tempo-setup2.exe
c:\windows\zd5aspyware69.bin

.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.

2009-06-13 01:20 . 2009-06-13 01:20 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-06-13 01:20 . 2009-06-13 01:20 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-06-13 01:20 . 2009-06-13 01:20 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-13 01:20 . 2009-06-13 01:21 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Spyware Terminator
2009-06-11 20:58 . 2009-06-14 00:40 -------- d-----w- c:\program files\RegCure
2009-06-11 20:58 . 2009-06-11 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-06-11 16:23 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 16:23 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 16:23 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 16:23 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-07 13:18 . 2009-06-07 13:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-07 12:55 . 2009-06-13 03:23 -------- d-----w- c:\program files\Spyware Terminator
2009-06-07 12:55 . 2009-06-13 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-06 04:08 . 2009-06-07 13:00 -------- d-----w- c:\program files\Trend Micro
2009-06-04 21:57 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 21:57 . 2009-06-04 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-04 21:57 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 21:57 . 2009-06-12 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-30 14:23 . 2009-05-30 14:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-30 14:01 . 2009-05-30 14:01 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-05-30 13:58 . 2009-05-30 13:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-05-30 13:58 . 2009-06-14 02:15 -------- d-----w- c:\program files\PluginVideo
2009-05-26 22:41 . 2009-05-26 22:41 -------- d-sh--w- c:\documents and settings\Big Bad Jean\PrivacIE
2009-05-25 13:10 . 2009-05-25 13:10 -------- d-sh--w- c:\documents and settings\Big Bad Jean\IECompatCache
2009-05-24 16:02 . 2009-05-24 16:02 53248 ----a-w- c:\documents and settings\Zee\Application Data\Thinstall\Microsoft Office Enterprise 2007\4000006800002h\HPZSTC12.exe
2009-05-24 15:32 . 2009-05-24 15:32 53248 ----a-w- c:\documents and settings\Zee\Application Data\Thinstall\Microsoft Office Enterprise 2007\400000600002h\ctfmon.exe
2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\documents and settings\Zee\Application Data\Thinstall
2009-05-24 15:31 . 2009-05-24 15:31 -------- d-sh--w- c:\documents and settings\Zee\IETldCache
2009-05-22 21:36 . 2009-05-22 21:36 -------- d-sh--w- c:\documents and settings\Big Bad Jean\IETldCache
2009-05-22 21:00 . 2009-06-12 22:27 -------- d-----w- c:\windows\ie8updates
2009-05-22 21:00 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-22 20:58 . 2009-05-22 20:59 -------- dc-h--w- c:\windows\ie8
2009-05-22 20:48 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 12:04 . 2009-04-01 08:45 117760 ----a-w- c:\documents and settings\Big Bad Jean\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-06-14 11:58 . 2009-02-19 21:44 212734 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-06-14 02:58 . 2009-02-15 23:46 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Free Download Manager
2009-06-02 23:18 . 2009-02-17 21:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-27 20:03 . 2009-04-10 21:52 -------- d-----w- c:\program files\Sims2Pack Clean Installer
2009-05-13 05:15 . 2009-02-17 04:07 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2009-02-17 04:07 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 21:53 . 2009-02-16 21:57 -------- d-----w- c:\program files\PartyGaming
2009-04-24 01:37 . 2009-04-24 01:37 53248 ----a-w- c:\documents and settings\Big Bad Jean\Application Data\Thinstall\Microsoft Office Enterprise 2007\4000006800002h\HPZSTC12.exe
2009-04-24 01:35 . 2009-04-24 01:35 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Thinstall
2009-04-22 21:05 . 2009-04-22 21:05 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\U3
2009-04-17 12:26 . 2009-02-17 04:07 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2009-02-17 04:07 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 20:44 . 2009-04-14 20:44 135 ----a-w- c:\documents and settings\Big Bad Jean\Local Settings\Application Data\fusioncache.dat
2009-04-10 22:15 . 2009-04-10 22:15 126 ----a-w- c:\documents and settings\Zee\Local Settings\Application Data\fusioncache.dat
2009-04-05 14:28 . 2009-04-05 14:23 68268 ----a-w- c:\windows\hpoins05.dat
2004-12-07 17:13 . 2004-12-07 17:13 703080 ----a-w- c:\program files\BDA.cab
2004-12-07 17:13 . 2004-12-07 17:13 3578547 ----a-w- c:\program files\ManagedDX.CAB
2004-12-07 17:13 . 2004-12-07 17:13 1156363 ----a-w- c:\program files\BDANT.cab
2004-12-07 17:13 . 2004-12-07 17:13 479432 ----a-w- c:\program files\dxsetup.exe
2004-12-07 17:13 . 2004-12-07 17:13 69832 ----a-w- c:\program files\DSETUP.dll
2004-12-07 17:13 . 2004-12-07 17:13 2249416 ----a-w- c:\program files\dsetup32.dll
2004-12-07 17:13 . 2004-12-07 17:13 13265040 ----a-r- c:\program files\dxnt.cab
2004-12-07 17:13 . 2004-12-07 17:13 976020 ----a-w- c:\program files\BDAXP.cab
2004-12-07 17:13 . 2004-12-07 17:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-12-07 16:47 . 2004-12-07 16:47 20717 ----a-w- c:\program files\DirectX SDK EULA.txt

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27582
# Likes # Likes : 0

View user profile

Back to top Go down

Pt 2

Post by xxzozo on Sun Jun 14, 2009 12:12 pm

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-02-18 177392]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-02-18 259312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-02-18 173296]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-02-18 1193200]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 18:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinBlueSoft

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 8:08 PM 93712]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [1/19/2009 3:25 PM 17952]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 8:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 8:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 8:08 PM 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 2:50 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 8:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 8:08 PM 66576]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 8:08 PM 88816]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 11:24 AM 1010192]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 11:24 AM 801296]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 8:10 PM 281104]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 10:10 PM 189704]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\windows\Tasks\CAAntiSpywareScan_Daily as Big Bad Jean at 4 15 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

2009-06-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-14 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Download all with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - [You must be registered and logged in to see this link.] files\Free Download Manager\dllink.htm
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-14 08:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,7c,96,c8,79,ac,87,44,bc,f1,1f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,7c,96,c8,79,ac,87,44,bc,f1,1f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1660)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(1900)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(3416)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\windows\system32\CF21395.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-14 8:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-14 12:07
ComboFix2.txt 2009-06-13 17:07

Pre-Run: 256,687,218,688 bytes free
Post-Run: 256,668,573,696 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
308 --- E O F --- 2009-06-12 22:27

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27582
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on Sun Jun 14, 2009 12:15 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

could not have done it withou you !!

Post by xxzozo on Sun Jun 14, 2009 11:15 pm

[b][i]It seems all cleared up now !! It seems to be running better than B4.. I still have a bunch of programs on here dont know if I need them or not..Reg Cure....MG Tools....RSIT...ieexplorer...Hijack this..Malwarebytes..dds...revosetup..and Killbox..Also What do you recommend I use to keep myself safe. The CA Supersntispyware .and windows were all on when this thing got thu

xxzozo
Novice
Novice

Posts Posts : 40
Joined Joined : 2009-06-06
OS OS : XP/vista/7
Protection Protection : avira
Points Points : 27582
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WIN BLUE SOFT VICTIM

Post by Belahzur on Sun Jun 14, 2009 11:20 pm

Delete everything apart from MBAM.
Uninstall CA, it's not very good. Look under add/remove programs and uninstall everything related to CA.

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum