HELP!! (WinBlueSoft virus/trojan removal)

View previous topic View next topic Go down

HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 3:07 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:25 PM, on 6/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Security\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Security\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\setup2.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\All Blacks Desktop Alert\All Blacks Desktop Alert.exe
C:\DOCUME~1\User\LOCALS~1\Temp\_All Blacks Desktop Alert.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Documents and Settings\User\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Security\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Startup: All Blacks Desktop Alert.lnk = C:\Program Files\All Blacks Desktop Alert\All Blacks Desktop Alert.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F0B3099-2E30-42B6-8EC3-570EDC457EDF}: NameServer = 85.255.112.13,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{6416496C-0682-4309-B285-7E40B799E9A4}: NameServer = 85.255.112.13,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.13,85.255.112.110
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Security\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9835 bytes

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by Belahzur on Thu Jun 18, 2009 10:25 am


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Kaspersky/Ad-Watch)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 1:55 pm

After running Combo-Fix it appears that the virus/trojan is gone.

I'll still post the final log though.

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 1:56 pm

ComboFix 09-06-17.04 - User 06/18/2009 9:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1153 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\Ctxfihlp.exe
c:\windows\system32\drivers\gxvxcmndodltuphpseulbtkotmemrsxtqukwj.sys
c:\windows\system32\gxvxcaexxnqyqmiesnagdrfutrhaxwnhnuucv.dll
c:\windows\system32\Keys
c:\windows\10591szy5b.bin
c:\windows\10593virus7z5.dll
c:\windows\10610sz5954.bin
c:\windows\1064ztroj19a5.cpl
c:\windows\10692spzm5ot7f5.dll
c:\windows\107dd9wnloa5zr698.cpl
c:\windows\10cbzddware5991.cpl
c:\windows\10z7ste5l293.cpl
c:\windows\11724h9c5toolz66.bin
c:\windows\11fbaddware9185z.exe
c:\windows\11z44worm759.bin
c:\windows\12380t9oj51bz.cpl
c:\windows\124065z9ktool7ae.bin
c:\windows\12591w9zm35.exe
c:\windows\126sze5l1699.dll
c:\windows\1322spzmb9t35e.dll
c:\windows\13745not-z-virus944.cpl
c:\windows\13a4baczd9or2659.ocx
c:\windows\14147s9am5zt14e.cpl
c:\windows\15059zorma6.bin
c:\windows\1529sp5mzot76b.ocx
c:\windows\152b5pzwa9e63.exe
c:\windows\15353vi9u5c4z.bin
c:\windows\15743zpy399.ocx
c:\windows\1574add9arez23.bin
c:\windows\15947wo9mzd3.ocx
c:\windows\15f5spa9se12z9.bin
c:\windows\15z45sp9mbot663.dll
c:\windows\15z97wo5m5b3.bin
c:\windows\16251n9t5a-virus5dz.cpl
c:\windows\16445trojz975.cpl
c:\windows\16692spaz95t29d.dll
c:\windows\16951h9ckzool461.cpl
c:\windows\17394haczt5ol46a.exe
c:\windows\17939trz56c9.exe
c:\windows\18543nzt-a9virus375.ocx
c:\windows\1867z9py50.bin
c:\windows\18775virusz95.bin
c:\windows\18822tr5z19d.dll
c:\windows\18855hacktooze9.dll
c:\windows\18986virus5z9.ocx
c:\windows\18z0ha9k5ool164.exe
c:\windows\19009zorm2d5.exe
c:\windows\19013worm545z.ocx
c:\windows\194z8troj5e85.exe
c:\windows\1984zworm59e.dll
c:\windows\19915hief3083z.ocx
c:\windows\199745zy7b.bin
c:\windows\19977vi5u97cz.cpl
c:\windows\1998tzr9at956.dll
c:\windows\19z23worm1dd5.dll
c:\windows\1a1fbac5doz92326.dll
c:\windows\1a5csp9ware5425z.bin
c:\windows\1a97s9ywaze2055.ocx
c:\windows\1b79baczdoor7445.exe
c:\windows\1be4spzwa5e2529.ocx
c:\windows\1e22stz9l31335.cpl
c:\windows\1e5evi92z51.dll
c:\windows\2008zno5-a-vir9s2d9.bin
c:\windows\20113spam5oz1a79.cpl
c:\windows\20849spz59e.dll
c:\windows\20z265orm96.bin
c:\windows\20z48t5oj3a9.ocx
c:\windows\210849pzm5ot4d6.exe
c:\windows\21455not-azv9rus3dd.cpl
c:\windows\219455pazbo9473.ocx
c:\windows\21z87hack5ool6c9.bin
c:\windows\22z92tr5j9d9.cpl
c:\windows\2300z5dwa9e3080.bin
c:\windows\2325zsp9m5ot205.exe
c:\windows\23351v9zus5f.cpl
c:\windows\2351tzie92154.ocx
c:\windows\238atz9eat31959.ocx
c:\windows\23959spy49bz.bin
c:\windows\23a3d9wzlo5der2775.dll
c:\windows\24363tz5961c.cpl
c:\windows\24630not-59viruz283.exe
c:\windows\24796hackzool6385.bin
c:\windows\24adbackd59r11z5.bin
c:\windows\25287virus5cz9.ocx
c:\windows\252z5worm769.dll
c:\windows\2556sz9al1939.bin
c:\windows\258255ozm79e9.ocx
c:\windows\2590b9ckdoorz0.ocx
c:\windows\25964vzru944a.ocx
c:\windows\25b5spywaz92585.bin
c:\windows\25ffdownlozder2592.bin
c:\windows\25z7spars9628.dll
c:\windows\262455or95z0.dll
c:\windows\26410spamz5t39.exe
c:\windows\26453hacktoz5169.bin
c:\windows\26550zpa9bot70b.exe
c:\windows\26854not-a-v5rus959z.ocx
c:\windows\26995noz-a5virus7c3.ocx
c:\windows\26z51no9-a-virus606.bin
c:\windows\2718z5irus593.bin
c:\windows\273z59py4a75.dll
c:\windows\274689o5mz0.exe
c:\windows\2752zhacktoo9975.cpl
c:\windows\276895zoj169.ocx
c:\windows\27bbsp9warez523.exe
c:\windows\27f9downlo9der5640z.dll
c:\windows\2805vir5sz709.dll
c:\windows\29046wormz925.ocx
c:\windows\29062spzm5ot54c.cpl
c:\windows\29331h5ckzool93c.exe
c:\windows\29584tro5z90.exe
c:\windows\2958threaz19465.dll
c:\windows\296fvzr2595.exe
c:\windows\296z5vir952c2.cpl
c:\windows\29798viruszf95.dll
c:\windows\2981zt9oj4cb5.exe
c:\windows\298795zm678.dll
c:\windows\299645pamzot774.dll
c:\windows\299zspy559.exe
c:\windows\29z81hacktool505.dll
c:\windows\2c1dbackdoor2590z.bin
c:\windows\2c79addw9rz3035.dll
c:\windows\2d8zt95eat23206.ocx
c:\windows\2dadd59nloader9z9.exe
c:\windows\2e5ds9eal5774z.exe
c:\windows\2e95b9ckdozr2917.ocx
c:\windows\2fc1downloa9e53z4.cpl
c:\windows\2fdest59l2059z.dll
c:\windows\2z796vi59s51c.exe
c:\windows\2zd8add9are585.cpl
c:\windows\30249vir5sz7d.dll
c:\windows\3049zvir9s527.dll
c:\windows\3053spyza9e1538.exe
c:\windows\30590spzmb9t50f.ocx
c:\windows\30a9thre5t167z5.dll
c:\windows\30z695orm9d.ocx
c:\windows\310aad5war959z.bin
c:\windows\315z7t5oj59b.exe
c:\windows\32359nzt-a-vir5928f.cpl
c:\windows\32493not-z-viru94c5.exe
c:\windows\32495zacktool2cb.cpl
c:\windows\32549szyf5.dll
c:\windows\3275vir9038z.bin
c:\windows\32z31hac95ool23c.ocx
c:\windows\3394zpyware2225.ocx
c:\windows\33b5backdooz9155.bin
c:\windows\3419z5ief18269.dll
c:\windows\3558downlozder9033.bin
c:\windows\355bthiez15659.ocx
c:\windows\355s9ywa5e2z3.ocx
c:\windows\3569thiez1969.bin
c:\windows\35z9th95f2056.cpl
c:\windows\3779bac5doo92850z.ocx
c:\windows\37cfdownlzad5r9224.dll
c:\windows\37z9spy5are2605.ocx
c:\windows\388e5hief2z97.dll
c:\windows\38z2spy159.cpl
c:\windows\3a5avir145z9.bin
c:\windows\3cf95teal1348z.cpl
c:\windows\3d8d95czdoor737.bin
c:\windows\3f44thze9t10534.dll
c:\windows\3z59backdoor259.bin
c:\windows\3z6dth95f30.cpl
c:\windows\4296hackt5ol23bz.cpl
c:\windows\42e9th59at50z1.cpl
c:\windows\43c05h9ezt23905.cpl
c:\windows\43f9zpyware28025.cpl
c:\windows\44259orm48fz.cpl
c:\windows\443daddz9re2592.bin
c:\windows\4539spar5e12z5.ocx
c:\windows\453zdownloader2984.bin
c:\windows\459bsparze2596.exe
c:\windows\490dthief1355z.exe
c:\windows\4923zot5a-virus7fb.bin
c:\windows\4991szy15c9.exe
c:\windows\49bcthz5f3261.cpl
c:\windows\49ezbackd9or5091.bin
c:\windows\4a95s9ealz649.bin
c:\windows\4b5aba9zdoor506.dll
c:\windows\4b92sp9wa5e313z.dll
c:\windows\4d84s5zal2922.dll
c:\windows\4f55spy9zre2027.cpl
c:\windows\500259rz252.bin
c:\windows\505z9orm3d35.bin
c:\windows\50646trojz94.ocx
c:\windows\50f49ddza5e705.cpl
c:\windows\50zbst9al1590.ocx
c:\windows\51025zorm91.dll
c:\windows\5168thr9at18z06.bin
c:\windows\51z19py5are393.dll
c:\windows\52218sz96f5.bin
c:\windows\52305tr9j5z4.exe
c:\windows\5248dowzloader1579.bin
c:\windows\524t5reat39764z.exe
c:\windows\52b3dow9loaderz833.cpl
c:\windows\530dsp5zare996.dll
c:\windows\53319zr5s325.exe
c:\windows\5365sp95zb.cpl
c:\windows\544zsteal2259.bin
c:\windows\54659not-a-vi9us673z.cpl
c:\windows\54zvirus90e.cpl
c:\windows\550adownloader393z.bin
c:\windows\550aspywa9ez638.ocx
c:\windows\5545za9ktool498.dll
c:\windows\5551spa9boz703.cpl
c:\windows\5555thze91599.dll
c:\windows\5598spywaze1514.exe
c:\windows\559dviz955.ocx
c:\windows\559ebackdoorz082.dll
c:\windows\55e2tzre5t104899.exe
c:\windows\55ebsp5warez990.exe
c:\windows\55zf9hief1645.bin
c:\windows\55zfb9ckdoor2903.cpl
c:\windows\56100spazbot9c0.ocx
c:\windows\56853hzcktool931.cpl
c:\windows\5697vi9usz37.ocx
c:\windows\56aspazse9358.dll
c:\windows\56z93virus25a.dll
c:\windows\5717zhacktoo9356.ocx
c:\windows\5751azdware2992.cpl
c:\windows\57899pazbot5ec.bin
c:\windows\5850threzt964.bin
c:\windows\58f9thre9t28993z.dll
c:\windows\5935sparsez080.dll
c:\windows\593dtzrea939.bin
c:\windows\595daz5wa9e2364.exe
c:\windows\5972v5rus78cz.exe
c:\windows\5979addwaze2043.bin
c:\windows\597threat24z295.cpl
c:\windows\59a9stzal24579.dll
c:\windows\59czvir1976.dll
c:\windows\59d5ad59are4z9.dll
c:\windows\59dfthzef19145.bin
c:\windows\59z3downloader9658.bin
c:\windows\5a27t9reat193z7.exe
c:\windows\5a3c9zreat12764.exe
c:\windows\5b89threatz3779.bin
c:\windows\5bb49zeal2447.bin
c:\windows\5c029parsz5534.dll
c:\windows\5ca99hr5at181z1.cpl
c:\windows\5cfz9tea53185.ocx
c:\windows\5dc9spy9are738z.bin
c:\windows\5dz0s9arse30555.dll
c:\windows\5e6stza92725.bin
c:\windows\5e9caddw5rez855.dll
c:\windows\5ezvi98165.ocx
c:\windows\5f1es5z9se2354.dll
c:\windows\5f69thzef2865.exe
c:\windows\5z15ba9kdoor2344.ocx
c:\windows\5z1s9y533.ocx
c:\windows\5z69s9y150.exe
c:\windows\5z95w5rm69f.exe
c:\windows\6104zi5597.ocx
c:\windows\6119spzrse2752.ocx
c:\windows\62e5thief799z.ocx
c:\windows\6515d9wnlzader1379.cpl
c:\windows\6544s5y76z9.cpl
c:\windows\654zwo954a.cpl
c:\windows\6564szarse1859.cpl
c:\windows\6741not-a-vi9usz5.dll
c:\windows\6925addwar51186z.exe
c:\windows\6951vz5us466.exe
c:\windows\6azbac5doo92273.bin
c:\windows\6b75b9zkdoo5679.dll
c:\windows\6d5d9oznloader24475.ocx
c:\windows\6de1st5a953z.dll
c:\windows\6e59zp9rse1992.ocx
c:\windows\6e68spa5se1z39.dll
c:\windows\6ee8threatz9053.ocx
c:\windows\6f57t9ief5683z.dll
c:\windows\6z27hackto9l658.cpl
c:\windows\6z69backdoor5897.bin
c:\windows\7041bazk9oor1415.exe
c:\windows\70b4t9rea53321z.ocx
c:\windows\715eszeal1944.cpl
c:\windows\721dbaczdoor98255.exe
c:\windows\725bzir53649.bin
c:\windows\726fthreat95994z.ocx
c:\windows\749z9ownloader625.cpl
c:\windows\7530virz569.cpl
c:\windows\7559bac5z9or804.cpl
c:\windows\7559v9rusz55.bin
c:\windows\75f6stezl18695.cpl
c:\windows\75fbackdooz973.cpl
c:\windows\76365iz2930.dll
c:\windows\7732s5ambot5z99.cpl
c:\windows\7845sze9l3164.ocx
c:\windows\7866n95-a-vizus490.dll
c:\windows\7987vir958z.bin
c:\windows\79e2thi5z1599.dll
c:\windows\7b57threaz3829.dll
c:\windows\7bd3t95eat323z9.bin
c:\windows\7ce9spywarz1559.exe
c:\windows\7d6zad5ware3967.exe
c:\windows\7d90ba5kdozr1663.exe
c:\windows\7d9fthief9z25.bin
c:\windows\7ea89pywa5e4z6.exe
c:\windows\7zd6spyware31599.ocx
c:\windows\83z5spambot5f9.ocx
c:\windows\88815otza-vi9us25.ocx
c:\windows\90092zro5448.ocx
c:\windows\9031zspambo54dc.cpl
c:\windows\9086zd5ware1209.exe
c:\windows\9094spamboz25b.cpl
c:\windows\90ccv5r20z0.exe
c:\windows\9105spzrse1299.bin
c:\windows\9147ste5l2z89.dll
c:\windows\91855s5y39z.ocx
c:\windows\9199ha95tozl72e.ocx
c:\windows\92530troj3z0.bin
c:\windows\93ebstezl25925.ocx
c:\windows\93fb5hreat3z52.bin
c:\windows\9416backdoor252z5.bin
c:\windows\9464vir5s40z.exe
c:\windows\94d5ownloader3200z.cpl
c:\windows\950espyware201z.ocx
c:\windows\95157hac5tool657z.cpl
c:\windows\9555vi5uszd1.dll
c:\windows\9565addwarez3.exe
c:\windows\95957spambzt555.cpl
c:\windows\95eadownloader282z.ocx
c:\windows\96998sp52az.dll
c:\windows\9720spar5z1049.bin
c:\windows\9747spzwa5e2759.exe
c:\windows\9783sp9mbo51bz.cpl
c:\windows\9795zot-a-vir9s3c9.exe
c:\windows\98019w5rm555z.dll
c:\windows\9853hackt5ol3z8.dll
c:\windows\9860addzare1575.cpl
c:\windows\98dzd5wnloader1379.ocx
c:\windows\9915hackzool5a2.cpl
c:\windows\99193not-z5virus77e.bin
c:\windows\994hac5tooz3d9.exe
c:\windows\999zw5rm10c.dll
c:\windows\99c8thiez57.ocx
c:\windows\9a46zpar5e3019.ocx
c:\windows\9ae9szarse2555.dll
c:\windows\9cbezddwa5e1442.ocx
c:\windows\9z497spy155.bin
c:\windows\9z54hacktool795.bin
c:\windows\a74zddw5re9511.bin
c:\windows\a95vir2z50.bin
c:\windows\c14zpyw9re7015.ocx
c:\windows\cecdown9zad5r1255.dll
c:\windows\cf4thiefz2959.cpl
c:\windows\system32\1036not5a-vi9us77z.bin
c:\windows\system32\10415not-a-vizus3935.dll
c:\windows\system32\105adzware30969.ocx
c:\windows\system32\10628sza9bot514.bin
c:\windows\system32\109385acktool2afz.bin
c:\windows\system32\10z769orm5f0.exe
c:\windows\system32\11159nzt-a-virus41a.bin
c:\windows\system32\11159worm5zb.bin
c:\windows\system32\11450sp5zb9t773.cpl
c:\windows\system32\1185w5z954d.dll
c:\windows\system32\1189zv5rus1499.exe
c:\windows\system32\11995hacktzol9e7.bin
c:\windows\system32\120715irzs91b.exe
c:\windows\system32\12217spy9d5z.exe
c:\windows\system32\12cbadzwa9e5657.exe
c:\windows\system32\12d2tzief95975.dll
c:\windows\system32\138z3tr9j785.cpl
c:\windows\system32\1457t9ief1z52.ocx
c:\windows\system32\145z9s5y6f3.exe
c:\windows\system32\149799ot-a-zirus4d5.dll
c:\windows\system32\15022hazktoo946e.dll
c:\windows\system32\15055viruz955.ocx
c:\windows\system32\150969zrus6df.bin
c:\windows\system32\1509w9zm645.cpl
c:\windows\system32\15176spa9bot40z.dll
c:\windows\system32\153995acktool9dz.exe
c:\windows\system32\1559downlzader1254.ocx

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 1:57 pm

c:\windows\system32\1559ztroj1ac9.bin
c:\windows\system32\156975irus6z9.dll
c:\windows\system32\15840hac5tool19fz.dll
c:\windows\system32\15899wor53zc.cpl
c:\windows\system32\15daspa9se195z.exe
c:\windows\system32\15f2t9ief56z1.cpl
c:\windows\system32\16057spamb593cz.ocx
c:\windows\system32\1617no5-z-viru9359.exe
c:\windows\system32\16545w9zm5b1.bin
c:\windows\system32\1656z9roj775.cpl
c:\windows\system32\16622not-z9viru56af.dll
c:\windows\system32\16752hac5tooz96d.ocx
c:\windows\system32\16915spam5oz34b.bin
c:\windows\system32\16956spz47b.bin
c:\windows\system32\16959iz2822.bin
c:\windows\system32\1699zteal956.exe
c:\windows\system32\17171zo9-a-viruscc5.ocx
c:\windows\system32\17331w5rm29z.dll
c:\windows\system32\17520n59-a-virzs18a.exe
c:\windows\system32\175219irus55fz.ocx
c:\windows\system32\1845s59al679z.bin
c:\windows\system32\18975spy5dez.exe
c:\windows\system32\18d9backz9or6345.dll
c:\windows\system32\19294t5zj4fc.cpl
c:\windows\system32\1952not-a-v9rus4b8z.dll
c:\windows\system32\1953threzt56410.ocx
c:\windows\system32\1955threat52504z.ocx
c:\windows\system32\19587t9ojz95.bin
c:\windows\system32\195ebackdzor593.bin
c:\windows\system32\19854not-a-vizus99d.ocx
c:\windows\system32\19997ha9ktozl5b5.bin
c:\windows\system32\19z31hacktool1925.cpl
c:\windows\system32\1a1bsp5rs91z37.ocx
c:\windows\system32\1a9cs5zal5609.cpl
c:\windows\system32\1af695wnloader2z23.cpl
c:\windows\system32\1b50backdooz519.exe
c:\windows\system32\1c88t5ie99z6.bin
c:\windows\system32\1cc0ba9kzoo51691.ocx
c:\windows\system32\1fz4s9ywa5e700.dll
c:\windows\system32\1z12vi92851.exe
c:\windows\system32\1z157hackt5ol6369.ocx
c:\windows\system32\1z372spa5b9t62f.bin
c:\windows\system32\1z505ac9toolb0.bin
c:\windows\system32\1z833hackto9l51b.ocx
c:\windows\system32\1z8d9ownloader11315.exe
c:\windows\system32\1zd4backd5or939.dll
c:\windows\system32\20546zpambot9515.cpl
c:\windows\system32\20906zacktool25d.ocx
c:\windows\system32\20947trz55bb.cpl
c:\windows\system32\20958n5t-a-vizu96c6.bin
c:\windows\system32\21098t5oj49z.cpl
c:\windows\system32\212s9zr5e1654.bin
c:\windows\system32\2147downloa5er295z.exe
c:\windows\system32\21532worm3z69.ocx
c:\windows\system32\215519irzs1d5.exe
c:\windows\system32\21950ha5kzoo936c.ocx
c:\windows\system32\219529rojze8.ocx
c:\windows\system32\2238hzck9ool715.exe
c:\windows\system32\229zspa5bot593.bin
c:\windows\system32\23024ha5k9ool12z.cpl
c:\windows\system32\23508tzoj29c.dll
c:\windows\system32\235859irzs63.exe
c:\windows\system32\23693hzckto5l577.ocx
c:\windows\system32\236z5worm1695.bin
c:\windows\system32\237509ozm4c.exe
c:\windows\system32\2393dzwnl5ader15569.bin
c:\windows\system32\23z49spy67b5.cpl
c:\windows\system32\24231spa9bzt507.ocx
c:\windows\system32\24500t9oz38.dll
c:\windows\system32\2458sp5mbo952bz.exe
c:\windows\system32\24590spz454.bin
c:\windows\system32\24873zpy599.bin
c:\windows\system32\24931tr5z109.ocx
c:\windows\system32\24989viru55z3.exe
c:\windows\system32\24fzvi59546.bin
c:\windows\system32\252spzrse1598.exe
c:\windows\system32\25329hac5tzol63.dll
c:\windows\system32\2540zhac9tool7bd.exe
c:\windows\system32\2549z5arse906.ocx
c:\windows\system32\256515zy669.exe
c:\windows\system32\2565w9rz52f.bin
c:\windows\system32\25829spam5ot499z.exe
c:\windows\system32\259099iruz17b.exe
c:\windows\system32\25926not-a-vi5us4z0.dll
c:\windows\system32\25969worm5ebz.dll
c:\windows\system32\25992tr59591z.ocx
c:\windows\system32\25998spyz87.exe
c:\windows\system32\25dfbackzoor10149.exe
c:\windows\system32\26609not-a-9irusb5z.cpl
c:\windows\system32\26z59hief2350.cpl
c:\windows\system32\277z55r9j29.ocx
c:\windows\system32\27981worm5f9z.dll
c:\windows\system32\283z8wor9b45.bin
c:\windows\system32\28586w9rm3z7.cpl
c:\windows\system32\28z65spambot9e.ocx
c:\windows\system32\28znot-a9vi5us404.bin
c:\windows\system32\2959spy5arz5899.cpl
c:\windows\system32\29z835pambot11.cpl
c:\windows\system32\2b06a9dwa5e152z.bin
c:\windows\system32\drivers\gxvxcmndodltuphpseulbtkotmemrsxtqukwj.sys
c:\windows\system32\gxvxcaexxnqyqmiesnagdrfutrhaxwnhnuucv.dll
c:\windows\system32\gxvxccounter
c:\windows\system32\Keys\A-Z.Video.Converter.Ultimate.v7.52\keygen\keygen.exe
c:\windows\system32\Keys\A-Z.Video.Converter.Ultimate.v7.52\SoftVnn.Com - Daily Softwares News For People.url
c:\windows\system32\Keys\ACDSee Pro 2.0.219\_ISMSIDEL.INI
c:\windows\system32\Keys\ACDSee Pro 2.0.219\0x0409.ini
c:\windows\system32\Keys\Ace Utilities serial.txt
c:\windows\system32\Keys\Activation Code KAV7.txt
c:\windows\system32\Keys\ApexVideoConverterSuper5.94\info.txt
c:\windows\system32\Keys\ApexVideoConverterSuper5.94\serial.txt
c:\windows\system32\Keys\ASHAMPOO AUDIO STUDIO SERIAL.TXT
c:\windows\system32\Keys\Ashampoo music Studio 321 Keygen\keygen.exe
c:\windows\system32\Keys\Ashampoo music Studio 321 Keygen\snd.nfo
c:\windows\system32\Keys\Ashampoo Music Studio v3.30\file_id.diz
c:\windows\system32\Keys\Ashampoo Music Studio v3.30\keygen.exe
c:\windows\system32\Keys\Ashampoo Music Studio v3.30\neox.nfo
c:\windows\system32\Keys\Avast.KGs.COR.FFF.SND\Avast!.Antivirus.Pro.4.7.1043_KEYGEN-FFF.exe
c:\windows\system32\Keys\Avast.KGs.COR.FFF.SND\Avast!_Pro_v4.7.1043_Keygen_CORE\CORE.NFO
c:\windows\system32\Keys\Avast.KGs.COR.FFF.SND\Avast!_Pro_v4.7.1043_Keygen_CORE\file_id.diz
c:\windows\system32\Keys\Avast.KGs.COR.FFF.SND\AvastKeygen.exe
c:\windows\system32\Keys\Avast.KGs.COR.FFF.SND\ff.avpav-471043\ff.avpav-471043\Avast!.Antivirus.4.7.1043_KEYGEN-FFF.rar
c:\windows\system32\Keys\Avast.KGs.COR.FFF.SND\ff.avpav-471043\ff.avpav-471043\FFF.NFO
c:\windows\system32\Keys\Avast.KGs.COR.FFF.SND\ff.avpav-471043\ff.avpav-471043\FILE_ID.DIZ
c:\windows\system32\Keys\Bitdefender keys.txt
c:\windows\system32\Keys\CFi.ShellToys.XP.6.1.0.Cracked-ICU\CFiShell.exe
c:\windows\system32\Keys\CFi.ShellToys.XP.6.1.0.Cracked-ICU\File_ID.Diz
c:\windows\system32\Keys\CFi.ShellToys.XP.6.1.0.Cracked-ICU\ICU.nfo
c:\windows\system32\Keys\Corel graphics 13 KeyGen\cdrsuitkg.exe
c:\windows\system32\Keys\cyberscrub\file_id.diz
c:\windows\system32\Keys\cyberscrub\HAZE.nfo
c:\windows\system32\Keys\cyberscrub\Keygen.exe
c:\windows\system32\Keys\CyberScrubPatch\Crack\serial.txt
c:\windows\system32\Keys\Dameware.NT.Utilities.v6.0.1.0.Incl.Keymaker-EMBRACE\embrace.nfo
c:\windows\system32\Keys\DDVDFabPlat3200Reg.ICU\Key(1)\Key(1).DVDFabPlatinum
c:\windows\system32\Keys\Driver.Genius.2007.Professional.v7.1.6\core.notes.txt
c:\windows\system32\Keys\Driver.Genius.2007.Professional.v7.1.6\embrace.nfo
c:\windows\system32\Keys\DVD2X.exe
