GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

WinblueSoft

View previous topic View next topic Go down

WinblueSoft

Post by leothebest on Tue Jun 23, 2009 4:04 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:36 AM, on 6/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\CSHelper.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAP\DAP.exe
C:\Windows\System32\setup2.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\SimpleCenter\SimpleCenter.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\leothatguy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGM7FUO9\Hijack(GP)This[1].exe
C:\Program Files\Hijack(GP)This.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {20601661-379D-4A33-967C-6B629C27E3D2} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {83E588E2-F7E4-40C6-B7FD-7532B681E645} - C:\Windows\system32\ssqOHwWN.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] L:\backup\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\System32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SimpleCenter.lnk = C:\Program Files\SimpleCenter\SimpleCenter.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BE0EC9D-B011-4774-910D-B5CFE08661A4}: NameServer = 85.255.112.81,85.255.112.148
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EE05E8-4157-4D12-988D-34B414E8DE9C}: NameServer = 85.255.112.81,85.255.112.148
O17 - HKLM\System\CCS\Services\Tcpip\..\{F02170C7-A09A-4FD0-B6BC-2BB188F57794}: NameServer = 85.255.112.81,85.255.112.148
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.81,85.255.112.148
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.81,85.255.112.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.81,85.255.112.148
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\ProgramData\Norton\Norton2009Reset.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13098 bytes

leothebest
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-23
OS : vista
Points : 27206
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by Origin on Tue Jun 23, 2009 4:07 pm


  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {20601661-379D-4A33-967C-6B629C27E3D2} - (no file)
    O2 - BHO: (no name) - {83E588E2-F7E4-40C6-B7FD-7532B681E645} - C:\Windows\system32\ssqOHwWN.dll
    O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
    O4 - HKCU\..\Run: [setup2.exe] C:\Windows\System32\setup2.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2BE0EC9D-B011-4774-910D-B5CFE08661A4}: NameServer = 85.255.112.81,85.255.112.148
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C6EE05E8-4157-4D12-988D-34B414E8DE9C}: NameServer = 85.255.112.81,85.255.112.148
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F02170C7-A09A-4FD0-B6BC-2BB188F57794}: NameServer = 85.255.112.81,85.255.112.148
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.81,85.255.112.148
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.81,85.255.112.148
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.81,85.255.112.148



  • Press "Fix Checked"
  • Close Hijack This.



Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31443
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by leothebest on Tue Jun 23, 2009 4:41 pm

thanks a million sir . but my malware byte is unresponsive

leothebest
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-23
OS : vista
Points : 27206
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by Origin on Tue Jun 23, 2009 4:42 pm

Must be Rootkit activity, please do the following:


1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Mcafee)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31443
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by leothebest on Tue Jun 23, 2009 6:02 pm

ComboFix 09-06-22.0E - leothatguy 06/23/2009 12:07.1 - NTFSx86
Microsoft® Windows Vista Black Edition™ 2009 6.0.6001.1.1252.1.1033.18.1214.499 [GMT -5:00]
Running from: c:\users\leothatguy\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\Microsoft\2.exe
c:\windows\system32\Microsoft\7.EXE
c:\windows\system32\Microsoft\CC.exe
c:\windows\system32\Microsoft\FF.EXE
c:\windows\system32\Microsoft\FP.EXE
c:\windows\system32\Microsoft\KL.exe
c:\windows\system32\Microsoft\SIM.EXE
c:\windows\system32\Microsoft\Z.exe
D:\resycled
K:\resycled
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500\desktop.ini
c:\windows\10044sp5mbzt4bb9.bin
c:\windows\10045hacktoolz95.dll
c:\windows\1020zs9y105.dll
c:\windows\10390sp5mzo914e.cpl
c:\windows\103z8hackt5ol469.cpl
c:\windows\103z8not9a-virus550.ocx
c:\windows\10560nzt-a-viru930f5.cpl
c:\windows\10595spy5fz.dll
c:\windows\1089zt5oj1459.exe
c:\windows\1092hack9o5l26z.ocx
c:\windows\11206vi95szf8.dll
c:\windows\1139irus5z8.bin
c:\windows\11593w9rz5.dll
c:\windows\12225not-5-viru9251z.cpl
c:\windows\12815worm9z5.exe
c:\windows\12960spambzt33c5.ocx
c:\windows\12fad5wnl9ader2791z.exe
c:\windows\12z5spambo94a5.exe
c:\windows\12z8a5dwa9e682.ocx
c:\windows\1325195zj96.ocx
c:\windows\13489szambot753.cpl
c:\windows\136929ot5a-virusze9.ocx
c:\windows\137269roz5ad.dll
c:\windows\1395vir18z.exe
c:\windows\14381not-a-5iruz62b9.cpl
c:\windows\14564hzcktool2e9.ocx
c:\windows\1456sp9rze1509.bin
c:\windows\14c5addw5re298z.cpl
c:\windows\14dc9ownloadzr5185.exe
c:\windows\15259troj9z0.ocx
c:\windows\155889orz2eb.cpl
c:\windows\1559t9reat2z429.exe
c:\windows\15798zr594f9.dll
c:\windows\15886notz5-v9rus65.ocx
c:\windows\15984vi5uz70f.cpl
c:\windows\15992szy64e.bin
c:\windows\15995w95z5c1.dll
c:\windows\1599addwarz99675.bin
c:\windows\15a2dowzload9r2123.bin
c:\windows\15c7s59al249z.bin
c:\windows\15z09not-5-9irus7ca.ocx
c:\windows\1629ha5ktzol9ee.bin
c:\windows\16600t5o95z3.cpl
c:\windows\16717t9oj3az5.ocx
c:\windows\16e8stz9l1553.cpl
c:\windows\16z009orm3ef5.exe
c:\windows\17262zro56519.bin
c:\windows\17352z59j2a6.dll
c:\windows\1790n5t-a-virus7z1.cpl
c:\windows\17c59zwnloader1689.exe
c:\windows\17e6downl59derz26.cpl
c:\windows\1820zi59629.bin
c:\windows\1840ba9kdoor2455z.ocx
c:\windows\186929zrm754.exe
c:\windows\18863spa5bot4cz9.exe
c:\windows\18985troz494.ocx
c:\windows\18z995py100.ocx
c:\windows\18zb5pyware2079.exe
c:\windows\1949z5rus603.bin
c:\windows\19531not-a9virus3b5z.cpl
c:\windows\19531not-a9zir5s36c.exe
c:\windows\195zackdoor555.bin
c:\windows\19999spazb5t1df.cpl
c:\windows\19d5bacz5oor9124.ocx
c:\windows\1ad2zackdo9r5950.exe
c:\windows\1bbdbac5dooz7059.bin
c:\windows\1ccevir9z59.exe
c:\windows\1f1a5ir11z9.bin
c:\windows\1z499wor51a9.bin
c:\windows\1z5vir1959.dll
c:\windows\1z939not-a-virus4965.exe
c:\windows\1z95sp9ware271.ocx
c:\windows\200fs5yzare19969.bin
c:\windows\205859py64z.bin
c:\windows\210965py99z.dll
c:\windows\21341vi5zs4d9.ocx
c:\windows\21476hackt9olz335.bin
c:\windows\21712hackt5zl1c69.bin
c:\windows\2198znot-a-v9r5s6dd.ocx
c:\windows\22052z9rus35b.bin
c:\windows\2216zworm96f5.exe
c:\windows\222z1sp9mb5t217.ocx
c:\windows\22835hack9oolz55.exe
c:\windows\22901zp55c69.dll
c:\windows\22z89spy385.bin
c:\windows\23199troj554z.dll
c:\windows\2319zirus5189.dll
c:\windows\2382z9r5j129.ocx
c:\windows\24457hacktooz6579.bin
c:\windows\250zvi95544.bin
c:\windows\25285s9amboz73b.cpl
c:\windows\25469not-a-virus72z.dll
c:\windows\2551thz9at29689.dll
c:\windows\25571sp9mbotz59.bin
c:\windows\256315pz199.bin
c:\windows\25679z9y48b.ocx
c:\windows\257045p9z75.cpl
c:\windows\25835tro9639z.ocx
c:\windows\2584hac9tooz15c.exe
c:\windows\25901tr5jz73.cpl
c:\windows\25974zac9too53c7.bin
c:\windows\25bbs5ywaze9529.dll
c:\windows\25de9ackdoor3z3.cpl
c:\windows\25z09n9t-a-virus56a.bin
c:\windows\2619sp5z92.dll
c:\windows\261download95z895.ocx
c:\windows\26259s5ambot33fz.bin
c:\windows\263995izus599.exe
c:\windows\266eadzware5935.dll
c:\windows\26935pamboz556.cpl
c:\windows\27487spy15z9.exe
c:\windows\2751ha9ktzol39a.bin
c:\windows\27593zacktool653.exe
c:\windows\27609hacktozl695.exe
c:\windows\27988sp572z.cpl
c:\windows\2851szy2e59.exe
c:\windows\28732troj599z.ocx
c:\windows\287fzp9rs531.cpl
c:\windows\29183zroj495.cpl
c:\windows\29220spambzt51f.cpl
c:\windows\293559rojz3e.cpl
c:\windows\29387not5a-virus66z.exe
c:\windows\29394h5cktool1z5.dll
c:\windows\2958vir15z2.exe
c:\windows\29922viru55zf.bin
c:\windows\2aezd5w9loader1803.bin
c:\windows\2c57threat495z9.exe
c:\windows\2d19dzwnlo5der911.cpl
c:\windows\2e34spzw9re1275.exe
c:\windows\2e65dowzloade91410.ocx
c:\windows\2e91spyw9r5999z.ocx
c:\windows\2z096v5rus47a.ocx
c:\windows\2z45troj98a5.dll
c:\windows\2z495worm19c.cpl
c:\windows\2z89h5eat31295.cpl
c:\windows\2z937s5a9bot75.ocx
c:\windows\2z973virus3095.exe
c:\windows\30240h5c9tool58z.dll
c:\windows\3059zha5ktool26b9.ocx
c:\windows\3071z5py970.dll
c:\windows\30776hacz5oo95fd.dll
c:\windows\31091spazbotf5.cpl
c:\windows\31120not5a-zirus590.ocx
c:\windows\31173wor595z.exe
c:\windows\314485zy2e9.ocx
c:\windows\315459pamzo5628.dll
c:\windows\31565tzoj5a95.exe
c:\windows\318095pzmbot627.cpl
c:\windows\3212thz5at175299.cpl
c:\windows\32354ha5k9ozl654.dll
c:\windows\32591zroj3a5.bin
c:\windows\32ee5i9682z.bin
c:\windows\3309down9oazer4625.cpl
c:\windows\338e9zckdoor5595.exe
c:\windows\3508dz5nload9r939.bin
c:\windows\3553szeal1499.dll
c:\windows\358zaddware7359.bin
c:\windows\35c4spa5s978z.exe
c:\windows\35casparse2938z.exe
c:\windows\3640woz55779.bin
c:\windows\3701spz9bot5dd.cpl
c:\windows\3757zr9j2b25.dll
c:\windows\39282t5ojedz.exe
c:\windows\395aste95190z.ocx
c:\windows\3995vir1z34.ocx
c:\windows\39976zro5575.dll
c:\windows\39dc5hzeat29438.exe
c:\windows\39ddaz5ware2671.bin
c:\windows\39e1thief35z3.dll
c:\windows\3a7cspaz591242.ocx
c:\windows\3c94spyw9rz2835.dll
c:\windows\3d5zad9ware1343.ocx
c:\windows\3d85downlzad9r24.bin
c:\windows\3ddbzi99825.exe
c:\windows\3dz3vir31559.ocx
c:\windows\3f05dzwnload5r1999.ocx
c:\windows\3f49downlo5dez962.bin
c:\windows\3ff9zhr5at18648.bin
c:\windows\3z149h5eat642.dll
c:\windows\3z276spamb591a.dll
c:\windows\3z50thief17899.ocx
c:\windows\3za9vir5906.cpl
c:\windows\40d79hrea511z2.dll
c:\windows\40z55hreat15977.cpl
c:\windows\4152spy9are213z.exe
c:\windows\41a7tz9eat18752.cpl
c:\windows\4577thie9562z.ocx
c:\windows\47b0down59aderz614.ocx
c:\windows\49e9addwzre5521.dll
c:\windows\4b7sparze98945.dll
c:\windows\4cc2ad9w5ze333.ocx
c:\windows\4d0cdoznloa5er6249.ocx
c:\windows\4d50b9zkdoor405.ocx
c:\windows\4e9as5azse2064.cpl
c:\windows\4eaesteal955z.exe
c:\windows\4f49downzoa5er2178.bin
c:\windows\4f76t9i5fz230.exe
c:\windows\4fa0ba9kd5oz775.cpl
c:\windows\5017z9roj7a6.dll
c:\windows\503zvir5s7339.bin
c:\windows\5067z9dware16055.dll
c:\windows\5131addwa9e2570z.bin
c:\windows\51636wo9m3z1.cpl
c:\windows\51689zroj41f.dll
c:\windows\5178szambo9727.cpl
c:\windows\5182s9az5ot452.bin
c:\windows\5186v9z13625.dll
c:\windows\5187zp59are2515.bin
c:\windows\522espyw9re2963z.ocx
c:\windows\52402zot-9-virus39e.ocx
c:\windows\5265not9a-vzrus3f.dll
c:\windows\52fzdow5load9r1104.ocx
c:\windows\5354st9al5404z.dll
c:\windows\537zt5oj396.bin
c:\windows\5382spy95rez534.dll
c:\windows\53917hackzool6d8.dll
c:\windows\53fethi5f1z59.bin
c:\windows\5477sp5ware8z49.cpl
c:\windows\5544thiefz729.exe
c:\windows\5563not9a5zirus112.ocx
c:\windows\5578zorm559.exe
c:\windows\557fdownloa9er1z86.dll
c:\windows\55936spzmbot1f8.ocx
c:\windows\55e95hi9z1898.dll
c:\windows\5693zparse1376.exe
c:\windows\5694virz991.exe
c:\windows\56cdownloa9ez896.bin
c:\windows\570879py134z.exe
c:\windows\570fzpa5se9651.ocx
c:\windows\577zspambot695.ocx
c:\windows\57e9zhi9f4695.ocx
c:\windows\5825zp95a8.bin
c:\windows\585d5zy9are1055.ocx
c:\windows\587ztr9j74b.exe
c:\windows\591999pz775.ocx
c:\windows\5980wor59z.cpl
c:\windows\5981stea9z025.cpl
c:\windows\59896wozm62.ocx
c:\windows\5994virz335.dll
c:\windows\59d69par5e1633z.ocx
c:\windows\59e65ddzare2016.exe
c:\windows\59eathizf3509.cpl
c:\windows\5a15steaz393.exe
c:\windows\5a97zddware3116.bin
c:\windows\5a995pyware11z1.bin
c:\windows\5ac9sparsez177.dll
c:\windows\5af8zparse98555.cpl
c:\windows\5b3ddownlzad9r2415.bin
c:\windows\5ba4back5zor941.ocx
c:\windows\5c4eth9efz23.ocx
c:\windows\5czfspywa5e990.ocx
c:\windows\5d3bszywar5979.cpl
c:\windows\5d77steal5z29.cpl
c:\windows\5e4dzddware27999.dll
c:\windows\5e53dow5lzader1449.exe
c:\windows\5e59threat6z96.exe
c:\windows\5fe9iz959.cpl
c:\windows\5z37th5ef3191.ocx
c:\windows\5z76virus4969.cpl
c:\windows\5z95backd9o5335.ocx
c:\windows\5za3addw9re1295.bin
c:\windows\6083dow5l9ader17z.ocx
c:\windows\6180z5r3509.bin
c:\windows\62329izus55c.bin
c:\windows\62zathi951584.exe
c:\windows\64azd5ar9578.bin
c:\windows\64e5s9eaz2341.dll
c:\windows\650zs9yware2786.bin
c:\windows\6520hacktoolzb19.cpl
c:\windows\6558not-a9vzrus500.bin
c:\windows\65z9v5r2611.bin
c:\windows\6758bzckdoor11979.cpl
c:\windows\6797not-a-vzru5639.ocx
c:\windows\68fzt9re5t5343.dll
c:\windows\6979sparse152z.dll
c:\windows\6985thizf9240.ocx
c:\windows\698dsteaz2535.exe
c:\windows\69a5downz5ad9r919.dll
c:\windows\69adadzwar52698.dll
c:\windows\69bcvir29z45.bin
c:\windows\69c7b9ckdozr5598.ocx
c:\windows\6bbcad9wa5e8z5.exe
c:\windows\6c0zownload9r1235.dll
c:\windows\6cb4s9arse215z.exe
c:\windows\6cz59ir1967.ocx
c:\windows\6d5athiefz933.exe
c:\windows\6e72stea91509z.cpl
c:\windows\6e8dspars92065z.dll
c:\windows\6f60dzwnlo5der1869.bin
c:\windows\6z3bbackdo5r190.exe
c:\windows\6zb5addwa9e2198.ocx
c:\windows\701ethr95tz5106.bin
c:\windows\705zspars92837.bin
c:\windows\71cbza5kdoor2809.bin
c:\windows\726zspam9ota5.dll
c:\windows\753c9ackdoor306z.bin
c:\windows\7562ba9kdo5z3070.exe
c:\windows\7599spyzare1395.bin
c:\windows\759zsparse2484.bin
c:\windows\75d6sp9rze721.exe
c:\windows\7759addwa9e12z0.dll
c:\windows\776ebazk9oor18685.bin
c:\windows\7788viz9s6bd5.exe
c:\windows\783ad5wzloade92637.exe
c:\windows\783z9hief5628.exe
c:\windows\7861h5ckto9l5z7.dll
c:\windows\79b3zhre5t5181.dll
c:\windows\79f2sp5warz1681.dll
c:\windows\7a485zarse2995.bin
c:\windows\7c23t59ef162z.cpl
c:\windows\7d0as59zse27.cpl
c:\windows\7d43add9are7z65.dll
c:\windows\7e0athreaz19504.exe
c:\windows\7z5bb5ckdo9r1855.dll
c:\windows\7z96downlo9der2752.cpl
c:\windows\835z5orme99.ocx
c:\windows\8411spam5ztc9.bin
c:\windows\85z5w9rm4c9.dll
c:\windows\864359cktoolz8.dll
c:\windows\8917zirus52.cpl
c:\windows\8a5s9ealz58.exe
c:\windows\8z6s9eal1558.ocx
c:\windows\8z95no9-a-virus159.exe
c:\windows\904athr5at18z87.bin
c:\windows\904fszeal2595.cpl
c:\windows\90515orz56e.ocx
c:\windows\91132not-z-5irus594.exe
c:\windows\9193down5oadzr2938.bin
c:\windows\92125roz6bf9.exe
c:\windows\9253worz150.bin
c:\windows\92869i5us1z6.dll
c:\windows\9324spyz5c.dll
c:\windows\9359ha9ktool217z.exe
c:\windows\9371a5dwaze355.dll
c:\windows\9384hac95ool5z6.cpl
c:\windows\9535s9y440z.cpl
c:\windows\95522troz45d5.cpl
c:\windows\9572vir1989z.exe
c:\windows\95792szambot776.dll
c:\windows\95ezsparse790.exe
c:\windows\system32\drivers\MSIVXwvqoecnqrrcxqfmqvmhsqamwrwmsxytf.sys
c:\windows\system32\kRBabIOq.ini
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXfqigcspakrrxwpvotpmgobpuykfvismq.dll
c:\windows\system32\MSIVXsdxxebejtkhxtpyxerxyxuqbtnifoyvi.dll
c:\windows\system32\NWwHOqss.ini
c:\windows\system32\setup2.exe
D:\Desktop.ini
K:\Autorun.inf

leothebest
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-23
OS : vista
Points : 27206
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by leothebest on Tue Jun 23, 2009 6:04 pm

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys
-------\Service_.norton2009Reset


((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-12-27 19:31 . 2009-12-27 19:31 15591 ----a-w- c:\windows\system32\61c7addzare39505.bin
2009-12-27 02:08 . 2009-12-27 02:08 11918 ----a-w- c:\windows\system32\670spam5zt39a.dll
2009-12-21 22:42 . 2009-12-21 22:42 3196 ----a-w- c:\windows\system32\31951szy640.exe
2009-12-04 16:31 . 2009-12-04 16:31 9417 ----a-w- c:\windows\system32\5eazspyw5re2192.dll
2009-11-23 10:33 . 2009-11-23 10:33 13438 ----a-w- c:\windows\system32\20235sz944b5.exe
2009-11-23 08:59 . 2009-11-23 08:59 11999 ----a-w- c:\windows\system32\58656viz9s453.dll
2009-11-22 18:35 . 2009-11-22 18:35 13731 ----a-w- c:\windows\system32\2a1zvir96195.bin
2009-11-21 12:07 . 2009-11-21 12:07 16279 ----a-w- c:\windows\system32\39596zroj5a8.dll
2009-11-15 03:25 . 2009-11-15 03:25 12790 ----a-w- c:\windows\system32\25z85h5cktoo967f.exe
2009-11-14 00:28 . 2009-11-14 00:28 7326 ----a-w- c:\windows\system32\9e59backdoor51z.exe
2009-11-11 06:35 . 2009-11-11 06:35 15542 ----a-w- c:\windows\system32\bb4sp9warz5235.dll
2009-11-02 10:10 . 2009-11-02 10:10 15475 ----a-w- c:\windows\system32\56859zorm6ac.dll
2009-10-22 17:09 . 2009-10-22 17:09 18139 ----a-w- c:\windows\system32\92ezvi579.bin
2009-10-20 12:28 . 2009-10-20 12:28 3746 ----a-w- c:\windows\system32\5bd3thief9z475.dll
2009-10-19 11:04 . 2009-10-19 11:04 10401 ----a-w- c:\windows\system32\174dstezl5901.exe
2009-10-17 22:03 . 2009-10-17 22:03 13367 ----a-w- c:\windows\system32\45759ir1z81.exe
2009-10-15 11:21 . 2009-10-15 11:21 17529 ----a-w- c:\windows\system32\232zvir53359.bin
2009-10-13 05:26 . 2009-10-13 05:26 4627 ----a-w- c:\windows\system32\55159troj4d9z.exe
2009-10-05 14:02 . 2009-10-05 14:02 11742 ----a-w- c:\windows\system32\21z95teal1939.dll
2009-10-05 06:45 . 2009-10-05 06:45 8895 ----a-w- c:\windows\system32\9038vir5s5bz.bin
2009-09-28 22:45 . 2009-09-28 22:45 6028 ----a-w- c:\windows\system32\96747vizus507.exe
2009-09-27 03:18 . 2009-09-27 03:18 4805 ----a-w- c:\windows\system32\92512spy28z.dll
2009-09-26 14:30 . 2009-09-26 14:30 17905 ----a-w- c:\windows\system32\1551s9ywzre370.dll
2009-09-25 17:20 . 2009-09-25 17:20 13202 ----a-w- c:\windows\system32\29593virus792z.bin
2009-09-17 19:29 . 2009-09-17 19:29 2920 ----a-w- c:\windows\system32\8849virus4z5.dll
2009-09-16 04:50 . 2009-09-16 04:50 16786 ----a-w- c:\windows\system32\237z9hac9tool375.dll
2009-09-14 12:15 . 2009-09-14 12:15 5743 ----a-w- c:\windows\system32\15180zac9tool25a.bin
2009-09-14 04:17 . 2009-09-14 04:17 10761 ----a-w- c:\windows\system32\2495t9rzat113.dll
2009-09-08 06:41 . 2009-09-08 06:41 17883 ----a-w- c:\windows\system32\884hackzool5985.exe
2009-09-03 13:04 . 2009-09-03 13:04 15116 ----a-w- c:\windows\system32\105599irus4zc.exe
2009-08-26 05:15 . 2009-08-26 05:15 8736 ----a-w- c:\windows\system32\911s5e9l2420z.dll
2009-08-24 19:17 . 2009-08-24 19:17 14286 ----a-w- c:\windows\system32\405bd9wnlzader2876.exe
2009-08-24 03:55 . 2009-08-24 03:55 14254 ----a-w- c:\windows\system32\6899h5eat1z844.bin
2009-08-17 11:29 . 2009-08-17 11:29 14322 ----a-w- c:\windows\system32\6z55s9y532.exe
2009-08-14 11:33 . 2009-08-14 11:33 11725 ----a-w- c:\windows\system32\499zba5kdoor2500.bin
2009-08-11 03:26 . 2009-08-11 03:26 9867 ----a-w- c:\windows\system32\29767zi9us95.exe
2009-08-08 18:19 . 2009-08-08 18:19 18100 ----a-w- c:\windows\system32\15527s9yz145.dll
2009-08-03 23:31 . 2009-08-03 23:31 7336 ----a-w- c:\windows\system32\6998vir5858z.bin
2009-07-26 05:09 . 2009-07-26 05:09 7232 ----a-w- c:\windows\system32\23887vizus92a5.dll
2009-07-25 14:29 . 2009-07-25 14:29 18038 ----a-w- c:\windows\system32\9452zpy5d6.bin
2009-07-15 18:18 . 2009-07-15 18:18 7781 ----a-w- c:\windows\system32\190z2hackto5l493.exe
2009-07-11 20:42 . 2009-07-11 20:42 5671 ----a-w- c:\windows\system32\4660zp9mbot353.dll
2009-07-07 15:10 . 2009-07-07 15:10 4888 ----a-w- c:\windows\system32\5ca5z59ef2774.bin
2009-07-06 15:47 . 2009-07-06 15:47 9480 ----a-w- c:\windows\system32\6517vz53009.bin
2009-06-27 20:46 . 2009-06-27 20:46 10116 ----a-w- c:\windows\system32\10629s596z4.exe
2009-06-23 17:28 . 2009-06-23 17:36 -------- d-----w- c:\users\leothatguy\AppData\Local\temp
2009-06-23 16:15 . 2009-06-23 16:15 -------- d-----w- c:\program files\backups
2009-06-23 15:54 . 2009-06-23 15:54 401720 ----a-w- c:\program files\Hijack(GP)This.exe
2009-06-23 15:17 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 15:17 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 08:31 . 2008-06-11 02:22 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-06-23 08:31 . 2008-06-02 20:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-06-23 08:31 . 2008-06-02 20:19 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-06-23 08:31 . 2008-06-02 20:19 42376 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-06-23 08:31 . 2009-06-23 16:30 -------- d-----w- c:\program files\Spyware Doctor
2009-06-23 08:31 . 2009-06-23 08:31 -------- d-----w- c:\users\leothatguy\AppData\Roaming\PC Tools
2009-06-23 08:10 . 2009-04-26 01:05 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090622.049\NAVEX15.SYS
2009-06-23 08:10 . 2009-04-26 01:05 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090622.049\NAVEX32A.DLL
2009-06-23 08:10 . 2009-04-26 01:05 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090622.049\NAVENG.SYS
2009-06-23 08:10 . 2009-04-26 01:05 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090622.049\NAVENG32.DLL
2009-06-23 08:10 . 2009-04-26 01:05 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090622.049\EECTRL.SYS
2009-06-23 08:10 . 2009-04-26 01:05 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090622.049\ERASER.SYS
2009-06-23 08:10 . 2009-04-26 01:05 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090622.049\ECMSVR32.DLL
2009-06-23 08:10 . 2009-04-26 01:05 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090622.049\CCERASER.DLL
2009-06-23 08:04 . 2009-06-23 08:30 -------- d-----w- c:\users\leothatguy\AppData\Roaming\GetRightToGo
2009-06-23 07:39 . 2009-06-23 07:39 9016 ----a-w- c:\windows\z8598s9ambot228.bin
2009-06-23 07:39 . 2009-06-23 07:39 7810 ----a-w- c:\windows\d16s5a9sz194.dll
2009-06-23 07:39 . 2009-06-23 07:39 15455 ----a-w- c:\windows\z173659cktool4e9.bin
2009-06-23 07:39 . 2009-06-23 07:39 9530 ----a-w- c:\windows\98ezpyware659.bin
2009-06-23 07:39 . 2009-06-23 07:39 8588 ----a-w- c:\windows\98955ir993z.dll
2009-06-23 07:39 . 2009-06-23 07:39 18135 ----a-w- c:\windows\99d1threat20855z.dll
2009-06-23 07:39 . 2009-06-23 07:39 10739 ----a-w- c:\windows\9619s5yz98.dll
2009-06-23 06:48 . 2009-06-23 06:48 -------- d-----w- c:\programdata\Malwarebytes
2009-06-23 06:48 . 2009-06-23 16:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 06:21 . 2009-06-23 06:21 -------- d-----r- c:\program files\Norton Support
2009-06-22 21:08 . 2009-06-23 14:25 95744 ----a-w- c:\programdata\SpeedBit\DAP\Updates\Condition.dll
2009-06-22 11:28 . 2009-06-22 11:28 2612 ----a-w- c:\windows\system32\20558hacktool2zf9.dll
2009-06-21 03:52 . 2009-06-21 03:52 18426 ----a-w- c:\windows\system32\19291not5a-viruz7ae.dll
2009-06-19 19:33 . 2009-04-26 01:05 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys
2009-06-19 19:33 . 2009-04-26 01:05 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys
2009-06-19 19:33 . 2009-04-26 01:05 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSxpx86.dll
2009-06-19 19:33 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\Scxpx86.dll
2009-06-19 19:33 . 2009-04-26 01:05 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSviA64.sys
2009-06-13 13:37 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-13 13:37 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-12 20:28 . 2009-04-26 01:05 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys
2009-06-12 20:28 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\Scxpx86.dll
2009-06-12 20:28 . 2009-04-26 01:05 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSviA64.sys
2009-06-12 20:28 . 2009-04-26 01:05 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvix86.sys
2009-06-12 20:28 . 2009-04-26 01:05 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.dll
2009-06-11 19:15 . 2009-06-11 20:05 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-06-11 19:12 . 2009-06-16 15:08 83456 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2009-06-11 19:12 . 2009-06-11 19:12 2169880 ----a-w- c:\programdata\SpeedBit\DAP\Offers\spo3.exe
2009-06-11 19:12 . 2009-06-11 19:12 3530776 ----a-w- c:\programdata\SpeedBit\DAP\Offers\VA23_DAPSO.exe
2009-06-11 19:05 . 2009-06-11 21:33 -------- d-----w- c:\programdata\SpeedBit
2009-06-11 19:05 . 2009-06-11 19:05 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2009-06-11 19:05 . 2009-06-11 19:12 -------- d-----w- c:\program files\DAP
2009-06-10 09:21 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 09:21 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 09:20 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 09:20 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-10 09:20 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-08 18:47 . 2009-04-26 01:05 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSXpx86.sys
2009-06-08 18:47 . 2009-04-26 01:05 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSxpx86.dll
2009-06-08 18:47 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\Scxpx86.dll
2009-06-08 18:47 . 2009-04-26 01:05 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSviA64.sys
2009-06-08 18:47 . 2009-04-26 01:05 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSvix86.sys
2009-06-07 04:12 . 2009-06-07 04:12 17484 ----a-w- c:\windows\system32\903est5al247z.exe
2009-06-06 17:30 . 2009-06-06 17:30 -------- d-----w- c:\program files\iPod
2009-06-06 17:30 . 2009-06-06 17:30 -------- d-----w- c:\program files\iTunes
2009-06-06 17:10 . 2009-06-06 17:10 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 20:01 . 2009-06-01 20:01 16890 ----a-w- c:\windows\system32\2d9evirz598.dll
2009-06-01 13:10 . 2009-06-01 13:10 5741 ----a-w- c:\windows\system32\5839not-a-virusz59.dll
2009-06-01 05:26 . 2009-06-01 05:26 225280 ----a-w- c:\windows\system32\CSInstru.DLL
2009-06-01 05:26 . 2009-06-01 05:26 266240 ----a-w- c:\windows\system32\CSHelper.exe
2009-06-01 05:26 . 2009-06-01 05:26 -------- d-----w- c:\windows\ArtistScope Plugin IE 42
2009-05-31 03:50 . 2009-05-31 03:50 -------- d-----w- c:\users\leothatguy\AppData\Roaming\acccore
2009-05-31 02:15 . 2009-05-31 02:15 -------- d-----w- c:\users\leothatguy\AppData\Local\AOL OCP
2009-05-31 02:15 . 2009-05-31 02:15 -------- d-----w- c:\users\leothatguy\AppData\Local\AOL
2009-05-31 02:15 . 2009-05-31 02:15 -------- d-----w- c:\programdata\Viewpoint
2009-05-31 02:15 . 2009-05-31 02:15 -------- d-----w- c:\program files\Viewpoint
2009-05-31 02:15 . 2009-05-31 02:15 -------- d-----w- c:\programdata\acccore
2009-05-31 02:14 . 2009-05-31 02:17 -------- d-----w- c:\programdata\AOL OCP
2009-05-31 02:14 . 2009-05-31 02:14 -------- d-----w- c:\programdata\AOL
2009-05-31 02:13 . 2009-05-31 02:13 -------- d-----w- c:\program files\Common Files\AOL

leothebest
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-23
OS : vista
Points : 27206
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by leothebest on Tue Jun 23, 2009 6:05 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 17:33 . 2009-01-28 03:05 -------- d-----w- c:\users\leothatguy\AppData\Roaming\Hamachi
2009-06-23 17:29 . 2009-02-13 19:38 1699 ----a-w- c:\windows\bthservsdp.dat
2009-06-23 15:57 . 2009-06-23 15:55 13100 ----a-w- c:\program files\hijackthis.log
2009-06-15 01:42 . 2009-02-01 01:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-15 01:41 . 2009-02-01 01:18 38208 ----a-w- c:\users\leothatguy\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-06-14 08:03 . 2009-03-19 02:46 -------- d-----w- c:\programdata\Microsoft Help
2009-06-11 20:18 . 2009-05-11 22:40 -------- d-----w- c:\program files\Spb Backup
2009-06-11 19:35 . 2009-02-01 18:13 -------- d-----w- c:\program files\BitLord
2009-06-11 19:34 . 2009-02-04 20:45 -------- d-----w- c:\program files\SimpleCenter
2009-06-06 17:30 . 2009-02-01 00:53 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 17:27 . 2009-02-01 00:56 -------- d-----w- c:\program files\QuickTime
2009-06-06 03:47 . 2009-01-28 02:25 100312 ----a-w- c:\users\leothatguy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-06 03:26 . 2009-03-19 03:04 -------- d-----w- c:\program files\Microsoft Works
2009-05-20 01:15 . 2009-01-31 20:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-20 00:47 . 2009-05-20 00:47 -------- d-----w- c:\program files\CoPilot
2009-05-17 11:19 . 2009-05-17 11:19 11360 ----a-w- c:\windows\system32\46c5a9dza5e2998.bin
2009-05-16 18:50 . 2009-05-16 18:50 3042 ----a-w- c:\windows\system32\9996s5yware9z4.exe
2009-05-14 08:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-11 20:26 . 2009-05-11 20:26 6445 ----a-w- c:\windows\system32\2450vi5zs490.exe
2009-05-09 10:07 . 2009-05-09 10:07 14050 ----a-w- c:\windows\system32\7c4threaz153259.dll
2009-05-08 12:39 . 2009-05-08 12:39 15830 ----a-w- c:\windows\system32\5sp5rsez2049.exe
2009-05-05 07:55 . 2009-05-05 07:52 -------- d-----w- c:\program files\CeRegEditor
2009-04-30 04:36 . 2009-01-28 02:22 -------- d-----w- c:\program files\Utilities
2009-04-28 20:30 . 2009-04-28 20:30 10628 ----a-w- c:\windows\system32\5z7vi9802.exe
2009-04-26 10:56 . 2009-04-26 10:56 5841 ----a-w- c:\windows\system32\50745ir99z4.exe
2009-04-26 10:43 . 2009-04-26 10:43 11948 ----a-w- c:\windows\9e45sparsez859.dll
2009-04-26 03:41 . 2009-04-26 01:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-04-26 01:06 . 2009-04-13 04:52 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-04-26 01:04 . 2009-01-29 23:02 -------- d-----w- c:\programdata\Symantec
2009-04-26 01:04 . 2009-01-28 02:32 -------- d-----w- c:\programdata\Norton
2009-04-26 01:04 . 2009-01-28 02:31 -------- d-----w- c:\programdata\NortonInstaller
2009-04-26 01:04 . 2009-04-26 01:04 -------- d-----w- c:\program files\NortonInstaller
2009-04-23 05:33 . 2009-04-23 05:33 16805 ----a-w- c:\windows\system32\2ba89ddwaze513.bin
2009-04-22 13:47 . 2009-04-22 13:47 5167 ----a-w- c:\windows\system32\z825tea92770.exe
2009-04-20 04:03 . 2009-04-20 04:03 8418 ----a-w- c:\windows\system32\19555szyc35.exe
2009-04-12 15:37 . 2009-03-23 01:28 281625 ------r- c:\programdata\Norton\Norton2009Reset.exe
2009-04-07 09:54 . 2009-04-07 09:54 12891 ----a-w- c:\windows\z53fsp9rse5584.bin
2009-04-07 09:35 . 2009-04-07 09:35 12248 ----a-w- c:\windows\system32\8z26w9rm39d5.dll
2009-04-07 07:56 . 2009-04-07 07:56 5310 ----a-w- c:\windows\system32\197z1sp5505.dll
2009-04-07 01:02 . 2009-04-07 01:02 9148 ----a-w- c:\windows\system32\ec6zackdo591028.dll
2009-04-06 16:28 . 2009-04-06 16:28 8671 ----a-w- c:\windows\system32\4a15t9rzat32162.dll
2009-04-02 01:49 . 2009-04-02 01:49 7621 ----a-w- c:\windows\96744spy5z2.exe
2009-03-26 16:58 . 2009-03-26 16:58 12172 ----a-w- c:\windows\system32\228at9re5t1869z.dll
2007-03-12 18:01 . 2009-01-28 02:24 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-03-12 18:01 . 2009-01-28 02:24 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-03-12 18:01 . 2009-01-28 02:24 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-03-12 18:01 . 2009-01-28 02:24 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-03-12 18:01 . 2009-01-28 02:24 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-07-17 13:04 . 2006-11-22 14:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-17 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-07-17 202240]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-06-11 2811392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2008-03-21 94208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-07-17 215552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PC Pitstop Optimize Scheduler"="c:\program files\PCPitstop\Optimize\PCPOptimize.exe" [2009-02-23 1680883]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]

c:\users\leothatguy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-1-27 625952]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
SimpleCenter.lnk - c:\program files\SimpleCenter\SimpleCenter.exe [2009-2-4 166912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1348739213-1683213889-3932803269-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{E74CC28A-6799-473F-86EC-086C26816C13}k:\\stronghold crusader\\stronghold crusader.exe"= UDP:k:\stronghold crusader\stronghold crusader.exe:Stronghold Crusader.exe
"UDP Query User{E662007C-1CC9-4F76-9B68-90C3D2A74202}k:\\stronghold crusader\\stronghold crusader.exe"= TCP:k:\stronghold crusader\stronghold crusader.exe:Stronghold Crusader.exe
"TCP Query User{CB6C8787-1DFE-4C84-BA84-59DB0AAB0D7D}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{C20537E4-BC4D-4716-9843-029AB9FA1B27}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{2B40ABF5-FF21-4CE3-BF52-A450EB45D3CE}c:\\program files\\java\\jre1.6.0_01\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_01\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{BC1788F2-B6F5-4280-8408-14DD90EE70E3}c:\\program files\\java\\jre1.6.0_01\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_01\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{AC735EC3-5AB9-41A5-BC27-7B86927FBA30}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{2F9C7B21-B04D-47D6-9811-BD95532B2B6B}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{41AC9EB0-985F-44B2-8E2D-0B269C2DBC20}c:\\program files\\simplecenter\\simplecenter.exe"= UDP:c:\program files\simplecenter\simplecenter.exe:SimpleCenter Media Manager and Server
"UDP Query User{CE717DB7-2B53-4857-9D57-3309B6FF9836}c:\\program files\\simplecenter\\simplecenter.exe"= TCP:c:\program files\simplecenter\simplecenter.exe:SimpleCenter Media Manager and Server
"{25FA1BC8-1381-4F5E-B002-8BC44408FB9E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1A6DF432-09EB-4ACB-99A4-325E87D5D5B7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3495EF44-A577-46E0-BA3D-43FEFCFE8961}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{70D9601B-34A3-43FC-AA47-12919EE10974}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{141DD8AD-41DC-4498-AEAA-1EB8E2963EC7}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{11438E25-F4E1-47F4-8A8C-C30107385407}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{53DD2613-5905-4DAF-B17D-581E929B26B8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1383E451-9308-490E-B4A6-904E8B15EA4D}"= UDP:c:\users\leothatguy\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{14ADBB57-970D-4A93-B3BE-61C3B5BA30C8}"= TCP:c:\users\leothatguy\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{222F6AE1-DDED-4225-8DF2-CA3B29C7DF8B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9C8BE3D9-AF70-4B7B-B575-F8C08C1F5206}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{45749839-AF7B-4B1F-90B0-226882611B76}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{C105AD5D-5C82-4DB6-B118-189A0B100257}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{636961B5-D869-4FE9-84EB-65165D4C1F7E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{13A82ED2-0F0A-417E-8B89-CD47D8916B33}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0300000.087\SymEFA.sys [4/25/2009 8:05 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.087\BHDrvx86.sys [4/25/2009 8:05 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000.087\cchpx86.sys [4/25/2009 8:05 PM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys [6/19/2009 2:33 PM 292912]
R2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [6/1/2009 12:26 AM 266240]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [4/25/2009 8:05 PM 115560]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/23/2009 3:31 AM 356920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/28/2009 9:37 AM 101936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.087\symndisv.sys [4/25/2009 8:05 PM 39984]
R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\System32\drivers\UsbFltr.sys [4/9/2007 10:50 AM 9600]

leothebest
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-23
OS : vista
Points : 27206
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by leothebest on Tue Jun 23, 2009 6:05 pm

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 09:20]

2009-06-18 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 09:20]

2009-06-23 c:\windows\Tasks\User_Feed_Synchronization-{B99FF75F-EA5A-4526-B935-4790255B571B}.job
- c:\windows\system32\msfeedssync.exe [2009-06-06 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-23 12:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5264)
c:\windows\system32\ieframe.dll
c:\windows\System32\SyncCenter.dll
c:\windows\system32\FXSRESM.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-06-23 12:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-23 17:52

Pre-Run: 14,892,711,936 bytes free
Post-Run: 14,465,241,088 bytes free

734 --- E O F --- 2009-06-14 08:05

leothebest
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-23
OS : vista
Points : 27206
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by Belahzur on Tue Jun 23, 2009 6:16 pm

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\61c7addzare39505.bin
c:\windows\system32\670spam5zt39a.dll
c:\windows\system32\31951szy640.exe
c:\windows\system32\5eazspyw5re2192.dll
c:\windows\system32\20235sz944b5.exe
c:\windows\system32\58656viz9s453.dll
c:\windows\system32\2a1zvir96195.bin
c:\windows\system32\39596zroj5a8.dll
c:\windows\system32\25z85h5cktoo967f.exe
c:\windows\system32\9e59backdoor51z.exe
c:\windows\system32\bb4sp9warz5235.dll
c:\windows\system32\56859zorm6ac.dll
c:\windows\system32\92ezvi579.bin
c:\windows\system32\5bd3thief9z475.dll
c:\windows\system32\174dstezl5901.exe
c:\windows\system32\45759ir1z81.exe
c:\windows\system32\232zvir53359.bin
c:\windows\system32\55159troj4d9z.exe
c:\windows\system32\21z95teal1939.dll
c:\windows\system32\9038vir5s5bz.bin
c:\windows\system32\96747vizus507.exe
c:\windows\system32\92512spy28z.dll
c:\windows\system32\1551s9ywzre370.dll
c:\windows\system32\29593virus792z.bin
c:\windows\system32\8849virus4z5.dll
c:\windows\system32\237z9hac9tool375.dll
c:\windows\system32\15180zac9tool25a.bin
c:\windows\system32\2495t9rzat113.dll
c:\windows\system32\884hackzool5985.exe
c:\windows\system32\105599irus4zc.exe
c:\windows\system32\911s5e9l2420z.dll
c:\windows\system32\405bd9wnlzader2876.exe
c:\windows\system32\6899h5eat1z844.bin
c:\windows\system32\6z55s9y532.exe
c:\windows\system32\499zba5kdoor2500.bin
c:\windows\system32\29767zi9us95.exe
c:\windows\system32\15527s9yz145.dll
c:\windows\system32\6998vir5858z.bin
c:\windows\system32\23887vizus92a5.dll
c:\windows\system32\9452zpy5d6.bin
c:\windows\system32\190z2hackto5l493.exe
c:\windows\system32\4660zp9mbot353.dll
c:\windows\system32\5ca5z59ef2774.bin
c:\windows\system32\6517vz53009.bin
c:\windows\system32\10629s596z4.exe
c:\windows\z8598s9ambot228.bin
c:\windows\d16s5a9sz194.dll
c:\windows\z173659cktool4e9.bin
c:\windows\98ezpyware659.bin
c:\windows\98955ir993z.dll
c:\windows\99d1threat20855z.dll
c:\windows\9619s5yz98.dll
c:\windows\system32\20558hacktool2zf9.dll
c:\windows\system32\19291not5a-viruz7ae.dll
c:\windows\system32\903est5al247z.exe
c:\windows\system32\2d9evirz598.dll
c:\windows\system32\5839not-a-virusz59.dll
c:\windows\system32\46c5a9dza5e2998.bin
c:\windows\system32\9996s5yware9z4.exe
c:\windows\system32\2450vi5zs490.exe
c:\windows\system32\7c4threaz153259.dll
c:\windows\system32\5sp5rsez2049.exe
c:\windows\system32\5z7vi9802.exe
c:\windows\system32\50745ir99z4.exe
c:\windows\9e45sparsez859.dll
c:\windows\system32\2ba89ddwaze513.bin
c:\windows\system32\z825tea92770.exe
c:\windows\system32\19555szyc35.exe
c:\windows\z53fsp9rse5584.bin
c:\windows\system32\8z26w9rm39d5.dll
c:\windows\system32\197z1sp5505.dll
c:\windows\system32\ec6zackdo591028.dll
c:\windows\system32\4a15t9rzat32162.dll
c:\windows\96744spy5z2.exe
c:\windows\system32\228at9re5t1869z.dll

Folder::
c:\programdata\Viewpoint
c:\program files\Viewpoint

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: WinblueSoft

Post by leothebest on Tue Jun 23, 2009 8:10 pm

ComboFix 09-06-22.0E - leothatguy 06/23/2009 14:11.2 - NTFSx86
Microsoft® Windows Vista Black Edition™ 2009 6.0.6001.1.1252.1.1033.18.1214.572 [GMT -5:00]
Running from: c:\users\leothatguy\Desktop\ComboFix.exe
Command switches used :: c:\users\leothatguy\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\9619s5yz98.dll"
"c:\windows\96744spy5z2.exe"
"c:\windows\98955ir993z.dll"
"c:\windows\98ezpyware659.bin"
"c:\windows\99d1threat20855z.dll"
"c:\windows\9e45sparsez859.dll"
"c:\windows\d16s5a9sz194.dll"
"c:\windows\system32\105599irus4zc.exe"
"c:\windows\system32\10629s596z4.exe"
"c:\windows\system32\15180zac9tool25a.bin"
"c:\windows\system32\1551s9ywzre370.dll"
"c:\windows\system32\15527s9yz145.dll"
"c:\windows\system32\174dstezl5901.exe"
"c:\windows\system32\190z2hackto5l493.exe"
"c:\windows\system32\19291not5a-viruz7ae.dll"
"c:\windows\system32\19555szyc35.exe"
"c:\windows\system32\197z1sp5505.dll"
"c:\windows\system32\20235sz944b5.exe"
"c:\windows\system32\20558hacktool2zf9.dll"
"c:\windows\system32\21z95teal1939.dll"
"c:\windows\system32\228at9re5t1869z.dll"
"c:\windows\system32\232zvir53359.bin"
"c:\windows\system32\237z9hac9tool375.dll"
"c:\windows\system32\23887vizus92a5.dll"
"c:\windows\system32\2450vi5zs490.exe"
"c:\windows\system32\2495t9rzat113.dll"
"c:\windows\system32\25z85h5cktoo967f.exe"
"c:\windows\system32\29593virus792z.bin"
"c:\windows\system32\29767zi9us95.exe"
"c:\windows\system32\2a1zvir96195.bin"
"c:\windows\system32\2ba89ddwaze513.bin"
"c:\windows\system32\2d9evirz598.dll"
"c:\windows\system32\31951szy640.exe"
"c:\windows\system32\39596zroj5a8.dll"
"c:\windows\system32\405bd9wnlzader2876.exe"
"c:\windows\system32\45759ir1z81.exe"
"c:\windows\system32\4660zp9mbot353.dll"
"c:\windows\system32\46c5a9dza5e2998.bin"
"c:\windows\system32\499zba5kdoor2500.bin"
"c:\windows\system32\4a15t9rzat32162.dll"
"c:\windows\system32\50745ir99z4.exe"
"c:\windows\system32\55159troj4d9z.exe"
"c:\windows\system32\56859zorm6ac.dll"
"c:\windows\system32\5839not-a-virusz59.dll"
"c:\windows\system32\58656viz9s453.dll"
"c:\windows\system32\5bd3thief9z475.dll"
"c:\windows\system32\5ca5z59ef2774.bin"
"c:\windows\system32\5eazspyw5re2192.dll"
"c:\windows\system32\5sp5rsez2049.exe"
"c:\windows\system32\5z7vi9802.exe"
"c:\windows\system32\61c7addzare39505.bin"
"c:\windows\system32\6517vz53009.bin"
"c:\windows\system32\670spam5zt39a.dll"
"c:\windows\system32\6899h5eat1z844.bin"
"c:\windows\system32\6998vir5858z.bin"
"c:\windows\system32\6z55s9y532.exe"
"c:\windows\system32\7c4threaz153259.dll"
"c:\windows\system32\8849virus4z5.dll"
"c:\windows\system32\884hackzool5985.exe"
"c:\windows\system32\8z26w9rm39d5.dll"
"c:\windows\system32\9038vir5s5bz.bin"
"c:\windows\system32\903est5al247z.exe"
"c:\windows\system32\911s5e9l2420z.dll"
"c:\windows\system32\92512spy28z.dll"
"c:\windows\system32\92ezvi579.bin"
"c:\windows\system32\9452zpy5d6.bin"
"c:\windows\system32\96747vizus507.exe"
"c:\windows\system32\9996s5yware9z4.exe"
"c:\windows\system32\9e59backdoor51z.exe"
"c:\windows\system32\bb4sp9warz5235.dll"
"c:\windows\system32\ec6zackdo591028.dll"
"c:\windows\system32\z825tea92770.exe"
"c:\windows\z173659cktool4e9.bin"
"c:\windows\z53fsp9rse5584.bin"
"c:\windows\z8598s9ambot228.bin"

leothebest
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-23
OS : vista
Points : 27206
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by leothebest on Tue Jun 23, 2009 8:12 pm

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint
c:\programdata\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
c:\windows\9619s5yz98.dll
c:\windows\96744spy5z2.exe
c:\windows\96835tzoj229.bin
c:\windows\9745s9y3zf5.exe
c:\windows\97552hzckt5ol155.ocx
c:\windows\979virus35az.cpl
c:\windows\9885zpyware2320.dll
c:\windows\98955ir993z.dll
c:\windows\98ezpyware659.bin
c:\windows\99155pywarz1372.ocx
c:\windows\99199trojz57.cpl
c:\windows\99d1threat20855z.dll
c:\windows\99d5vir2503z.bin
c:\windows\9a2cste5l1375z.cpl
c:\windows\9ab3steal252z.ocx
c:\windows\9abspazse94545.cpl
c:\windows\9b7cthzef5491.bin
c:\windows\9e45sparsez859.dll
c:\windows\9f1sp5zse156.dll
c:\windows\9z024hackto5l4c.ocx
c:\windows\9z51vi5us124.exe
c:\windows\9z8bdo5nloader832.dll
c:\windows\9zb85hief99.exe
c:\windows\b85downloaz9r19.bin
c:\windows\bdbthreat995z0.ocx
c:\windows\bzfth9ef9985.bin
c:\windows\c5zthie9483.ocx
c:\windows\d16s5a9sz194.dll
c:\windows\f5zspyware1954.cpl
c:\windows\f639teaz855.bin
c:\windows\system32\10157vi9us5c1z.ocx
c:\windows\system32\103549py46z.bin
c:\windows\system32\10541sp5mbot429z.dll
c:\windows\system32\105599irus4zc.exe
c:\windows\system32\10629s596z4.exe
c:\windows\system32\112199ot-a5zirus5a3.cpl
c:\windows\system32\11444sp95boz130.cpl
c:\windows\system32\11892ha5ktoolz16.dll
c:\windows\system32\11899v5rzs60b.dll
c:\windows\system32\12445w9rm45z.cpl
c:\windows\system32\124zspam9ot7d5.cpl
c:\windows\system32\12542not-a9viruz588.dll
c:\windows\system32\126ft9r5at15z28.dll
c:\windows\system32\13395vizus2949.ocx
c:\windows\system32\1352noz-a-v9rus28a.bin
c:\windows\system32\1354not-azvirus349.bin
c:\windows\system32\139475orz498.exe
c:\windows\system32\141b5parse2189z.dll
c:\windows\system32\14425not-a-virus5zf9.exe
c:\windows\system32\14529hreatz8903.bin
c:\windows\system32\1469sp9warz3520.dll
c:\windows\system32\14925zoj778.cpl
c:\windows\system32\1509zvirus3a9.cpl
c:\windows\system32\15142no9-a-virus355z.dll
c:\windows\system32\15149hack5ozl42f.dll
c:\windows\system32\15180zac9tool25a.bin
c:\windows\system32\15266s9ambot385z.ocx
c:\windows\system32\15350viruz599.ocx
c:\windows\system32\1545ztroj5429.cpl
c:\windows\system32\1551s9ywzre370.dll
c:\windows\system32\15527s9yz145.dll
c:\windows\system32\1589zirus4fe.exe
c:\windows\system32\16255t9oj550z.dll
c:\windows\system32\174dstezl5901.exe
c:\windows\system32\182z0s5y29e.dll
c:\windows\system32\18599troj995z.ocx
c:\windows\system32\185z5n9t-a-virus6f9.cpl
c:\windows\system32\18a59ir6z.bin
c:\windows\system32\190z2hackto5l493.exe
c:\windows\system32\19236h9ck5ool738z.cpl
c:\windows\system32\19291not5a-viruz7ae.dll
c:\windows\system32\19377n5t-a-zirus4c2.dll
c:\windows\system32\19555szyc35.exe
c:\windows\system32\1957zhi5f27539.exe
c:\windows\system32\197z1sp5505.dll
c:\windows\system32\19892h5ckzool135.exe
c:\windows\system32\199835pambot2az.ocx
c:\windows\system32\1absteaz22659.exe
c:\windows\system32\1dffsp9warez587.ocx
c:\windows\system32\1e1zba5kdoo9624.exe
c:\windows\system32\1e45spzrse1959.ocx
c:\windows\system32\1fa3th5zf3069.dll
c:\windows\system32\1fz795dware2563.dll
c:\windows\system32\1z590troj2f4.ocx
c:\windows\system32\20235sz944b5.exe
c:\windows\system32\20330nzt-a-vi95s50c.cpl
c:\windows\system32\20558hacktool2zf9.dll
c:\windows\system32\20975teal1z84.cpl
c:\windows\system32\20fthrza529179.ocx
c:\windows\system32\21456spazbot35a9.exe
c:\windows\system32\21459spazbot4e7.bin
c:\windows\system32\21538wozm295.exe
c:\windows\system32\2195zwor971a.cpl
c:\windows\system32\21z95teal1939.dll
c:\windows\system32\22520tzoj297.ocx
c:\windows\system32\227z75orm459.exe
c:\windows\system32\228at9re5t1869z.dll
c:\windows\system32\22fcaddwarz9578.cpl
c:\windows\system32\22z91hackt9ol795.cpl
c:\windows\system32\23050viru979z.ocx
c:\windows\system32\23223hacztool25f9.ocx
c:\windows\system32\232zvir53359.bin
c:\windows\system32\23494t5ojzf7.dll
c:\windows\system32\23551vi5us4z9.cpl
c:\windows\system32\23565p9rse129z.bin
c:\windows\system32\23758wo9m2zd.ocx
c:\windows\system32\237z9hac9tool375.dll
c:\windows\system32\23887vizus92a5.dll
c:\windows\system32\24089viru52z9.exe
c:\windows\system32\2448s5y19z.cpl
c:\windows\system32\2450vi5zs490.exe
c:\windows\system32\24599zirus6295.ocx
c:\windows\system32\2495t9rzat113.dll
c:\windows\system32\24afbackdooz2569.dll
c:\windows\system32\2509ztroj4a9.ocx
c:\windows\system32\2511s9ambo51z.cpl
c:\windows\system32\25259zackto5l26c.cpl
c:\windows\system32\25279vir9s273z.ocx
c:\windows\system32\254z5t5oj496.cpl
c:\windows\system32\25z85h5cktoo967f.exe
c:\windows\system32\2645zpy509.dll
c:\windows\system32\2659zhac9tool261.ocx
c:\windows\system32\26646tzo5d9.cpl
c:\windows\system32\26865trojz89.exe
c:\windows\system32\26973not-a-vir5s678z.cpl
c:\windows\system32\27134n5t-azvi9us60e.ocx
c:\windows\system32\279zthrea961605.dll
c:\windows\system32\27z9back5oor1640.ocx
c:\windows\system32\2862sp5mbzt269.cpl
c:\windows\system32\2905iruz299.exe
c:\windows\system32\29591worm6cz.bin
c:\windows\system32\29593virus792z.bin
c:\windows\system32\295z5worm24f.exe
c:\windows\system32\29767zi9us95.exe
c:\windows\system32\29843zr596c3.cpl
c:\windows\system32\29893tz5j174.ocx
c:\windows\system32\2991z5acktool1a9.cpl
c:\windows\system32\299fthreat17805z.exe
c:\windows\system32\29e15ir8z7.cpl
c:\windows\system32\29zbback5oor220.exe
c:\windows\system32\2a1zvir96195.bin
c:\windows\system32\2ba89ddwaze513.bin
c:\windows\system32\2c7bbackdoz91845.bin
c:\windows\system32\2d9czhief5922.ocx
c:\windows\system32\2d9evirz598.dll
c:\windows\system32\2dae9dzwa5e960.cpl
c:\windows\system32\2e79downloaz5r1291.dll
c:\windows\system32\2fb5ba9kdozr2390.ocx
c:\windows\system32\2z428hackt9ol5b6.exe
c:\windows\system32\2z593hacktool7bf.bin
c:\windows\system32\2z6cste5l1639.bin
c:\windows\system32\2z860not-a-viru59c1.exe
c:\windows\system32\30018sp5zbo9fb.exe
c:\windows\system32\300799orm5z1.cpl
c:\windows\system32\30762s9amzot520.ocx
c:\windows\system32\31032t5oj5z99.exe
c:\windows\system32\3159not-a-vz9us399.cpl
c:\windows\system32\31951szy640.exe
c:\windows\system32\32158hacktoo975z.exe
c:\windows\system32\32340no9-a-v5zus145.dll
c:\windows\system32\323z4spa9b5t654.cpl
c:\windows\system32\3365t9r5at55z.cpl
c:\windows\system32\349zv9r825.ocx
c:\windows\system32\35933not-z-virus4f3.exe
c:\windows\system32\359z5wormad.bin
c:\windows\system32\35zthi9f933.ocx
c:\windows\system32\36259orm5d9z.ocx
c:\windows\system32\36799d5warez970.cpl
c:\windows\system32\385dthrza9625.ocx
c:\windows\system32\393trzj565.exe
c:\windows\system32\39596zroj5a8.dll
c:\windows\system32\395downloa9er367z.ocx
c:\windows\system32\3a4cv5z9535.cpl
c:\windows\system32\3az8vir2597.dll
c:\windows\system32\3c9ethrea523650z.cpl
c:\windows\system32\3z09pyware554.bin
c:\windows\system32\3z475tro529.dll
c:\windows\system32\3z599ir2295.cpl
c:\windows\system32\3z84tr9j57a.ocx
c:\windows\system32\3zd0vir19075.cpl
c:\windows\system32\405bd9wnlzader2876.exe
c:\windows\system32\4135zhie91231.dll
c:\windows\system32\41d4stezl39725.exe
c:\windows\system32\42e6s5yza9e3110.cpl
c:\windows\system32\4349sp5warz557.cpl
c:\windows\system32\4546zddw9re3185.bin
c:\windows\system32\455za9dware920.dll
c:\windows\system32\45759ir1z81.exe
c:\windows\system32\457estezl499.exe
c:\windows\system32\4588ste9lz45.dll
c:\windows\system32\4596thrzat94347.dll
c:\windows\system32\45bsp9rse30z2.dll
c:\windows\system32\45dbac9dozr3178.ocx
c:\windows\system32\4660zp9mbot353.dll
c:\windows\system32\46c5a9dza5e2998.bin
c:\windows\system32\4706v59uszef.bin
c:\windows\system32\4731nzt-a-v5rus469.ocx
c:\windows\system32\48225pz7d9.bin
c:\windows\system32\495bspyware21z.ocx
c:\windows\system32\499zba5kdoor2500.bin
c:\windows\system32\49b9spazse8925.ocx
c:\windows\system32\49z5th9eat32695.cpl
c:\windows\system32\4a15t9rzat32162.dll
c:\windows\system32\4a3ead5w9rz2079.cpl
c:\windows\system32\4c02do9nzoader5553.bin
c:\windows\system32\4cf8zpywa95513.bin
c:\windows\system32\4d6thrza929365.ocx
c:\windows\system32\4e62backdo5r1966z.dll
c:\windows\system32\4fc9ba5kzoor2698.cpl
c:\windows\system32\4ffzs5eal24789.cpl
c:\windows\system32\4z0cthi9f23335.bin
c:\windows\system32\50745ir99z4.exe
c:\windows\system32\510bvir955z.ocx
c:\windows\system32\5149troj2zd5.dll
c:\windows\system32\5197szy5are3158.ocx
c:\windows\system32\5302t9oz650.dll
c:\windows\system32\54484virzs59f.exe
c:\windows\system32\545a9teal1047z.exe
c:\windows\system32\5493st9al24z5.ocx
c:\windows\system32\55159troj4d9z.exe
c:\windows\system32\555bvirz89.cpl
c:\windows\system32\555dow9loader221z.cpl
c:\windows\system32\5565sp9w5re3186z.dll
c:\windows\system32\556ez5w9loader2541.cpl
c:\windows\system32\561stza9475.cpl
c:\windows\system32\5649hackzool19f.cpl
c:\windows\system32\56859zorm6ac.dll
c:\windows\system32\569ct5iefz88.exe
c:\windows\system32\56dcdow5loader390z.exe
c:\windows\system32\56eebzck9oor1325.exe
c:\windows\system32\579cvir12z5.ocx
c:\windows\system32\5822zownloade59904.cpl
c:\windows\system32\5839not-a-virusz59.dll
c:\windows\system32\58595hrezt90793.bin
c:\windows\system32\58656viz9s453.dll
c:\windows\system32\5925st5al2504z.exe
c:\windows\system32\593zpambot599.cpl
c:\windows\system32\59416zpy371.cpl
c:\windows\system32\5947spyware29z3.dll
c:\windows\system32\5949wo9z550.exe
c:\windows\system32\5983steaz5116.dll
c:\windows\system32\59895hazktool765.ocx
c:\windows\system32\598esp9rze2555.ocx
c:\windows\system32\59f7v5z798.ocx
c:\windows\system32\5a63zddwa5e3129.ocx
c:\windows\system32\5aadownlo9d5rz070.bin
c:\windows\system32\5af9thzeat97565.dll
c:\windows\system32\5bbzsparse2932.exe
c:\windows\system32\5bd3thief9z475.dll
c:\windows\system32\5c90downl9adez1452.cpl
c:\windows\system32\5ca5z59ef2774.bin
c:\windows\system32\5ce4sparse1z999.ocx
c:\windows\system32\5czbvir25975.cpl
c:\windows\system32\5d35zddware16859.cpl
c:\windows\system32\5d98vir1891z.ocx
c:\windows\system32\5eazspyw5re2192.dll
c:\windows\system32\5f50zi986.exe
c:\windows\system32\5sp5rsez2049.exe
c:\windows\system32\5z265tea91378.ocx
c:\windows\system32\5z2cste9l5500.ocx
c:\windows\system32\5z5estea9308.exe
c:\windows\system32\5z7vi9802.exe
c:\windows\system32\5zf79pa5se1111.cpl
c:\windows\system32\6003wzrm593.ocx
c:\windows\system32\60125ow9loadez3017.dll
c:\windows\system32\61c7addzare39505.bin
c:\windows\system32\62e99pywarez25.cpl
c:\windows\system32\6342download5rz8939.dll
c:\windows\system32\63d9thiez30795.bin
c:\windows\system32\63ddt9ief258z.exe
c:\windows\system32\6419steal5z91.dll
c:\windows\system32\6510worz459.ocx
c:\windows\system32\6517vz53009.bin
c:\windows\system32\652z59r1774.dll
c:\windows\system32\659cspywzre963.ocx
c:\windows\system32\65a5addwaze9283.dll
c:\windows\system32\65ecthiez3599.dll
c:\windows\system32\664cbackd9or537z.exe

leothebest
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-23
OS : vista
Points : 27206
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by leothebest on Tue Jun 23, 2009 8:13 pm

c:\windows\system32\670spam5zt39a.dll
c:\windows\system32\6726w9rm2z5.cpl
c:\windows\system32\684d9t5alz251.cpl
c:\windows\system32\6899h5eat1z844.bin
c:\windows\system32\6961thr95t276z4.bin
c:\windows\system32\6998vir5858z.bin
c:\windows\system32\69b4vir47z5.bin
c:\windows\system32\6b5cs5yware1295z.dll
c:\windows\system32\6c0zb5ckdoor190.dll
c:\windows\system32\6c55sparse119z.ocx
c:\windows\system32\6d9bszea511839.ocx
c:\windows\system32\6z55s9y532.exe
c:\windows\system32\6z5add9are2512.exe
c:\windows\system32\6z8at5reat92901.dll
c:\windows\system32\7055downloazer79.ocx
c:\windows\system32\705eaddz5re2292.dll
c:\windows\system32\725bszyware2191.cpl
c:\windows\system32\72d75zr9at10505.dll
c:\windows\system32\73ebzp9rse1635.dll
c:\windows\system32\757za9dware644.dll
c:\windows\system32\75d1bac5door27z89.cpl
c:\windows\system32\7715sp973cz.cpl
c:\windows\system32\781etzre5t11799.ocx
c:\windows\system32\7857t95j10z.ocx
c:\windows\system32\795dszarse922.exe
c:\windows\system32\7961zack5ool9a.ocx
c:\windows\system32\79e0downloadzr19595.dll
c:\windows\system32\79z2vir5s275.cpl
c:\windows\system32\79z5thief1736.exe
c:\windows\system32\7acedo5nl9zder144.bin
c:\windows\system32\7b39baczdoor18835.exe
c:\windows\system32\7c4threaz153259.dll
c:\windows\system32\7f19t5ief1333z.bin
c:\windows\system32\7zac5teal24439.cpl
c:\windows\system32\8052n9t-z-viru55e4.bin
c:\windows\system32\82795pazbota4.dll
c:\windows\system32\8308hzc59ool5c1.ocx
c:\windows\system32\85689py690z.ocx
c:\windows\system32\8616zr957e9.dll
c:\windows\system32\8824virus5z9.ocx
c:\windows\system32\8849virus4z5.dll
c:\windows\system32\884hackzool5985.exe
c:\windows\system32\8z26w9rm39d5.dll
c:\windows\system32\9038vir5s5bz.bin
c:\windows\system32\903est5al247z.exe
c:\windows\system32\90884spy539z.cpl
c:\windows\system32\908s5eal159z.cpl
c:\windows\system32\91005zo5m50e.exe
c:\windows\system32\911s5e9l2420z.dll
c:\windows\system32\91952wozm5e.cpl
c:\windows\system32\92512spy28z.dll
c:\windows\system32\929ha5ktoo9zdd.exe
c:\windows\system32\92ezvi579.bin
c:\windows\system32\9327s5zware2083.ocx
c:\windows\system32\93511v5ruszbf.dll
c:\windows\system32\93f7stea52z25.cpl
c:\windows\system32\9452zpy5d6.bin
c:\windows\system32\94daddwa5e1914z.dll
c:\windows\system32\9535vizus5295.cpl
c:\windows\system32\9539sparse50z5.cpl
c:\windows\system32\9554steal2z64.bin
c:\windows\system32\9577ztroj53c.exe
c:\windows\system32\95886virus1cz.cpl
c:\windows\system32\9595vzru527d.ocx
c:\windows\system32\9638n9t-5-virus5b5z.cpl
c:\windows\system32\9672sp59za.cpl
c:\windows\system32\96747vizus507.exe
c:\windows\system32\96995otza-virus372.cpl
c:\windows\system32\96favir5761z.ocx
c:\windows\system32\96z9backdoor5615.exe
c:\windows\system32\977spywzre1905.ocx
c:\windows\system32\995s9ywarez78.cpl
c:\windows\system32\9996s5yware9z4.exe
c:\windows\system32\9a40t5izf1082.ocx
c:\windows\system32\9e59backdoor51z.exe
c:\windows\system32\9f7cviz3205.exe
c:\windows\system32\9z36troj7165.exe
c:\windows\system32\a35backdozr1945.cpl
c:\windows\system32\b29dowz9oade52633.ocx
c:\windows\system32\bb4sp9warz5235.dll
c:\windows\system32\e55spar9e556z.bin
c:\windows\system32\ec6zackdo591028.dll
c:\windows\system32\z0295ackdoor561.ocx
c:\windows\system32\z1256t9oj3de.ocx
c:\windows\system32\z16559y281.cpl
c:\windows\system32\z17905py661.dll
c:\windows\system32\z1892tr597ef.exe
c:\windows\system32\z1advir1915.dll
c:\windows\system32\z1e2vi52669.cpl
c:\windows\system32\z2475sp9mbot596.bin
c:\windows\system32\z302595y5f3.bin
c:\windows\system32\z5229spy4b5.cpl
c:\windows\system32\z5276hackto59659.exe
c:\windows\system32\z6512hackto9l4ba.bin
c:\windows\system32\z66859py45.cpl
c:\windows\system32\z7760spamb5t9a0.bin
c:\windows\system32\z792w95m276.exe
c:\windows\system32\z825tea92770.exe
c:\windows\system32\z901not-a-virus4035.exe
c:\windows\system32\z9356worm2c15.bin
c:\windows\system32\z951downloader920.ocx
c:\windows\system32\z9790spa5bot9d.exe
c:\windows\system32\z9c5ste9l2470.cpl
c:\windows\system32\z9dthief23025.cpl
c:\windows\system32\za995hief2006.cpl
c:\windows\system32\zbb8th5eat19237.cpl
c:\windows\system32\zc995hreat96347.bin
c:\windows\system32\zd8estea53958.dll
c:\windows\system32\zffast5al2929.exe
c:\windows\z0e2vir27559.cpl
c:\windows\z173659cktool4e9.bin
c:\windows\z1e9ow5loader1207.dll
c:\windows\z295vir2528.cpl
c:\windows\z4cst5al21739.bin
c:\windows\z50c9teal1715.ocx
c:\windows\z53fsp9rse5584.bin
c:\windows\z54505pamb9t5b7.ocx
c:\windows\z6955irus2a9.ocx
c:\windows\z7640t9oj5e1.ocx
c:\windows\z8598s9ambot228.bin
c:\windows\z8995orm299.dll
c:\windows\z93fback9oor19835.ocx
c:\windows\z9495sp521c.exe
c:\windows\z951worm5e5.dll
c:\windows\z9650hackto9l33a5.cpl
c:\windows\z9a65hief812.bin
c:\windows\zb359ddware98.ocx
c:\windows\zb56down5oader9539.ocx
c:\windows\zdd5thi5f22479.cpl

leothebest
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-23
OS : vista
Points : 27206
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by leothebest on Tue Jun 23, 2009 8:13 pm

.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-23 19:25 . 2009-06-23 19:31 -------- d-----w- c:\users\leothatguy\AppData\Local\temp
2009-06-23 18:12 . 2009-06-23 18:12 -------- d-----w- c:\users\leothatguy\AppData\Roaming\Malwarebytes
2009-06-23 17:52 . 2009-04-26 01:05 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090623.002\NAVEX15.SYS
2009-06-23 17:52 . 2009-04-26 01:05 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090623.002\NAVENG.SYS
2009-06-23 17:52 . 2009-04-26 01:05 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090623.002\NAVENG32.DLL
2009-06-23 17:52 . 2009-04-26 01:05 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090623.002\NAVEX32A.DLL
2009-06-23 17:52 . 2009-04-26 01:05 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090623.002\EECTRL.SYS
2009-06-23 17:52 . 2009-04-26 01:05 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090623.002\ERASER.SYS
2009-06-23 17:52 . 2009-04-26 01:05 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090623.002\ECMSVR32.DLL
2009-06-23 17:52 . 2009-04-26 01:05 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090623.002\CCERASER.DLL
2009-06-23 16:47 . 2009-06-23 17:53 -------- d-s---w- C:\Combo-Fix
2009-06-23 16:15 . 2009-06-23 16:15 -------- d-----w- c:\program files\backups
2009-06-23 15:54 . 2009-06-23 15:54 401720 ----a-w- c:\program files\Hijack(GP)This.exe
2009-06-23 15:17 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 15:17 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 08:31 . 2008-06-11 02:22 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-06-23 08:31 . 2008-06-02 20:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-06-23 08:31 . 2008-06-02 20:19 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-06-23 08:31 . 2008-06-02 20:19 42376 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-06-23 08:31 . 2009-06-23 16:30 -------- d-----w- c:\program files\Spyware Doctor
2009-06-23 08:31 . 2009-06-23 08:31 -------- d-----w- c:\users\leothatguy\AppData\Roaming\PC Tools
2009-06-23 08:04 . 2009-06-23 08:30 -------- d-----w- c:\users\leothatguy\AppData\Roaming\GetRightToGo
2009-06-23 06:48 . 2009-06-23 06:48 -------- d-----w- c:\programdata\Malwarebytes
2009-06-23 06:48 . 2009-06-23 16:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 06:21 . 2009-06-23 06:21 -------- d-----r- c:\program files\Norton Support
2009-06-22 21:08 . 2009-06-23 14:25 95744 ----a-w- c:\programdata\SpeedBit\DAP\Updates\Condition.dll
2009-06-19 19:33 . 2009-04-26 01:05 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys
2009-06-19 19:33 . 2009-04-26 01:05 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys
2009-06-19 19:33 . 2009-04-26 01:05 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSxpx86.dll
2009-06-19 19:33 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\Scxpx86.dll
2009-06-19 19:33 . 2009-04-26 01:05 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSviA64.sys
2009-06-13 13:37 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-13 13:37 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-12 20:28 . 2009-04-26 01:05 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys
2009-06-12 20:28 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\Scxpx86.dll
2009-06-12 20:28 . 2009-04-26 01:05 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSviA64.sys
2009-06-12 20:28 . 2009-04-26 01:05 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvix86.sys
2009-06-12 20:28 . 2009-04-26 01:05 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.dll
2009-06-11 19:15 . 2009-06-11 20:05 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-06-11 19:12 . 2009-06-16 15:08 83456 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2009-06-11 19:12 . 2009-06-11 19:12 2169880 ----a-w- c:\programdata\SpeedBit\DAP\Offers\spo3.exe
2009-06-11 19:12 . 2009-06-11 19:12 3530776 ----a-w- c:\programdata\SpeedBit\DAP\Offers\VA23_DAPSO.exe
2009-06-11 19:05 . 2009-06-11 21:33 -------- d-----w- c:\programdata\SpeedBit
2009-06-11 19:05 . 2009-06-11 19:05 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2009-06-11 19:05 . 2009-06-11 19:12 -------- d-----w- c:\program files\DAP
2009-06-10 09:21 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 09:21 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 09:20 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 09:20 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-10 09:20 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-08 18:47 . 2009-04-26 01:05 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSXpx86.sys
2009-06-08 18:47 . 2009-04-26 01:05 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSxpx86.dll
2009-06-08 18:47 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\Scxpx86.dll
2009-06-08 18:47 . 2009-04-26 01:05 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSviA64.sys
2009-06-08 18:47 . 2009-04-26 01:05 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSvix86.sys
2009-06-06 17:30 . 2009-06-06 17:30 -------- d-----w- c:\program files\iPod
2009-06-06 17:30 . 2009-06-06 17:30 -------- d-----w- c:\program files\iTunes
2009-06-06 17:10 . 2009-06-06 17:10 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 05:26 . 2009-06-01 05:26 225280 ----a-w- c:\windows\system32\CSInstru.DLL
2009-06-01 05:26 . 2009-06-01 05:26 266240 ----a-w- c:\windows\system32\CSHelper.exe
2009-06-01 05:26 . 2009-06-01 05:26 -------- d-----w- c:\windows\ArtistScope Plugin IE 42
2009-05-31 03:50 . 2009-05-31 03:50 -------- d-----w- c:\users\leothatguy\AppData\Roaming\acccore
2009-05-31 02:15 . 2009-05-31 02:15 -------- d-----w- c:\users\leothatguy\AppData\Local\AOL OCP
2009-05-31 02:15 . 2009-05-31 02:15 -------- d-----w- c:\users\leothatguy\AppData\Local\AOL
2009-05-31 02:15 . 2009-05-31 02:15 -------- d-----w- c:\programdata\acccore
2009-05-31 02:14 . 2009-05-31 02:17 -------- d-----w- c:\programdata\AOL OCP
2009-05-31 02:14 . 2009-05-31 02:14 -------- d-----w- c:\programdata\AOL
2009-05-31 02:13 . 2009-05-31 02:13 -------- d-----w- c:\program files\Common Files\AOL
2009-05-31 00:52 . 2009-05-31 02:15 -------- d-----w- c:\program files\AIM6
2009-05-24 23:43 . 2009-05-24 23:43 -------- d-----w- c:\programdata\WindowsSearch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 19:29 . 2009-01-28 03:05 -------- d-----w- c:\users\leothatguy\AppData\Roaming\Hamachi
2009-06-23 19:26 . 2009-02-13 19:38 1699 ----a-w- c:\windows\bthservsdp.dat
2009-06-23 15:57 . 2009-06-23 15:55 13100 ----a-w- c:\program files\hijackthis.log
2009-06-15 01:42 . 2009-02-01 01:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-15 01:41 . 2009-02-01 01:18 38208 ----a-w- c:\users\leothatguy\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-06-14 08:03 . 2009-03-19 02:46 -------- d-----w- c:\programdata\Microsoft Help
2009-06-11 20:18 . 2009-05-11 22:40 -------- d-----w- c:\program files\Spb Backup
2009-06-11 19:35 . 2009-02-01 18:13 -------- d-----w- c:\program files\BitLord
2009-06-11 19:34 . 2009-02-04 20:45 -------- d-----w- c:\program files\SimpleCenter
2009-06-06 17:30 . 2009-02-01 00:53 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 17:27 . 2009-02-01 00:56 -------- d-----w- c:\program files\QuickTime
2009-06-06 03:47 . 2009-01-28 02:25 100312 ----a-w- c:\users\leothatguy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-06 03:26 . 2009-03-19 03:04 -------- d-----w- c:\program files\Microsoft Works
2009-05-20 01:15 . 2009-01-31 20:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-20 00:47 . 2009-05-20 00:47 -------- d-----w- c:\program files\CoPilot
2009-05-14 08:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-05 07:55 . 2009-05-05 07:52 -------- d-----w- c:\program files\CeRegEditor
2009-04-30 04:36 . 2009-01-28 02:22 -------- d-----w- c:\program files\Utilities
2009-04-26 03:41 . 2009-04-26 01:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-04-26 01:06 . 2009-04-13 04:52 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-04-26 01:04 . 2009-01-29 23:02 -------- d-----w- c:\programdata\Symantec
2009-04-26 01:04 . 2009-01-28 02:32 -------- d-----w- c:\programdata\Norton
2009-04-26 01:04 . 2009-01-28 02:31 -------- d-----w- c:\programdata\NortonInstaller
2009-04-26 01:04 . 2009-04-26 01:04 -------- d-----w- c:\program files\NortonInstaller
2009-04-12 15:37 . 2009-03-23 01:28 281625 ------r- c:\programdata\Norton\Norton2009Reset.exe
2007-03-12 18:01 . 2009-01-28 02:24 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-03-12 18:01 . 2009-01-28 02:24 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-03-12 18:01 . 2009-01-28 02:24 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-03-12 18:01 . 2009-01-28 02:24 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-03-12 18:01 . 2009-01-28 02:24 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-07-17 13:04 . 2006-11-22 14:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

leothebest
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-23
OS : vista
Points : 27206
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by leothebest on Tue Jun 23, 2009 8:14 pm

.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-28 04:00 . 2009-06-23 19:31 42152 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-06-23 19:31 58854 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-28 02:23 . 2009-06-23 19:31 12402 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1348739213-1683213889-3932803269-1000_UserData.bin
- 2006-11-02 13:00 . 2009-06-23 17:32 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-06-23 19:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-06-23 19:28 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-06-23 17:32 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-06-23 17:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:00 . 2009-06-23 19:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-23 19:27 . 2009-06-23 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-23 17:31 . 2009-06-23 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-23 19:27 . 2009-06-23 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-23 17:31 . 2009-06-23 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-17 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-07-17 202240]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-06-11 2811392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2008-03-21 94208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-07-17 215552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PC Pitstop Optimize Scheduler"="c:\program files\PCPitstop\Optimize\PCPOptimize.exe" [2009-02-23 1680883]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]

c:\users\leothatguy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-1-27 625952]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
SimpleCenter.lnk - c:\program files\SimpleCenter\SimpleCenter.exe [2009-2-4 166912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1348739213-1683213889-3932803269-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{E74CC28A-6799-473F-86EC-086C26816C13}k:\\stronghold crusader\\stronghold crusader.exe"= UDP:k:\stronghold crusader\stronghold crusader.exe:Stronghold Crusader.exe
"UDP Query User{E662007C-1CC9-4F76-9B68-90C3D2A74202}k:\\stronghold crusader\\stronghold crusader.exe"= TCP:k:\stronghold crusader\stronghold crusader.exe:Stronghold Crusader.exe
"TCP Query User{CB6C8787-1DFE-4C84-BA84-59DB0AAB0D7D}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{C20537E4-BC4D-4716-9843-029AB9FA1B27}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{2B40ABF5-FF21-4CE3-BF52-A450EB45D3CE}c:\\program files\\java\\jre1.6.0_01\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_01\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{BC1788F2-B6F5-4280-8408-14DD90EE70E3}c:\\program files\\java\\jre1.6.0_01\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_01\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{AC735EC3-5AB9-41A5-BC27-7B86927FBA30}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{2F9C7B21-B04D-47D6-9811-BD95532B2B6B}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{41AC9EB0-985F-44B2-8E2D-0B269C2DBC20}c:\\program files\\simplecenter\\simplecenter.exe"= UDP:c:\program files\simplecenter\simplecenter.exe:SimpleCenter Media Manager and Server
"UDP Query User{CE717DB7-2B53-4857-9D57-3309B6FF9836}c:\\program files\\simplecenter\\simplecenter.exe"= TCP:c:\program files\simplecenter\simplecenter.exe:SimpleCenter Media Manager and Server
"{25FA1BC8-1381-4F5E-B002-8BC44408FB9E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1A6DF432-09EB-4ACB-99A4-325E87D5D5B7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3495EF44-A577-46E0-BA3D-43FEFCFE8961}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{70D9601B-34A3-43FC-AA47-12919EE10974}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{141DD8AD-41DC-4498-AEAA-1EB8E2963EC7}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{11438E25-F4E1-47F4-8A8C-C30107385407}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{53DD2613-5905-4DAF-B17D-581E929B26B8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1383E451-9308-490E-B4A6-904E8B15EA4D}"= UDP:c:\users\leothatguy\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{14ADBB57-970D-4A93-B3BE-61C3B5BA30C8}"= TCP:c:\users\leothatguy\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{222F6AE1-DDED-4225-8DF2-CA3B29C7DF8B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9C8BE3D9-AF70-4B7B-B575-F8C08C1F5206}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{45749839-AF7B-4B1F-90B0-226882611B76}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{C105AD5D-5C82-4DB6-B118-189A0B100257}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{636961B5-D869-4FE9-84EB-65165D4C1F7E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{13A82ED2-0F0A-417E-8B89-CD47D8916B33}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0300000.087\SymEFA.sys [4/25/2009 8:05 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.087\BHDrvx86.sys [4/25/2009 8:05 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000.087\cchpx86.sys [4/25/2009 8:05 PM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys [6/19/2009 2:33 PM 292912]
R2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [6/1/2009 12:26 AM 266240]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [4/25/2009 8:05 PM 115560]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/23/2009 3:31 AM 356920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/28/2009 9:37 AM 101936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.087\symndisv.sys [4/25/2009 8:05 PM 39984]
R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\System32\drivers\UsbFltr.sys [4/9/2007 10:50 AM 9600]

leothebest
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-23
OS : vista
Points : 27206
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by leothebest on Tue Jun 23, 2009 8:15 pm

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 09:20]

2009-06-18 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 09:20]

2009-06-23 c:\windows\Tasks\User_Feed_Synchronization-{B99FF75F-EA5A-4526-B935-4790255B571B}.job
- c:\windows\system32\msfeedssync.exe [2009-06-06 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-23 14:30
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4532)
c:\windows\system32\ntshrui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-06-23 14:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-23 19:48
ComboFix2.txt 2009-06-23 17:53

Pre-Run: 14,540,705,792 bytes free
Post-Run: 14,424,104,960 bytes free

813 --- E O F --- 2009-06-14 08:05

leothebest
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-23
OS : vista
Points : 27206
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by Belahzur on Tue Jun 23, 2009 8:20 pm

Hello.
This looks good now, just a few more things to remove and I can say were done here.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: WinblueSoft

Post by leothebest on Tue Jun 23, 2009 8:45 pm

7-Zip 4.42
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.2
AIM 6
Apple Mobile Device Support
Apple Software Update
ArtistScope Plugin IE 42
AviSynth 2.5
Bonjour
CCleaner (remove only)
CeRegEditor 0.0.4.4
CoPilot Central
DivX Web Player
Download Accelerator Plus (DAP)
Easy Video Convert
EVEREST Ultimate Edition v5.00
Free Video to iPod Converter version 3.1
Free YouTube to iPod Converter version 3.1
GEAR driver installer for x86 and x64
Hamachi 1.0.3.0
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
imeem Uploader
ImgBurn (Remove Only)
iTunes
Java(TM) 6 Update 13
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 3.4.5 Full
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.3)
MP3 Rocket
MSXML 4.0 SP2 (KB954430)
Nero 8
neroxml
Norton 360
PayPal Plug-In
PC Pitstop Optimize 1.5
QuickTime
RegCure
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
SimpleCenter 4.2.0.67
Spb Backup
Spb Mobile Shell
Spb Weather
Spyware Doctor 6.0
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb970012)
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
Videora iPod Converter 4.07
Viewpoint Media Player
Windows Mobile Device Center
Yahoo! Mail Advisor
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader App 1.02

and u are best there is thanx

leothebest
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-23
OS : vista
Points : 27206
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by Belahzur on Tue Jun 23, 2009 9:08 pm

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    7-Zip 4.42
    Java(TM) 6 Update 13
    Java(TM) SE Runtime Environment 6 Update 1
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: WinblueSoft

Post by leothebest on Tue Jun 23, 2009 9:20 pm

great ...but do i have to reinstall those programs?

leothebest
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-23
OS : vista
Points : 27206
# Likes : 0

View user profile

Back to top Go down

Re: WinblueSoft

Post by Belahzur on Tue Jun 23, 2009 9:26 pm

Hello.
For Java and 7zip, yes, you had old versions

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "This release is Windows 7 support-ready and includes support for Internet Explorer 8...".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe that you downloaded to install the newest version.


For 7zip, download it here:
7zip.org


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum