WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Winbluesoft infected

2 posters

descriptionWinbluesoft infected EmptyWinbluesoft infectedFri Jun 05, 2009 10:37 am

more_horiz
I am infected with winbluesoft i been lookin over most people post and instructions and i have started to get some of it fixxed so far i just need to know what files need to be deleted to get rid of this.

I have ran my computer in safe mode and deleted the file C:/windows/system32.blocker.dll
i have installed the maleware installer,and hijack this.I have my log files also from hijackthis.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:47 AM, on 6/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Windows\System32\setup2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\VistaCodecPack\rm\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: blocker.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9dd5e2e428ee0) (gupdate1c9dd5e2e428ee0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10979 bytes

descriptionWinbluesoft infected EmptyRe: Winbluesoft infectedFri Jun 05, 2009 10:55 am

more_horiz
Hello.

  • Open HijackThis again.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
    O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
    O20 - AppInit_DLLs: blocker.dll


  • Press "Fix Checked"
  • Close Hijack This.

Next,

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

Winbluesoft infected CF_download_FF

Winbluesoft infected CF_download_rename

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV. (Norton)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Winbluesoft infected DXwU4
Winbluesoft infected VvYDg

descriptionWinbluesoft infected EmptyRe: Winbluesoft infectedFri Jun 05, 2009 11:46 am

more_horiz
ComboFix 09-06-04.09 - Johnny 06/05/2009 10:28.1 - NTFSx86
Microsoft®️ Windows Vista™️ Ultimate 6.0.6001.1.1252.1.1033.18.1915.1019 [GMT -5:00]
Running from: c:\users\Johnny\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Johnny\AppData\Roaming\inst.exe
c:\windows\10076ha9k5ozl785.ocx
c:\windows\10376zroj915.ocx
c:\windows\107539ot-a-vizus758.cpl
c:\windows\1145d5wz9oader454.ocx
c:\windows\1159spa9sez496.exe
c:\windows\11999wzr5199.bin
c:\windows\119zwor5991.dll
c:\windows\1265tr9jdbz.exe
c:\windows\12702hack9oo5bcz.bin
c:\windows\127z1tr5j3c9.cpl
c:\windows\12815no9-a-vzrusc4.bin
c:\windows\130345ack9ozl637.dll
c:\windows\13237hac9tozl25c.dll
c:\windows\1328not5a-vir9s307z.bin
c:\windows\13322no9-a-zirus153.bin
c:\windows\1342zpy5f9.exe
c:\windows\1364s9amb5t6z4.bin
c:\windows\13961hacktozl455.dll
c:\windows\145cdown9oa5zr954.ocx
c:\windows\145z9spy982.exe
c:\windows\1473zs5y790.dll
c:\windows\14758spzmbot19d5.exe
c:\windows\14z6vi9us77b5.exe
c:\windows\15422wz9mcc.bin
c:\windows\1562z9acktoo5378.ocx
c:\windows\15775zot-5-9irus1bc.dll
c:\windows\15785hzck9oold5.exe
c:\windows\15933wo5m7z8.exe
c:\windows\15959ackdoor15z0.ocx
c:\windows\1597spazbot322.bin
c:\windows\15d9adz9are2590.ocx
c:\windows\160835py49z.dll
c:\windows\1618dow9loa5er268z.exe
c:\windows\163495irus3z0.bin
c:\windows\16591hack5ool7a9z.cpl
c:\windows\1678s9y5arz2252.cpl
c:\windows\169759iruz2355.dll
c:\windows\16efdownloa5e9144z.exe
c:\windows\17384tz9j577.bin
c:\windows\17591s9amzot7f35.bin
c:\windows\17629vi5us19cz.cpl
c:\windows\1763zspa5bo930b.cpl
c:\windows\17z21tr5j96.ocx
c:\windows\18629szamb5t20e9.dll
c:\windows\18812haczto9l6465.bin
c:\windows\19422n9z-a-5irus4fc.cpl
c:\windows\19441zpa5bot9b5.bin
c:\windows\19540z9oj7a45.dll
c:\windows\19895hac5tool6zb.exe
c:\windows\19945zpy9e5.cpl
c:\windows\19958spy58z.exe
c:\windows\19e4v5z61.exe
c:\windows\19z5steal2175.ocx
c:\windows\19z99sp595.ocx
c:\windows\1a84threa51309z.dll
c:\windows\1a9zvir995.dll
c:\windows\1b95thzef808.cpl
c:\windows\1cz895ief1296.bin
c:\windows\1dz9bac5door977.ocx
c:\windows\1e5zthief19459.dll
c:\windows\1z12295cktool2c2.ocx
c:\windows\1z415hackto9l67c.exe
c:\windows\1z859w5r960a.exe
c:\windows\1z92259oj5b1.ocx
c:\windows\20455not-azv9rusfd.ocx
c:\windows\20509no9-azvirus1fc.dll
c:\windows\20539ha9kt5zl4c2.cpl
c:\windows\205zth9ef342.exe
c:\windows\20978worm3za5.dll
c:\windows\20cesteal958z.dll
c:\windows\21158z9t-a-virus5b05.dll
c:\windows\21433zot-a-virus75b9.dll
c:\windows\22028haz9too5343.exe
c:\windows\22100za9kt5ol44a.cpl
c:\windows\22320not5a-v9rus4dz.bin
c:\windows\223ea5d9are19z5.exe
c:\windows\224795orz49.ocx
c:\windows\23559zpambot739.exe
c:\windows\2363295rzs70e.ocx
c:\windows\23804zir5s9d.dll
c:\windows\2422tro951z.dll
c:\windows\24645s9amzot639.ocx
c:\windows\247345roj9fz.ocx
c:\windows\24760vir5szdd9.ocx
c:\windows\247espywz9e751.ocx
c:\windows\25050hacktool4z89.exe
c:\windows\2524zspamb9te5.exe
c:\windows\2533059rmzba.cpl
c:\windows\253dadd9arz2507.cpl
c:\windows\2552spzmbot49.bin
c:\windows\25544spa9bot2zb.dll
c:\windows\2559vi9uszcf.dll
c:\windows\2572spywar931z.dll
c:\windows\2590sp5wzre1000.ocx
c:\windows\25943zir9s495.ocx
c:\windows\25959z5oj963.dll
c:\windows\259919acztool625.cpl
c:\windows\2599vir2563z.ocx
c:\windows\25b9pyware820z.dll
c:\windows\25z5steal2529.cpl
c:\windows\2622hack9o5l40az.exe
c:\windows\26430notza-virus950.dll
c:\windows\2650znot-a9virus7645.bin
c:\windows\26546w9rm4ccz.exe
c:\windows\269z3sp5569.exe
c:\windows\26z86tro52d39.dll
c:\windows\27335w9rm3e8z.cpl
c:\windows\27bzt9ief1505.exe
c:\windows\28559s9y2z.dll
c:\windows\28683sp9mzotd5.cpl
c:\windows\290059rzj11d.exe
c:\windows\29042nz9-a-virus75c.dll
c:\windows\29558trzj409.dll
c:\windows\29626not9a5vizus22.bin
c:\windows\29821n5t-a-virus194z.dll
c:\windows\2998zr5j2f7.exe
c:\windows\2999vi5uz1d9.cpl
c:\windows\29b0th9ezt28588.exe
c:\windows\2a0spa9s51z10.ocx
c:\windows\2a5595zware3068.cpl
c:\windows\2c65s9arsz320.bin
c:\windows\2efcs5ealz69.ocx
c:\windows\2f27sza95e1348.cpl
c:\windows\2f65downloaz9r889.cpl
c:\windows\2f9fspyware2z57.cpl
c:\windows\2z57spamb9555c.exe
c:\windows\2z95v5r104.dll
c:\windows\3012d5wnloade9z79.bin
c:\windows\30687troj593z.bin
c:\windows\3094sparz96105.exe
c:\windows\3215z9irus7f8.exe
c:\windows\32591troz196.bin
c:\windows\32b9ad5waze2740.cpl
c:\windows\353119irus69z.cpl
c:\windows\35455troj5ez9.dll
c:\windows\3599backdoor889z.cpl
c:\windows\3644t5rea926841z.dll
c:\windows\3685sp9ware20z3.ocx
c:\windows\3685trojz59.exe
c:\windows\383fdo5nl9adzr343.cpl
c:\windows\384zvir90405.exe
c:\windows\3929threatz1582.ocx
c:\windows\393zs5eal1729.dll
c:\windows\3965sparse2z095.ocx
c:\windows\3965viruz4179.exe
c:\windows\39965zief989.ocx
c:\windows\39d5a9zware577.exe
c:\windows\3b28add5arez297.ocx
c:\windows\3c1dsp5r9z650.bin
c:\windows\3d19spz5se3091.exe
c:\windows\3d8ezdd9are351.ocx
c:\windows\3e9dzteal5925.exe
c:\windows\3eebs9yw5rez751.exe
c:\windows\3f89s5azs91999.cpl
c:\windows\3z535spambot579.ocx
c:\windows\3za5ste9l2443.exe
c:\windows\4160s9yware527z.cpl
c:\windows\418eb9ckd5orz55.cpl
c:\windows\41d0thz9f2533.ocx
c:\windows\4251s9arsz1010.ocx
c:\windows\42cb95r275z.ocx
c:\windows\435zspy9are290.dll
c:\windows\4398wo5z7e3.bin
c:\windows\43z55roj6b39.ocx
c:\windows\442sp5ze9.dll
c:\windows\448bspywz9e2415.bin
c:\windows\455a9parze2073.bin
c:\windows\45d3spywa5e429z.bin
c:\windows\45zaddw59e485.cpl
c:\windows\463szambot915.bin
c:\windows\46a59hrezt4268.exe
c:\windows\471zs59rse536.cpl
c:\windows\4813ad9w5re7z5.exe
c:\windows\4828hackt5ol649z.ocx
c:\windows\485csparse2906z.exe
c:\windows\48f9downlo5der26z79.ocx
c:\windows\4996thre5t18753z.ocx
c:\windows\49985pa9ze1655.cpl
c:\windows\49b9zpywar52413.dll
c:\windows\49f3zir27775.exe
c:\windows\49z4thi5f790.cpl
c:\windows\49zasparse21005.bin
c:\windows\4b79sz9rse26275.bin
c:\windows\4babdo5zloade9315.bin
c:\windows\4bd9backzoor31515.ocx
c:\windows\4be6downl9ader2z05.bin
c:\windows\4cbzstea923515.ocx
c:\windows\4z5bsp9ware1726.exe
c:\windows\50281zacktool981.cpl
c:\windows\510z9pam5ot46f.bin
c:\windows\51358not-a-vzrus589.exe
c:\windows\5155vzrus459.dll
c:\windows\51e0threzt127329.dll
c:\windows\52393spambot11z.exe
c:\windows\52525ackdoo91310z.cpl
c:\windows\5255sza9se2049.dll
c:\windows\526downlo9dzr2573.exe
c:\windows\52991sp9mbot4ze.ocx
c:\windows\52azt9re5t29434.cpl
c:\windows\52b9viz2504.dll
c:\windows\5358zown9oader2364.dll
c:\windows\53891trzj28c.cpl
c:\windows\5389threat1938z.bin
c:\windows\541fthiez7955.ocx
c:\windows\5434virz57459.exe
c:\windows\54425zir9s570.cpl
c:\windows\55119zroj588.exe
c:\windows\5577zow5lo9der1899.dll
c:\windows\5584sp5z9d.exe
c:\windows\5591h5cztool519.bin
c:\windows\562cvzr9651.exe
c:\windows\56519virus2ez.exe
c:\windows\565dthi9f1452z.ocx
c:\windows\5666z9rus542.bin
c:\windows\57969ir29z0.dll
c:\windows\57970zroja3.exe
c:\windows\57ceaddwaz9140.cpl
c:\windows\57e4t9ie59z3.exe
c:\windows\57z9ir25165.ocx
c:\windows\5815d9wnloader169z.bin
c:\windows\5846backdoor9z97.exe
c:\windows\58789zt-a-vir5s18.bin
c:\windows\5879sp5903z.cpl
c:\windows\58d89pywaze1592.cpl
c:\windows\590espyzar52853.exe
c:\windows\591aaddwzre919.cpl
c:\windows\59569spy4ze.bin
c:\windows\5959steal2z58.bin
c:\windows\5959thzef1532.bin
c:\windows\59648spam9ot795z.cpl
c:\windows\596virz837.ocx
c:\windows\5970sparz52296.ocx
c:\windows\5978