c:\windows\system32\Keys\Helium.Music.Manager_2007.0.0.5630.Crack-NoPE\file_id.diz
c:\windows\system32\Keys\Helium.Music.Manager_2007.0.0.5630.Crack-NoPE\NoPE.nfo
c:\windows\system32\Keys\InputX.exe
c:\windows\system32\Keys\KAV7 01BB8334 14.08.2008.key
c:\windows\system32\Keys\LANGUARD.NETWORK.SCANNER.V8.0.2\KEYGEN.EXE
c:\windows\system32\Keys\LANGUARD.NETWORK.SCANNER.V8.0.2\SSG.NFO
c:\windows\system32\Keys\LanSurveyor 10\again.nfo
c:\windows\system32\Keys\Lightromm 1.3\CORE10k.EXE
c:\windows\system32\Keys\Lightromm 1.3\keygen.exe
c:\windows\system32\Keys\Lightromm 1.3\mm.nfo
c:\windows\system32\Keys\Movie DVD maker 2.12\Keygen.exe
c:\windows\system32\Keys\MP4Converter.exe
c:\windows\system32\Keys\Nero 8.x Ultra Edition KeyGen\Nero 8.x Ultra Edition KeyGen.exe
c:\windows\system32\Keys\Nod32\NOD32 Features.txt
c:\windows\system32\Keys\Nod32\NOD32 Fix.exe
c:\windows\system32\Keys\OO.DiskRecovery\keygen.exe
c:\windows\system32\Keys\OO.DiskRecovery\Nuovo Documento di testo (2).txt
c:\windows\system32\Keys\OO.SafeErase.v3.0.1064.64bit.Incl.Keygen-ViRiLiTY\KeyGen\file_id.diz
c:\windows\system32\Keys\OO.SafeErase.v3.0.1064.64bit.Incl.Keygen-ViRiLiTY\KeyGen\keygen.exe
c:\windows\system32\Keys\OO.SafeErase.v3.0.1064.64bit.Incl.Keygen-ViRiLiTY\KeyGen\virility.nfo
c:\windows\system32\Keys\OO_CLEVER_CACHEKEYGEN.EXE
c:\windows\system32\Keys\OO_DEFRAG KEYGEN\KEYGEN.EXE
c:\windows\system32\Keys\OO_DEFRAG KEYGEN\ZWT.NFO
c:\windows\system32\Keys\OOCleverCache61ProfessionalEnu\keygen.exe
c:\windows\system32\Keys\P0wer Archiver 2007\serial.txt
c:\windows\system32\Keys\PassMark_PerformanceTest_v6.1_Build_1008\ECLiPSE.NFO
c:\windows\system32\Keys\PassMark_PerformanceTest_v6.1_Build_1008\eclpert6.exe
c:\windows\system32\Keys\PassMark_PerformanceTest_v6.1_Build_1008\[You must be registered and logged in to see this link.]
c:\windows\system32\Keys\PC Tools Privacy guardian\brd.nfo
c:\windows\system32\Keys\PC.Tools.Desktop.Maestro.v2.0.0.330.Incl.Serial-YAG\Crack\file_id.diz
c:\windows\system32\Keys\PC.Tools.Desktop.Maestro.v2.0.0.330.Incl.Serial-YAG\Crack\serial.txt
c:\windows\system32\Keys\PC.Tools.Desktop.Maestro.v2.0.0.330.Incl.Serial-YAG\Crack\YAG.nfo
c:\windows\system32\Keys\PcTools.Desktop.Maestro.v2.0.0.332.Multilingual\brd.nfo
c:\windows\system32\Keys\PcTools.Desktop.Maestro.v2.0.0.332.Multilingual\dminstall.exe
c:\windows\system32\Keys\PcTools.Desktop.Maestro.v2.0.0.332.Multilingual\file_id.diz
c:\windows\system32\Keys\PcTools.Desktop.Maestro.v2.0.0.332.Multilingual\Patch.exe
c:\windows\system32\Keys\PerfectDisk_v8.0.0_Build_66_Keygen_Only\PerfectDisk v8.0.0 Build 66 Keygen Only\Keygen\Keygen.exe
c:\windows\system32\Keys\PerfectDisk_v8.0.0_Build_66_Keygen_Only\wallpaper_suse_1280x1024.png
c:\windows\system32\Keys\powerarchiverreg.reg
c:\windows\system32\Keys\PowerIso 3.8\digerati.nfo
c:\windows\system32\Keys\PowerIso 3.8\keys.txt
c:\windows\system32\Keys\Quicktime\serial.txt
c:\windows\system32\Keys\R-Studio 4 Net Keygen\keygen.exe
c:\windows\system32\Keys\Real-Draw Pro v4.0\Jordi.txt
c:\windows\system32\Keys\Real-Draw Pro v4.0\Patch.exe
c:\windows\system32\Keys\Registry.Mechanic.v7.0.0.1010.Incl.Keymaker-TSRh\Keygen\KeyGen.exe
c:\windows\system32\Keys\RemotelyAnywherev7.50.586\Read Me!.txt
c:\windows\system32\Keys\RemotelyAnywherev7.50.586\Serials.txt
c:\windows\system32\Keys\SCREENSAVERS KEYGEN AIO\KEYGEN.EXE
c:\windows\system32\Keys\SiSoftware Sandra Pro Home XII 2008.1.12.30\fosi.nfo
c:\windows\system32\Keys\SiSoftware.Sandra.Pro.Business.XII.2008.1.12.30.Multilingual.Retail.Keymaker.ONLY-ZWT\file_id.diz
c:\windows\system32\Keys\SiSoftware.Sandra.Pro.Business.XII.2008.1.12.30.Multilingual.Retail.Keymaker.ONLY-ZWT\zwt.nfo
c:\windows\system32\Keys\SMARTY.UNINSTALLER.PRO.1.XX-PATCH.EXE
c:\windows\system32\Keys\Solarwinds Orion\OrionAdministratorGuide.pdf
c:\windows\system32\Keys\Solarwinds Orion\OrionQuickStartGuide.pdf
c:\windows\system32\Keys\SphereXP.v1.1.626.Win2kXP\brd.nfo
c:\windows\system32\Keys\SphereXP.v1.1.626.Win2kXP\file_id.diz
c:\windows\system32\Keys\SphereXP.v1.1.626.Win2kXP\keygen\Keygen.exe
c:\windows\system32\Keys\SphereXPlorer.v1.1.420\brd.nfo
c:\windows\system32\Keys\SphereXPlorer.v1.1.420\file_id.diz
c:\windows\system32\Keys\SphereXPlorer.v1.1.420\keygen\Keygen.exe
c:\windows\system32\Keys\Total Video2DVD Author v2.01 by shanu\keygen.exe
c:\windows\system32\Keys\Total Video2DVD Author v2.01 by shanu\patch.exe
c:\windows\system32\Keys\Total Video2DVD Author v2.01 by shanu\virility.nfo
c:\windows\system32\Keys\UltraISO-Patch.exe
c:\windows\system32\Keys\Uniblues patches\Uniblue Power Suite\Serial.txt
c:\windows\system32\Keys\Uniblues patches\Uniblue Registry Booster 2\ArmAccess.dll
c:\windows\system32\Keys\Uniblues patches\Uniblue Registry Booster 2\UBVarRB.dll
c:\windows\system32\Keys\virtualdj\serial.txt
c:\windows\system32\Keys\Vmware 6 Keygen\keygen.exe
c:\windows\system32\Keys\Vmware 6 Keygen\VMware.Workstation.v6.0.2.59824.Keymaker.Only.INTERNAL-EMBRACE.zip
c:\windows\system32\Keys\Vmware 6 Keygen\zwt.nfo
c:\windows\system32\Keys\WEB.BUTTON.MAKER.DELUXE.V2.8\dvt.nfo
c:\windows\system32\Keys\WEB.BUTTON.MAKER.DELUXE.V2.8\irrKlang.NET.dll
c:\windows\system32\Keys\WEB.BUTTON.MAKER.DELUXE.V2.8\KeyGen.exe
c:\windows\system32\Keys\WEB.BUTTON.MAKER.DELUXE.V2.8\WEB BUTTON SERIAL.TXT
c:\windows\system32\Keys\WinZip 11.1 Pro\keygen.exe
c:\windows\system32\Keys\Your Uninstaller! 2008 PRO 6.1.1229 Incl.patch-RES\FFF.NFO
c:\windows\system32\Keys\Your Uninstaller! 2008 PRO 6.1.1229 Incl.patch-RES\FILE_ID.DIZ
c:\windows\system32\Keys\Your Uninstaller! 2008 PRO 6.1.1229 Incl.patch-RES\Keygen.exe
c:\windows\system32\Keys\Your Uninstaller! 2008 PRO 6.1.1229 Incl.patch-RES\Your.Uninstaller!.2008.PRO.v6.1.1229-RES-patch\RESURRECTiON.nfo
c:\windows\system32\Keys\Your Uninstaller! 2008 PRO 6.1.1229 Incl.patch-RES\Your.Uninstaller!.2008.PRO.v6.1.1229-RES-patch\Your.Uninstaller!.2008.PRO.v6.1.1229_patch.exe
c:\windows\system32\setup2.exe
c:\windows\z059tro59ef.dll
c:\windows\z06579roj267.dll
c:\windows\z159thie52219.exe
c:\windows\z1d05te9l581.ocx
c:\windows\z452w9rm773.bin
c:\windows\z50spyware8319.ocx
c:\windows\z555ir9s7f1.exe
c:\windows\z65309ot-a-5irus15c.ocx
c:\windows\z659addware75.bin
c:\windows\z692thi5f1807.exe
c:\windows\z747hack5o9l7e4.exe
c:\windows\z7d2vir5598.dll
c:\windows\z89359py782.ocx
c:\windows\z9159spy5de.ocx
c:\windows\z95caddware966.ocx
c:\windows\za05addware3195.dll
c:\windows\zd8downloader9745.ocx
c:\windows\zeabvi931545.exe
c:\windows\zed4vir19965.cpl
c:\windows\zf3b5i9255.ocx
c:\windows\zf9thi5f922.exe

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 1:58 pm

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Service_.norton2009Reset


((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.

2009-12-26 03:22 . 2009-12-26 03:22 11791 ----a-w- c:\windows\system32\9z86download5r874.dll
2009-12-24 23:49 . 2009-12-24 23:49 9230 ----a-w- c:\windows\system32\6d859ownloader175z.exe
2009-12-18 06:14 . 2009-12-18 06:14 11516 ----a-w- c:\windows\system32\3d899zief569.bin
2009-12-12 06:26 . 2009-12-12 06:26 10161 ----a-w- c:\windows\system32\590spy587z.dll
2009-12-12 03:49 . 2009-12-12 03:49 15942 ----a-w- c:\windows\system32\6059vi9us58az.bin
2009-12-06 01:03 . 2009-12-06 01:03 17569 ----a-w- c:\windows\system32\657espyw9rez676.exe
2009-11-26 23:00 . 2009-11-26 23:00 17588 ----a-w- c:\windows\system32\5940backzoor2156.bin
2009-11-25 23:24 . 2009-11-25 23:24 12723 ----a-w- c:\windows\system32\3150zv9rus41.dll
2009-11-20 01:42 . 2009-11-20 01:42 14861 ----a-w- c:\windows\system32\9d575ownzoader431.dll
2009-11-16 15:33 . 2009-11-16 15:33 12624 ----a-w- c:\windows\system32\5419zirus5659.dll
2009-10-25 21:53 . 2009-10-25 21:53 16671 ----a-w- c:\windows\system32\382fs9arsez3635.bin
2009-10-23 09:05 . 2009-10-23 09:05 10048 ----a-w- c:\windows\system32\4ddzdownl9ader4375.dll
2009-10-19 14:23 . 2009-10-19 14:23 7342 ----a-w- c:\windows\system32\3685hackt9zl4f5.bin
2009-09-21 22:31 . 2009-09-21 22:31 3767 ----a-w- c:\windows\system32\37985acktzol6ef.dll
2009-08-02 23:17 . 2009-08-02 23:17 9086 ----a-w- c:\windows\system32\5bb3threzt19950.exe
2009-07-24 17:54 . 2009-07-24 17:54 2627 ----a-w- c:\windows\system32\2z566v5rus6dd9.dll
2009-07-16 22:13 . 2009-07-16 22:13 4830 ----a-w- c:\windows\system32\4069vi5247z.dll
2009-07-14 15:01 . 2009-07-14 15:01 15182 ----a-w- c:\windows\system32\78549teaz2373.bin
2009-07-09 19:24 . 2009-07-09 19:24 3514 ----a-w- c:\windows\system32\5960tz9eat3546.dll
2009-07-03 14:17 . 2009-07-03 14:17 2613 ----a-w- c:\windows\system32\56272w9rm55bz.bin
2009-07-02 16:17 . 2009-07-02 16:17 6117 ----a-w- c:\windows\system32\8660ha5ktozl7e9.exe
2009-06-23 21:49 . 2009-06-23 21:49 14122 ----a-w- c:\windows\system32\505zspamb9t353.bin
2009-06-18 23:17 . 2009-06-18 23:17 6771 ----a-w- c:\windows\system32\5474addw9rz1550.bin
2009-06-18 13:42 . 2009-06-18 01:02 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-06-18 13:32 . 2009-06-18 13:41 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-18 13:32 . 2009-06-18 13:41 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-18 03:06 . 2009-06-18 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-18 02:57 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-18 02:57 . 2009-06-18 02:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 02:57 . 2009-06-18 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-18 02:57 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-18 02:31 . 2009-06-18 02:31 96645 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-18 02:31 . 2009-06-18 02:31 87941 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-18 02:30 . 2009-06-18 02:30 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-18 02:30 . 2009-06-18 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-18 02:29 . 2009-06-18 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-18 01:45 . 2009-06-17 05:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\naveng.sys
2009-06-18 01:45 . 2009-06-17 05:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\navex15.sys
2009-06-18 01:45 . 2009-06-17 05:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\naveng32.dll
2009-06-18 01:45 . 2009-06-17 05:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\navex32a.dll
2009-06-18 01:45 . 2009-06-17 05:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\eeCtrl.sys
2009-06-18 01:45 . 2009-06-17 05:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\ecmsvr32.dll
2009-06-18 01:45 . 2009-06-17 05:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\cceraser.dll
2009-06-18 01:45 . 2009-06-17 05:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\eraser.sys
2009-06-18 01:18 . 2009-06-18 01:18 -------- d-----r- c:\program files\Norton Support
2009-06-18 01:09 . 2009-06-18 01:09 280833 ------r- c:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe
2009-06-18 01:07 . 2009-06-18 01:07 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Symantec
2009-06-18 01:03 . 2009-06-18 01:02 36272 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-18 00:53 . 2009-06-18 01:00 -------- d-----w- c:\documents and settings\User\Application Data\GetRightToGo
2009-06-17 23:48 . 2009-06-17 23:48 15890 ----a-w- c:\windows\system32\2d55spyware8z9.bin
2009-06-16 15:32 . 2009-06-16 15:32 6016 ----a-w- c:\windows\system32\6356sp9rse84z.dll
2009-06-14 21:38 . 2009-06-14 21:38 9026 ----a-w- c:\windows\system32\709b5ownloadez306.bin
2009-06-04 00:11 . 2009-06-04 00:11 14668 ----a-w- c:\windows\system32\95a9thzef755.exe
2009-06-03 09:50 . 2009-06-03 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2009-06-03 09:50 . 2009-06-03 09:50 -------- d-----w- c:\documents and settings\User\Application Data\Xfire
2009-06-03 09:50 . 2009-06-03 09:50 -------- d-s---w- c:\program files\Xfire
2009-06-03 09:49 . 2009-06-03 09:49 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-03 09:49 . 2009-06-03 09:49 -------- d-----w- c:\windows\system32\AGEIA
2009-06-02 00:49 . 2009-06-02 00:49 14888 ----a-w- c:\windows\system32\4z9vir26165.bin
2009-06-01 01:45 . 2009-06-01 01:45 13124 ----a-w- c:\windows\system32\99675py7z0.bin
2009-05-30 17:24 . 2009-05-30 17:24 -------- d-----w- c:\program files\All Blacks Desktop Alert
2009-05-30 02:44 . 2009-05-30 13:51 94208 ----a-w- c:\windows\system32\ScrUnZip.dll
2009-05-30 02:43 . 2009-05-30 02:43 471040 ----a-w- c:\windows\allblacksposter_SS_1024x768.scr
2009-05-30 02:43 . 2009-05-30 02:43 -------- d-----w- c:\windows\allblacksposter_SS_1024x768 dir
2009-05-30 02:43 . 2009-05-30 02:43 12288 ----a-w- c:\windows\impborl.dll
2009-05-30 02:41 . 2009-05-30 02:41 129536 ----a-w- c:\windows\system32\IJL15.dll
2009-05-30 00:24 . 2009-05-30 00:24 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Identities
2009-05-27 18:14 . 2009-05-27 18:14 6887 ----a-w- c:\windows\system32\6859spz55c.dll
2009-05-26 00:44 . 2009-05-26 00:44 2894 ----a-w- c:\windows\system32\5z218virus749.bin
2009-05-25 08:57 . 2009-05-25 08:57 6430 ----a-w- c:\windows\system32\z5090t9oj549.dll
2009-05-22 05:34 . 2009-05-22 05:34 10597 ----a-w- c:\windows\system32\31504wo5z519.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 13:45 . 2009-06-18 13:32 1220 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-18 13:44 . 2009-04-03 21:23 -------- d-----w- c:\program files\Steam
2009-06-18 13:43 . 2009-04-30 23:42 -------- d-----w- c:\program files\DNA
2009-06-18 13:43 . 2009-04-30 23:42 -------- d-----w- c:\documents and settings\User\Application Data\DNA
2009-06-18 13:41 . 2009-06-18 13:32 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-18 03:19 . 2009-04-30 23:42 -------- d-----w- c:\documents and settings\User\Application Data\BitTorrent
2009-06-18 01:20 . 2009-06-18 01:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-18 01:09 . 2009-06-18 01:02 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-18 01:09 . 2009-06-18 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-18 00:38 . 2008-01-12 03:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-16 03:01 . 2008-01-22 23:28 -------- d-----w- c:\program files\AIM6
2009-06-16 02:59 . 2008-01-22 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-14 09:25 . 2009-05-14 09:25 15051 ----a-w- c:\windows\system32\9z4bspywar52036.bin
2009-05-02 19:00 . 2009-05-02 19:00 -------- d-----w- c:\program files\iTunes
2009-05-02 19:00 . 2009-05-02 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-02 19:00 . 2009-05-02 19:00 -------- d-----w- c:\program files\iPod
2009-05-02 19:00 . 2008-05-07 02:07 -------- d-----w- c:\program files\Common Files\Apple
2009-05-02 18:58 . 2009-05-02 18:58 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-02 08:18 . 2009-05-02 08:18 14909 ----a-w- c:\windows\system32\9755not-a-virus42z.dll
2009-04-30 23:42 . 2009-04-30 23:42 -------- d-----w- c:\program files\BitTorrent
2009-04-28 21:30 . 2008-01-15 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-28 00:27 . 2008-11-16 01:58 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2009-04-28 00:26 . 2009-04-28 00:26 -------- d-----w- c:\program files\uTorrent
2009-04-23 00:20 . 2009-04-23 00:20 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-04-23 00:16 . 2009-04-23 00:16 -------- d-----w- c:\program files\mpegable
2009-04-23 00:16 . 2009-04-23 00:16 47104 ------w- c:\windows\AKDeInstall.exe
2009-04-23 00:14 . 2009-04-23 00:14 -------- d-----w- c:\program files\GPL MPEG Decoder
2009-04-22 20:52 . 2009-04-22 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-22 20:36 . 2009-04-20 19:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-04-22 04:20 . 2009-04-22 04:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-22 04:20 . 2009-04-22 04:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-18 00:03 . 2009-04-03 03:29 538904 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 1:58 pm

2009-04-16 20:13 . 2009-04-16 20:13 6385 ----a-w- c:\windows\system32\2z4cdow9l5ader197.exe
2009-04-04 16:58 . 2008-01-12 04:14 70920 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-03 03:21 . 2008-01-16 19:10 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-03 02:52 . 2009-04-03 02:52 208896 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-04-03 02:52 . 2009-04-03 02:52 208896 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-04-03 02:52 . 2009-04-03 02:52 208896 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-04-03 02:52 . 2009-04-03 02:52 208896 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-04-01 20:16 . 2009-04-01 20:16 7013 ----a-w- c:\windows\system32\4a6dthzef31095.bin
2009-03-27 12:14 . 2008-01-12 02:30 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-03-25 18:40 . 2009-03-25 18:40 5055 ----a-w- c:\windows\system32\999zt5oj6669.bin
2009-03-21 02:37 . 2009-03-21 02:37 3468 ----a-w- c:\windows\system32\4b495pyzare58.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2009-06-11 1217784]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-30 321344]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2006-08-17 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAWTray"="c:\program files\Security\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2006-12-12 19456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"SetDefaultMIDI"="MIDIDEF.EXE" - c:\windows\MIDIDEF.EXE [2006-08-17 25600]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-12-20 124928]
"DefaultP17MIDI"="MIDIDEF.EXE" - c:\windows\MIDIDEF.EXE [2006-08-17 25600]
"DefaultP17"="P17Def.Exe" - c:\windows\P17DEF.EXE [2005-05-03 20480]

c:\documents and settings\User\Start Menu\Programs\Startup\
All Blacks Desktop Alert.lnk - c:\program files\All Blacks Desktop Alert\All Blacks Desktop Alert.exe [2006-7-5 2554736]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
PowerReg Scheduler V3.exe [2008-5-30 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2008-9-1 1261568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\tomb raider anniversary demo\\tra.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\world of goo demo\\WorldOfGoo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\splinter cell\\system\\splintercell.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDALauncher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDA-Online\\System\\SCDA_online.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 32784]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [1/11/2008 3:21 PM 16640]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1002000.007\SymEFA.sys [6/17/2009 9:02 PM 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [6/17/2009 9:02 PM 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [6/17/2009 9:02 PM 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [6/17/2009 9:02 PM 274808]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [6/17/2009 9:02 PM 115560]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [1/12/2008 6:49 PM 1148480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/22/2008 7:29 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/17/2009 9:45 PM 101936]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/25/2008 8:07 PM 24592]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [9/1/2008 4:55 PM 194304]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 5:29 AM 29178224]
S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\vnetusbl.sys [1/11/2008 3:23 PM 107648]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder

2009-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-WinBlueSoft - c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
HKLM-Run-CTxfiHlp - CTXFIHLP.EXE


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:6711
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-18 09:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1900)
c:\windows\system32\RtlGina2.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(3528)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Security\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\docume~1\User\LOCALS~1\temp\_All Blacks Desktop Alert.exe
.
**************************************************************************
.
Completion time: 2009-06-18 9:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-18 13:49

Pre-Run: 58,911,813,632 bytes free
Post-Run: 60,466,118,656 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

914 --- E O F --- 2009-03-16 21:57

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by Belahzur on Thu Jun 18, 2009 2:09 pm

Hello.
There is still a lot of the infection files left. We need to remove a few things before we can remove the leftovers.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 2:14 pm

2006 TOUR Screen Saver
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
AC3Filter (remove only)
Acrobat.com
Acrobat.com
Ad-Aware 2007
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.1
Adobe Shockwave Player 11.5
Age of Empires III
AGEIA PhysX v2.5.1
AIM 6
Alky for Applications (Windows XP)
All Blacks Desktop Alert 2.52
allblacksposter_SS_1024x768 Screen Saver
Apple Mobile Device Support
Apple Software Update
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bonjour
Combined Community Codec Pack 2008-09-21 16:18
Critical Update for Windows Media Player 11 (KB959772)
CSVed 1.4.3
DawnOfWar
Diablo II
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Driver Genius Professional Edition 2007
DyynoPlayer 0.8.6e
Fallout 3
Foxit Reader
Fraps (remove only)
GPL MPEG-1/2 DirectShow Decoder Filter
Grand Slam Tour Screen Saver
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
Java(TM) 6 Update 3
Kaspersky Anti-Virus 2009
Kaspersky Anti-Virus 2009
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Recent Documents Gadget
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.11)
Mozilla Thunderbird (2.0.0.14)
mpegable DS decoder
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
neroxml
NETGEAR WG111v2 wireless USB 2.0 adapter
Neverwinter Nights Gold Edition
Norton AntiVirus
NVIDIA Drivers
Oblivion
Phun beta 3.0
QuickTime
Richie McCaw Screen Saver
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Sony Media Manager 2.3
Sony Vegas Pro 8.0
Splinter Cell
Splinter Cell: Double Agent
Starcraft
Station Launcher for EverQuest II
Steam
Stronghold Crusader
System Requirements Lab
Tomb Raider: Anniversary Demo
UltraVNC 1.0.4 RC8
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
Ventrilo Client
Viewpoint Media Player
Warhammer 40,000: Dawn of War II
Windows Communication Foundation
Windows Presentation Foundation
Windows Sidebar
Windows Workflow Foundation
Windows XP Service Pack 3
WinRAR archiver
World of Goo Demo
World of Warcraft
Xfire (remove only)
Xvid 1.1.3 final uninstall
Your Uninstaller! 2008 Version 6.0

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by Belahzur on Thu Jun 18, 2009 3:07 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 3
    Viewpoint Media Player

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\9z86download5r874.dll
c:\windows\system32\6d859ownloader175z.exe
c:\windows\system32\3d899zief569.bin
c:\windows\system32\590spy587z.dll
c:\windows\system32\6059vi9us58az.bin
c:\windows\system32\657espyw9rez676.exe
c:\windows\system32\5940backzoor2156.bin
c:\windows\system32\3150zv9rus41.dll
c:\windows\system32\9d575ownzoader431.dll
c:\windows\system32\5419zirus5659.dll
c:\windows\system32\382fs9arsez3635.bin
c:\windows\system32\4ddzdownl9ader4375.dll
c:\windows\system32\3685hackt9zl4f5.bin
c:\windows\system32\37985acktzol6ef.dll
c:\windows\system32\5bb3threzt19950.exe
c:\windows\system32\2z566v5rus6dd9.dll
c:\windows\system32\4069vi5247z.dll
c:\windows\system32\78549teaz2373.bin
c:\windows\system32\5960tz9eat3546.dll
c:\windows\system32\56272w9rm55bz.bin
c:\windows\system32\8660ha5ktozl7e9.exe
c:\windows\system32\505zspamb9t353.bin
c:\windows\system32\5474addw9rz1550.bin
c:\windows\system32\4z9vir26165.bin
c:\windows\system32\99675py7z0.bin
c:\windows\system32\6859spz55c.dll
c:\windows\system32\5z218virus749.bin
c:\windows\system32\z5090t9oj549.dll
c:\windows\system32\31504wo5z519.exe
c:\windows\system32\9z4bspywar52036.bin
c:\windows\system32\9755not-a-virus42z.dll
c:\windows\system32\2z4cdow9l5ader197.exe
c:\windows\system32\4a6dthzef31095.bin
c:\windows\system32\999zt5oj6669.bin
c:\windows\system32\4b495pyzare58.dll

Folder::
c:\program files\DNA
c:\documents and settings\User\Application Data\DNA
c:\documents and settings\User\Application Data\BitTorrent
c:\documents and settings\All Users\Application Data\Viewpoint
c:\program files\BitTorrent
c:\program files\uTorrent
c:\documents and settings\User\Application Data\uTorrent

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 3:35 pm

ComboFix 09-06-17.04 - User 06/18/2009 11:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.951 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\windows\system32\2z4cdow9l5ader197.exe"
"c:\windows\system32\2z566v5rus6dd9.dll"
"c:\windows\system32\31504wo5z519.exe"
"c:\windows\system32\3150zv9rus41.dll"
"c:\windows\system32\3685hackt9zl4f5.bin"
"c:\windows\system32\37985acktzol6ef.dll"
"c:\windows\system32\382fs9arsez3635.bin"
"c:\windows\system32\3d899zief569.bin"
"c:\windows\system32\4069vi5247z.dll"
"c:\windows\system32\4a6dthzef31095.bin"
"c:\windows\system32\4b495pyzare58.dll"
"c:\windows\system32\4ddzdownl9ader4375.dll"
"c:\windows\system32\4z9vir26165.bin"
"c:\windows\system32\505zspamb9t353.bin"
"c:\windows\system32\5419zirus5659.dll"
"c:\windows\system32\5474addw9rz1550.bin"
"c:\windows\system32\56272w9rm55bz.bin"
"c:\windows\system32\590spy587z.dll"
"c:\windows\system32\5940backzoor2156.bin"
"c:\windows\system32\5960tz9eat3546.dll"
"c:\windows\system32\5bb3threzt19950.exe"
"c:\windows\system32\5z218virus749.bin"
"c:\windows\system32\6059vi9us58az.bin"
"c:\windows\system32\657espyw9rez676.exe"
"c:\windows\system32\6859spz55c.dll"
"c:\windows\system32\6d859ownloader175z.exe"
"c:\windows\system32\78549teaz2373.bin"
"c:\windows\system32\8660ha5ktozl7e9.exe"
"c:\windows\system32\9755not-a-virus42z.dll"
"c:\windows\system32\99675py7z0.bin"
"c:\windows\system32\999zt5oj6669.bin"
"c:\windows\system32\9d575ownzoader431.dll"
"c:\windows\system32\9z4bspywar52036.bin"
"c:\windows\system32\9z86download5r874.dll"
"c:\windows\system32\z5090t9oj549.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\User\Application Data\BitTorrent
c:\documents and settings\User\Application Data\DNA
c:\documents and settings\User\Application Data\uTorrent
c:\program files\BitTorrent
c:\program files\DNA
c:\program files\uTorrent
c:\documents and settings\User\Application Data\BitTorrent\A.History.Of.Violence[2005]DvDrip.AC3[Eng]-aXXo.torrent
c:\documents and settings\User\Application Data\BitTorrent\Audioslave.torrent
c:\documents and settings\User\Application Data\BitTorrent\Avg 8.5.torrent
c:\documents and settings\User\Application Data\BitTorrent\Buck_65-Situation-2007-404.torrent
c:\documents and settings\User\Application Data\BitTorrent\Dan in Real Life[2007]DvDrip[Eng]-FXG.torrent
c:\documents and settings\User\Application Data\BitTorrent\dht.dat
c:\documents and settings\User\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\User\Application Data\BitTorrent\DJ Infamous_Young_Dro_&_Yung_L.A.-Black_Boy_White_Boy-2009-MIXFIEND.torrent
c:\documents and settings\User\Application Data\BitTorrent\DMX - Grand Champ.torrent
c:\documents and settings\User\Application Data\BitTorrent\Dropkick Murphys - The Warriors Code (Advance 2005) - Punk - [You must be registered and logged in to see this link.] By FEFE2003.rar.torrent
c:\documents and settings\User\Application Data\BitTorrent\gorillaz-clint-eastwood.mp3.torrent
c:\documents and settings\User\Application Data\BitTorrent\Little.Miss.Sunshine[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\User\Application Data\BitTorrent\Man.on.Fire.[2004].DvDrip[ENG]-P4DGE_[[You must be registered and logged in to see this link.]
c:\documents and settings\User\Application Data\BitTorrent\Masters Of The Universe [Bonus Track].torrent
c:\documents and settings\User\Application Data\BitTorrent\New Zealand All Blacks - The Haka (Live At Eden Park).mp3.1.torrent
c:\documents and settings\User\Application Data\BitTorrent\New Zealand All Blacks - The Haka (Live At Eden Park).mp3.torrent
c:\documents and settings\User\Application Data\BitTorrent\Norton 2009 v16.0.0.125 CRACK [lFoxHound}.rar.torrent
c:\documents and settings\User\Application Data\BitTorrent\Once Upon A Time In Mexico.2003.DVDRip.Xvid.MP3.torrent
c:\documents and settings\User\Application Data\BitTorrent\Red Hot Chili Peppers - Californication.torrent
c:\documents and settings\User\Application Data\BitTorrent\resume.dat
c:\documents and settings\User\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\User\Application Data\BitTorrent\rss.dat
c:\documents and settings\User\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\User\Application Data\BitTorrent\Rugby.Union.Munster.vs.All.Blacks.19.November.2008.DVB.DivX.torrent
c:\documents and settings\User\Application Data\BitTorrent\settings.dat
c:\documents and settings\User\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\User\Application Data\BitTorrent\Shinedown.torrent
c:\documents and settings\User\Application Data\BitTorrent\Stadium_Arcadium_(2006).torrent
c:\documents and settings\User\Application Data\BitTorrent\Star.Trek.2009.CAM.XviD-DEViSE.torrent
c:\documents and settings\User\Application Data\BitTorrent\Super 14 semifinal - 090523 - Bulls vs Crusaders.wmv.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Departed.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Lonely Island - Incredibad.torrent
c:\documents and settings\User\Application Data\BitTorrent\Totally Flossed Out.torrent
c:\documents and settings\User\Application Data\BitTorrent\YES MAN 2008@KIDZCORNER H.264 RIP[ENG].torrent
c:\documents and settings\User\Application Data\DNA\dht.dat
c:\documents and settings\User\Application Data\DNA\dht.dat.old
c:\documents and settings\User\Application Data\DNA\dna.lng
c:\documents and settings\User\Application Data\DNA\resume.dat
c:\documents and settings\User\Application Data\DNA\resume.dat.old
c:\documents and settings\User\Application Data\DNA\rss.dat
c:\documents and settings\User\Application Data\DNA\rss.dat.old
c:\documents and settings\User\Application Data\DNA\settings.dat
c:\documents and settings\User\Application Data\DNA\settings.dat.old

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 3:36 pm

c:\documents and settings\User\Application Data\uTorrent\- The Office (100%).torrent
c:\documents and settings\User\Application Data\uTorrent\3 Doors Down Discography.torrent
c:\documents and settings\User\Application Data\uTorrent\30 Seconds to Mars.torrent
c:\documents and settings\User\Application Data\uTorrent\30_Seconds_To_Mars-A_Beautiful_Lie-2005-h8me.torrent
c:\documents and settings\User\Application Data\uTorrent\300[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\User\Application Data\uTorrent\Audioslave.1.torrent
c:\documents and settings\User\Application Data\uTorrent\Audioslave.torrent
c:\documents and settings\User\Application Data\uTorrent\Australia[2008]DvDrip-aXXo.torrent
c:\documents and settings\User\Application Data\uTorrent\Avenged Sevenfold Discography - [You must be registered and logged in to see this link.]
c:\documents and settings\User\Application Data\uTorrent\Back For The First Time.torrent
c:\documents and settings\User\Application Data\uTorrent\Ben Folds - 5 Songs From Over The Hedge (Very Different From Original Or OST).torrent
c:\documents and settings\User\Application Data\uTorrent\Ben folds - b**** Ain't Shit.wma.torrent
c:\documents and settings\User\Application Data\uTorrent\Ben Folds - Supersunnyspeedgraphic, the LP.torrent
c:\documents and settings\User\Application Data\uTorrent\Ben_Folds-Way_To_Normal-2008-BENFOLDS.torrent
c:\documents and settings\User\Application Data\uTorrent\Black Hawk Down (2001) [ENG] [DVDrip].1.torrent
c:\documents and settings\User\Application Data\uTorrent\Black Hawk Down (2001) [ENG] [DVDrip].torrent
c:\documents and settings\User\Application Data\uTorrent\Blood.Diamond[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\User\Application Data\uTorrent\Bob Marley - The Best of Bob Marley and the Wailers.torrent
c:\documents and settings\User\Application Data\uTorrent\Boondock Saints.torrent
c:\documents and settings\User\Application Data\uTorrent\Bullet for my valentine-Scream aim,fire 2008.torrent
c:\documents and settings\User\Application Data\uTorrent\Bullet For My Valentine - The Poison.torrent
c:\documents and settings\User\Application Data\uTorrent\Burn.After.Reading[2008].Dvdrip.X264.MKV.AC3[5.1]-RoCK&BlueLadyRG.torrent
c:\documents and settings\User\Application Data\uTorrent\Collision Course.torrent
c:\documents and settings\User\Application Data\uTorrent\CRITICALLY SHAMED.torrent
c:\documents and settings\User\Application Data\uTorrent\D12 - Devil's Night.torrent
c:\documents and settings\User\Application Data\uTorrent\Dead Celebrity Status.torrent
c:\documents and settings\User\Application Data\uTorrent\dht.dat
c:\documents and settings\User\Application Data\uTorrent\dht.dat.old
c:\documents and settings\User\Application Data\uTorrent\Disturbia[2007]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\User\Application Data\uTorrent\Dr. Dre - Chronic 2001.torrent
c:\documents and settings\User\Application Data\uTorrent\Fight Club.pdf.torrent
c:\documents and settings\User\Application Data\uTorrent\Fight Club[1999]DvDrip[Eng]-Stealthmaster.avi.torrent
c:\documents and settings\User\Application Data\uTorrent\Fireflight - The Healing Of Harms [2006].torrent
c:\documents and settings\User\Application Data\uTorrent\Flyleaf - Flyleaf.torrent
c:\documents and settings\User\Application Data\uTorrent\Foo Fighters - Colour and The Shape(adonis).torrent
c:\documents and settings\User\Application Data\uTorrent\Forgetting.Sarah.Marshall[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\documents and settings\User\Application Data\uTorrent\Fraps 2.9.4 Build 7037.torrent
c:\documents and settings\User\Application Data\uTorrent\Freaks and Geeks.torrent
c:\documents and settings\User\Application Data\uTorrent\Frou Frou - Discography.torrent
c:\documents and settings\User\Application Data\uTorrent\Garden.State.2004.DvdRip.Xvid.ALLiANCE.torrent
c:\documents and settings\User\Application Data\uTorrent\Goo Goo Dolls - Dizzy Up The Girl.torrent
c:\documents and settings\User\Application Data\uTorrent\Green.Street.Hooligans[2005]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\User\Application Data\uTorrent\Gym Class Heroes - The Papercut Chronicles.torrent
c:\documents and settings\User\Application Data\uTorrent\Harry.Potter.Years.1-5.Box.Set[2007]DvDrip-aXXo.torrent
c:\documents and settings\User\Application Data\uTorrent\Heartless.mp3.torrent
c:\documents and settings\User\Application Data\uTorrent\Hollywood Undead - Swan Songs[2008][MP3@320kbps]-antecho.torrent
c:\documents and settings\User\Application Data\uTorrent\I.Love.You.Man.CAM.XViD-CAMERA.[[You must be registered and logged in to see this link.]
c:\documents and settings\User\Application Data\uTorrent\Iron And Wine - Our Endless Numbered Days (2004).torrent
c:\documents and settings\User\Application Data\uTorrent\Jack Johnson - In Between Dreams [Alternative][2006][[You must be registered and logged in to see this link.]
c:\documents and settings\User\Application Data\uTorrent\Jackpot.torrent
c:\documents and settings\User\Application Data\uTorrent\Jarhead[2005]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\User\Application Data\uTorrent\Jason Mraz - Mr. A-Z [MP3 160kbps].torrent
c:\documents and settings\User\Application Data\uTorrent\Jay-Z - The Black Album.torrent
c:\documents and settings\User\Application Data\uTorrent\Jedi Mind Tricks.-.Servants in Heaven Kings in Hell.-.2006.-.3astUpRoaR.torrent
c:\documents and settings\User\Application Data\uTorrent\Jimmy Eat World.torrent
c:\documents and settings\User\Application Data\uTorrent\Juno[2007]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\User\Application Data\uTorrent\Kanye West - 808s & Heartbreak [2008] - Hip Hop.torrent
c:\documents and settings\User\Application Data\uTorrent\Killswitch_Engage-As_Daylight_Dies-(Special_Edition)-2007-uF.torrent
c:\documents and settings\User\Application Data\uTorrent\Ladder 49 (2004) [ENG] [DVDrip].avi.torrent
c:\documents and settings\User\Application Data\uTorrent\Let love in (2006).torrent
c:\documents and settings\User\Application Data\uTorrent\Lil Wayne Discography + Mixtapes.torrent
c:\documents and settings\User\Application Data\uTorrent\Linkin Park - Minutes To Midnight [2007][CD+SkidVid+Cov].torrent
c:\documents and settings\User\Application Data\uTorrent\Lord.Of.War[2005]DvDrip[Eng]-aXXo.avi.torrent
c:\documents and settings\User\Application Data\uTorrent\Lucky.Number.Slevin[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\User\Application Data\uTorrent\Ludacris - Theater of The Mind.rar.torrent
c:\documents and settings\User\Application Data\uTorrent\Lupe Fiasco - Food And Liquor (2006) - Hip Hop By FEFE2003.rar.torrent
c:\documents and settings\User\Application Data\uTorrent\Lupe_Fiasco-The_Cool-(RapGodFathers.com).torrent
c:\documents and settings\User\Application Data\uTorrent\Matchbook_Romance-Voices-2006-RTB.torrent
c:\documents and settings\User\Application Data\uTorrent\New Found Glory - Not Without a Fight [2009].torrent
c:\documents and settings\User\Application Data\uTorrent\Oh, Inverted World.torrent
c:\documents and settings\User\Application Data\uTorrent\Pineapple.Express[2008]DvDrip-aXXo.torrent
c:\documents and settings\User\Application Data\uTorrent\Real Rap Hits.torrent
c:\documents and settings\User\Application Data\uTorrent\Red Hot Chili Peppers - Greatest Hits.torrent
c:\documents and settings\User\Application Data\uTorrent\resume.dat
c:\documents and settings\User\Application Data\uTorrent\resume.dat.old
c:\documents and settings\User\Application Data\uTorrent\Rise_Against-Appeal_To_Reason-2008-RiSEAGAiNST.torrent
c:\documents and settings\User\Application Data\uTorrent\Role Model DVDRip [Resource H264].torrent
c:\documents and settings\User\Application Data\uTorrent\Room for Squares.torrent
c:\documents and settings\User\Application Data\uTorrent\rss.dat
c:\documents and settings\User\Application Data\uTorrent\rss.dat.old
c:\documents and settings\User\Application Data\uTorrent\settings.dat
c:\documents and settings\User\Application Data\uTorrent\settings.dat.old
c:\documents and settings\User\Application Data\uTorrent\Shinedown - The Sound Of Madness - Limited Edition [Broken Promises].torrent
c:\documents and settings\User\Application Data\uTorrent\Sin City (2005)[ENG] DVDRip.torrent
c:\documents and settings\User\Application Data\uTorrent\Snatch [2000-DVDrip-Eng]-imgx-[NIKONRG].torrent
c:\documents and settings\User\Application Data\uTorrent\Sony Vegas Pro 8.0b Build 217-AVCHD-MPG-AC3 FIXED.torrent
c:\documents and settings\User\Application Data\uTorrent\Staind - The Illusion Of Progress.torrent
c:\documents and settings\User\Application Data\uTorrent\Staind Discography.torrent
c:\documents and settings\User\Application Data\uTorrent\Star Wars Episode III - Revange of The Sith - DVDRIP.XVID.AC3.DragonRipper624.torrent
c:\documents and settings\User\Application Data\uTorrent\Starcraft.torrent
c:\documents and settings\User\Application Data\uTorrent\Sublime - 40 Oz. to Freedom.torrent
c:\documents and settings\User\Application Data\uTorrent\Sublime.torrent
c:\documents and settings\User\Application Data\uTorrent\Sum_41-The_Best_Of_Sum_41-2008-COCMP3.torrent
c:\documents and settings\User\Application Data\uTorrent\Taken[2008]DvDrip-aXXo.torrent
c:\documents and settings\User\Application Data\uTorrent\Tears of the Sun (2003) [ENG] [DVDrip] XviD.avi.torrent
c:\documents and settings\User\Application Data\uTorrent\The Best of ''Coldplay''.torrent
c:\documents and settings\User\Application Data\uTorrent\The Butterfly Effect [DVDRip][2004][Eng][BugBunny].torrent
c:\documents and settings\User\Application Data\uTorrent\The Butterfly Effect 2 [DVDRip][2006][Eng][BugBunny].torrent
c:\documents and settings\User\Application Data\uTorrent\The Fray - How To Save A Life.torrent
c:\documents and settings\User\Application Data\uTorrent\The Game Discography.torrent
c:\documents and settings\User\Application Data\uTorrent\The Offspring Americana 320kbps.torrent
c:\documents and settings\User\Application Data\uTorrent\The Shins - Wincing the Night Away.torrent
c:\documents and settings\User\Application Data\uTorrent\The Spirit[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\User\Application Data\uTorrent\The Strangers[2008][Unrated Edition]DvDrip[Eng]-FXG.torrent
c:\documents and settings\User\Application Data\uTorrent\The Strokes - Is This It.torrent
c:\documents and settings\User\Application Data\uTorrent\The White Stripes - Elephant.torrent
c:\documents and settings\User\Application Data\uTorrent\The.Dark.Knight[2008]DvDrip-aXXo.torrent
c:\documents and settings\User\Application Data\uTorrent\The.Guardian[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\User\Application Data\uTorrent\Training.Day.DVDRip-Xvid.OPT!V!D.torrent
c:\documents and settings\User\Application Data\uTorrent\Trick Trick.torrent
c:\documents and settings\User\Application Data\uTorrent\Trick.Trick.Ft.Eminem-Who.Want.It-[NoFS].torrent
c:\documents and settings\User\Application Data\uTorrent\Tropic.Thunder[2008]DvDrip-aXXo.torrent
c:\documents and settings\User\Application Data\uTorrent\utorrent.lng
c:\documents and settings\User\Application Data\uTorrent\WANT.torrent
c:\documents and settings\User\Application Data\uTorrent\We.Were.Soldiers[2002]DvDrip[Eng.Subs]-kirklestat.torrent
c:\documents and settings\User\Application Data\uTorrent\Young Jeezy-Lets Get It Thug Motivation 101.torrent

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 3:36 pm

c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\uTorrent\uTorrent.exe
c:\windows\system32\2be8stea9529z.ocx
c:\windows\system32\2c52thz5f1098.bin
c:\windows\system32\2ca5vir3z09.cpl
c:\windows\system32\2cfzaddwar910135.dll
c:\windows\system32\2d55spyware8z9.bin
c:\windows\system32\2d57stezl2589.dll
c:\windows\system32\2e9b5hzef1801.exe
c:\windows\system32\2f90vzr905.cpl
c:\windows\system32\2z4cdow9l5ader197.exe
c:\windows\system32\2z566v5rus6dd9.dll
c:\windows\system32\30250not-a-v9rus59z.ocx
c:\windows\system32\304azdwa9e4435.dll
c:\windows\system32\3091a5dwar9675z.ocx
c:\windows\system32\30a9downlo9der76z5.cpl
c:\windows\system32\31504wo5z519.exe
c:\windows\system32\3150zv9rus41.dll
c:\windows\system32\31537z9y516.exe
c:\windows\system32\319estzal7855.ocx
c:\windows\system32\33115hie9351z.cpl
c:\windows\system32\33a85pywzre11829.cpl
c:\windows\system32\34dz9ddw5re2905.ocx
c:\windows\system32\3540zworm93.exe
c:\windows\system32\3685hackt9zl4f5.bin
c:\windows\system32\37985acktzol6ef.dll
c:\windows\system32\382fs9arsez3635.bin
c:\windows\system32\390zdownloade51807.dll
c:\windows\system32\3965troj99z.exe
c:\windows\system32\39d4stealz5259.cpl
c:\windows\system32\3a37szarse4795.dll
c:\windows\system32\3c18szea97325.cpl
c:\windows\system32\3d899zief569.bin
c:\windows\system32\3de3z9dware16185.cpl
c:\windows\system32\3z390spy6495.ocx
c:\windows\system32\3z955vir5s215.cpl
c:\windows\system32\3z963not-a9vi5us6b7.ocx
c:\windows\system32\3z96addware5704.ocx
c:\windows\system32\3za25py9are418.cpl
c:\windows\system32\4069vi5247z.dll
c:\windows\system32\42z9not-a95irus1d2.ocx
c:\windows\system32\4371a9dwarez563.cpl
c:\windows\system32\4379sp9wa5e2z00.cpl
c:\windows\system32\44139a5ktool386z.cpl
c:\windows\system32\4449a5dwzre871.ocx
c:\windows\system32\45z5spamb9t6cd.cpl
c:\windows\system32\4817no9-a-vizus5595.ocx
c:\windows\system32\492zspyware9156.cpl
c:\windows\system32\499zaddwa5e551.ocx
c:\windows\system32\4a6dthzef31095.bin
c:\windows\system32\4ad7dozn9oa5er2585.bin
c:\windows\system32\4b495pyzare58.dll
c:\windows\system32\4b975ddzar92277.cpl
c:\windows\system32\4c39sparse1z135.cpl
c:\windows\system32\4ddzdownl9ader4375.dll
c:\windows\system32\4ef1addwarz5916.exe
c:\windows\system32\4fz1a59ware2273.ocx
c:\windows\system32\4z26s9a5se2297.ocx
c:\windows\system32\4z9vir26165.bin
c:\windows\system32\505zspamb9t353.bin
c:\windows\system32\5175zir1049.bin
c:\windows\system32\51b6backd5z91701.exe
c:\windows\system32\51z4v5ru9191.dll
c:\windows\system32\52180worm1z39.ocx
c:\windows\system32\52890spy2ez.bin
c:\windows\system32\529z2worm9.exe
c:\windows\system32\52a3v5r25z19.cpl
c:\windows\system32\5419zirus5659.dll
c:\windows\system32\5474addw9rz1550.bin
c:\windows\system32\5506z9dware509.dll
c:\windows\system32\555bthrea5z949.cpl
c:\windows\system32\558baddware839z.ocx
c:\windows\system32\55b7zpyware459.ocx
c:\windows\system32\55dethreat19999z.exe
c:\windows\system32\55f3szarse20049.ocx
c:\windows\system32\56272w9rm55bz.bin
c:\windows\system32\566zw9rm506.ocx
c:\windows\system32\5794not-a-z5ru95b5.bin
c:\windows\system32\582hazktoo9700.dll
c:\windows\system32\589bb5ckzoor1512.exe
c:\windows\system32\5909hief285z.exe
c:\windows\system32\5909vz5us312.cpl
c:\windows\system32\590spy587z.dll
c:\windows\system32\59325vzru973e.cpl
c:\windows\system32\59375hacktozl2a9.ocx
c:\windows\system32\59409troj73dz.bin
c:\windows\system32\5940backzoor2156.bin
c:\windows\system32\5950zot-a-viru9451.exe
c:\windows\system32\5960tz9eat3546.dll
c:\windows\system32\5979zorm57d.ocx
c:\windows\system32\5995worm4z5.dll
c:\windows\system32\599dtz5ea97930.exe
c:\windows\system32\5ae0t95ef2z81.ocx
c:\windows\system32\5af7spyzar917545.ocx
c:\windows\system32\5b44bac9doorz778.cpl
c:\windows\system32\5b9bbackdooz560.exe
c:\windows\system32\5bb3threzt19950.exe
c:\windows\system32\5bd89tezl7865.cpl
c:\windows\system32\5c9zbackdoor2809.dll
c:\windows\system32\5d30t9zef1145.ocx
c:\windows\system32\5db9szarse95.bin
c:\windows\system32\5dcspyw9rez507.cpl
c:\windows\system32\5df2s95al29z3.dll
c:\windows\system32\5ef99ownloadzr3251.exe
c:\windows\system32\5f2athi9fz965.cpl
c:\windows\system32\5z218virus749.bin
c:\windows\system32\5z49backdoo51090.exe
c:\windows\system32\5zdadownl9ade52585.bin
c:\windows\system32\6059vi9us58az.bin
c:\windows\system32\60f2dow5l9adzr286.dll
c:\windows\system32\61vir9535z.bin
c:\windows\system32\6356sp9rse84z.dll
c:\windows\system32\64dbspywa9e125z.cpl
c:\windows\system32\6559s9azse2950.ocx
c:\windows\system32\657espyw9rez676.exe
c:\windows\system32\65a2ste9l553z.cpl
c:\windows\system32\65a4thzef9986.cpl
c:\windows\system32\6653sparse9369z.cpl
c:\windows\system32\6699dzwnl5ade91529.exe
c:\windows\system32\6859spz55c.dll
c:\windows\system32\685zvi512279.bin
c:\windows\system32\6860spywa5e162z9.cpl
c:\windows\system32\6913adzw9re354.cpl
c:\windows\system32\6926threzt25365.exe
c:\windows\system32\698795arsz872.dll
c:\windows\system32\69bczackd9o5494.cpl
c:\windows\system32\69cbv5r3031z.exe
c:\windows\system32\6aez5hi9f798.exe
c:\windows\system32\6az5a5dware793.ocx
c:\windows\system32\6bcbz9ywar5732.ocx
c:\windows\system32\6c3bsteal353z9.dll
c:\windows\system32\6c4avi51496z.exe
c:\windows\system32\6d859ownloader175z.exe
c:\windows\system32\6e6zaddwa9e1256.bin
c:\windows\system32\6f59st9al1656z.ocx
c:\windows\system32\6z07thr59t9476.cpl
c:\windows\system32\6z2aa5dw9re1090.cpl
c:\windows\system32\6z85stea95830.ocx
c:\windows\system32\709b5ownloadez306.bin
c:\windows\system32\7332add5are3930z.cpl
c:\windows\system32\7479spy5are2z49.cpl
c:\windows\system32\7506do9nloadzr197.cpl
c:\windows\system32\7545do95loader281z.dll
c:\windows\system32\7571backdo9z325.cpl
c:\windows\system32\7595zpywar92146.bin
c:\windows\system32\75ddth9eat23z42.exe
c:\windows\system32\765dbackdoo5z749.cpl
c:\windows\system32\78549teaz2373.bin
c:\windows\system32\78eza9dware21385.ocx
c:\windows\system32\798f9z51997.exe
c:\windows\system32\7999backd5or71z.bin
c:\windows\system32\7999s5zrse1578.ocx
c:\windows\system32\79a1addzare1576.ocx
c:\windows\system32\7a64a5dwarez498.cpl
c:\windows\system32\7bb25oznloade91229.bin
c:\windows\system32\7db4s5ywaze1709.cpl
c:\windows\system32\7f59addzar51619.cpl
c:\windows\system32\7z5s9eal170.bin
c:\windows\system32\7zfspy9are425.cpl
c:\windows\system32\8132haczto5l598.dll
c:\windows\system32\850tzrea97577.dll
c:\windows\system32\8660ha5ktozl7e9.exe
c:\windows\system32\87359zamb5tc1.ocx
c:\windows\system32\873zownloader21995.bin
c:\windows\system32\8861hacktoz9567.exe
c:\windows\system32\9012st5al1z16.cpl
c:\windows\system32\9092ztro5226.cpl
c:\windows\system32\90eaddw5re15z9.dll
c:\windows\system32\94147tzo511e.cpl
c:\windows\system32\9510threat1z224.exe
c:\windows\system32\9582spy35z.cpl
c:\windows\system32\9596zpambot5a.ocx
c:\windows\system32\9597virzs324.ocx
c:\windows\system32\95a9thzef755.exe
c:\windows\system32\95c2addware3z06.cpl
c:\windows\system32\95z85ir1064.ocx
c:\windows\system32\96esteal1z59.ocx
c:\windows\system32\97527spambot64z.dll
c:\windows\system32\9755not-a-virus42z.dll
c:\windows\system32\9792adzwa5e2989.ocx
c:\windows\system32\9857sp54z7.dll
c:\windows\system32\995z2not-a-virus5ea.ocx
c:\windows\system32\99675py7z0.bin
c:\windows\system32\99859spy5z65.ocx
c:\windows\system32\999zt5oj6669.bin
c:\windows\system32\9a02st5al434z.dll
c:\windows\system32\9b0aspywar5z642.dll
c:\windows\system32\9ba6backdoorz555.ocx
c:\windows\system32\9d575ownzoader431.dll
c:\windows\system32\9d65vir1234z.cpl
c:\windows\system32\9de5downloadzr504.exe
c:\windows\system32\9e1dspar5ez328.cpl
c:\windows\system32\9e7vi5264z.cpl
c:\windows\system32\9z4bspywar52036.bin
c:\windows\system32\9z86download5r874.dll
c:\windows\system32\9z92thi5f2878.dll
c:\windows\system32\b8fviz3959.cpl
c:\windows\system32\b9asparsz3959.dll
c:\windows\system32\b9t9reat16z615.cpl
c:\windows\system32\be5zownloa9er2519.cpl
c:\windows\system32\d58zhreat19655.ocx
c:\windows\system32\dd9zhie92775.cpl
c:\windows\system32\z0024w9r571d.cpl
c:\windows\system32\z0058s9y652.exe
c:\windows\system32\z0219ha59tool2c4.cpl
c:\windows\system32\z0767not95-virus4e6.cpl
c:\windows\system32\z0acb5ckdoo92382.bin
c:\windows\system32\z195virus127.cpl
c:\windows\system32\z1e5vir2190.exe

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 3:37 pm

c:\windows\system32\z259hack9oo517f.exe
c:\windows\system32\z4729hackto5l599.dll
c:\windows\system32\z47eth9e5t6953.bin
c:\windows\system32\z5090t9oj549.dll
c:\windows\system32\z5292spy3155.bin
c:\windows\system32\z5319ot-a-virus27e.dll
c:\windows\system32\z569addw5re956.cpl
c:\windows\system32\z57459acktool61b.dll
c:\windows\system32\z5890worm289.bin
c:\windows\system32\z605sp9ware2669.dll
c:\windows\system32\z759wor9554.ocx
c:\windows\system32\z7620viru56bb9.ocx
c:\windows\system32\z9056spambo5327.ocx
c:\windows\system32\z9178s5y4ea.cpl
c:\windows\system32\za56sp95are997.cpl

.
((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.

2009-06-18 13:42 . 2009-06-18 01:02 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-06-18 13:32 . 2009-06-18 13:49 114720 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-18 13:32 . 2009-06-18 13:41 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-18 03:06 . 2009-06-18 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-18 02:57 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-18 02:57 . 2009-06-18 02:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 02:57 . 2009-06-18 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-18 02:57 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-18 02:31 . 2009-06-18 02:31 96645 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-18 02:31 . 2009-06-18 02:31 87941 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-18 02:30 . 2009-06-18 02:30 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-18 02:30 . 2009-06-18 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-18 02:29 . 2009-06-18 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-18 01:45 . 2009-06-17 05:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\naveng.sys
2009-06-18 01:45 . 2009-06-17 05:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\navex15.sys
2009-06-18 01:45 . 2009-06-17 05:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\naveng32.dll
2009-06-18 01:45 . 2009-06-17 05:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\navex32a.dll
2009-06-18 01:45 . 2009-06-17 05:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\eeCtrl.sys
2009-06-18 01:45 . 2009-06-17 05:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\ecmsvr32.dll
2009-06-18 01:45 . 2009-06-17 05:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\cceraser.dll
2009-06-18 01:45 . 2009-06-17 05:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090617.003\eraser.sys
2009-06-18 01:18 . 2009-06-18 01:18 -------- d-----r- c:\program files\Norton Support
2009-06-18 01:09 . 2009-06-18 01:09 280833 ------r- c:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 3:38 pm

2009-06-18 01:07 . 2009-06-18 01:07 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Symantec
2009-06-18 01:03 . 2009-06-18 01:02 36272 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-18 00:53 . 2009-06-18 01:00 -------- d-----w- c:\documents and settings\User\Application Data\GetRightToGo
2009-06-18 00:14 . 2009-06-18 00:14 8866 ----a-w- c:\windows\system32\4thre5t19791z.dll
2009-06-03 09:50 . 2009-06-03 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2009-06-03 09:50 . 2009-06-03 09:50 -------- d-----w- c:\documents and settings\User\Application Data\Xfire
2009-06-03 09:50 . 2009-06-03 09:50 -------- d-s---w- c:\program files\Xfire
2009-06-03 09:49 . 2009-06-03 09:49 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-03 09:49 . 2009-06-03 09:49 -------- d-----w- c:\windows\system32\AGEIA
2009-05-30 17:24 . 2009-05-30 17:24 -------- d-----w- c:\program files\All Blacks Desktop Alert
2009-05-30 02:44 . 2009-05-30 13:51 94208 ----a-w- c:\windows\system32\ScrUnZip.dll
2009-05-30 02:43 . 2009-05-30 02:43 471040 ----a-w- c:\windows\allblacksposter_SS_1024x768.scr
2009-05-30 02:43 . 2009-05-30 02:43 -------- d-----w- c:\windows\allblacksposter_SS_1024x768 dir
2009-05-30 02:43 . 2009-05-30 02:43 12288 ----a-w- c:\windows\impborl.dll
2009-05-30 02:41 . 2009-05-30 02:41 129536 ----a-w- c:\windows\system32\IJL15.dll
2009-05-30 00:24 . 2009-05-30 00:24 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 13:49 . 2009-06-18 13:32 1472 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-18 13:44 . 2009-04-03 21:23 -------- d-----w- c:\program files\Steam
2009-06-18 13:41 . 2009-06-18 13:32 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-18 01:20 . 2009-06-18 01:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-18 01:09 . 2009-06-18 01:02 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-18 01:09 . 2009-06-18 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-18 00:38 . 2008-01-12 03:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-16 03:01 . 2008-01-22 23:28 -------- d-----w- c:\program files\AIM6
2009-05-02 19:00 . 2009-05-02 19:00 -------- d-----w- c:\program files\iTunes
2009-05-02 19:00 . 2009-05-02 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-02 19:00 . 2009-05-02 19:00 -------- d-----w- c:\program files\iPod
2009-05-02 19:00 . 2008-05-07 02:07 -------- d-----w- c:\program files\Common Files\Apple
2009-05-02 18:58 . 2009-05-02 18:58 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-28 21:30 . 2008-01-15 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-23 00:20 . 2009-04-23 00:20 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-04-23 00:16 . 2009-04-23 00:16 -------- d-----w- c:\program files\mpegable
2009-04-23 00:16 . 2009-04-23 00:16 47104 ------w- c:\windows\AKDeInstall.exe
2009-04-23 00:14 . 2009-04-23 00:14 -------- d-----w- c:\program files\GPL MPEG Decoder
2009-04-22 20:52 . 2009-04-22 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-22 20:36 . 2009-04-20 19:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-04-22 04:20 . 2009-04-22 04:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-22 04:20 . 2009-04-22 04:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-18 00:03 . 2009-04-03 03:29 538904 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-04 16:58 . 2008-01-12 04:14 70920 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-03 03:21 . 2008-01-16 19:10 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-03 02:52 . 2009-04-03 02:52 208896 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-04-03 02:52 . 2009-04-03 02:52 208896 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-04-03 02:52 . 2009-04-03 02:52 208896 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-04-03 02:52 . 2009-04-03 02:52 208896 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-03-27 12:14 . 2008-01-12 02:30 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 3:38 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\program files\steam\steam.exe" [2009-06-11 1217784]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2006-08-17 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAWTray"="c:\program files\Security\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2006-12-12 19456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"SetDefaultMIDI"="MIDIDEF.EXE" - c:\windows\MIDIDEF.EXE [2006-08-17 25600]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-12-20 124928]
"DefaultP17MIDI"="MIDIDEF.EXE" - c:\windows\MIDIDEF.EXE [2006-08-17 25600]
"DefaultP17"="P17Def.Exe" - c:\windows\P17DEF.EXE [2005-05-03 20480]

c:\documents and settings\User\Start Menu\Programs\Startup\
All Blacks Desktop Alert.lnk - c:\program files\All Blacks Desktop Alert\All Blacks Desktop Alert.exe [2006-7-5 2554736]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
PowerReg Scheduler V3.exe [2008-5-30 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2008-9-1 1261568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\tomb raider anniversary demo\\tra.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\world of goo demo\\WorldOfGoo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\splinter cell\\system\\splintercell.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDALauncher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDA-Online\\System\\SCDA_online.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 32784]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [1/11/2008 3:21 PM 16640]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1002000.007\SymEFA.sys [6/17/2009 9:02 PM 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [6/17/2009 9:02 PM 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [6/17/2009 9:02 PM 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [6/17/2009 9:02 PM 274808]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [6/17/2009 9:02 PM 115560]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [1/12/2008 6:49 PM 1148480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/17/2009 9:45 PM 101936]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/25/2008 8:07 PM 24592]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [9/1/2008 4:55 PM 194304]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 5:29 AM 29178224]
S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\vnetusbl.sys [1/11/2008 3:23 PM 107648]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder

2009-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:6711
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-18 11:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1900)
c:\windows\system32\RtlGina2.dll
c:\windows\system32\klogon.dll
.
Completion time: 2009-06-18 11:22
ComboFix-quarantined-files.txt 2009-06-18 15:22
ComboFix2.txt 2009-06-18 13:49

Pre-Run: 60,540,112,896 bytes free
Post-Run: 60,513,148,928 bytes free

645 --- E O F --- 2009-03-16 21:57

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by Belahzur on Thu Jun 18, 2009 3:45 pm

Hello.
Delete the following file in bold:

c:\windows\system32\4thre5t19791z.dll

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 3:55 pm

to delete that file, what do I do? Is it just a simple erase from the text?

so far it's running well. I still need to update my antivirus but I do not receive any pop-ups from the virus and it appears as though everything has checked out.

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by Belahzur on Thu Jun 18, 2009 4:14 pm

Just find the file, right click and hit delete.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 4:30 pm

k. done.

as of now it seems like everything is running well. for some reason mozilla has slowed down a little today but I'm not sure the two are related.

I'm assuming the problem is fixed? I don't see the virus around anywhere..

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by Belahzur on Thu Jun 18, 2009 7:49 pm

I'd say it's gone. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: HELP!! (WinBlueSoft virus/trojan removal)

Post by cpetriel on Thu Jun 18, 2009 8:05 pm

thanks a million man. I was about to just blow this thing up lol.

cpetriel
Novice
Novice

Status :
Online
Offline

Posts : 34
Joined : 2009-06-18
OS : XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum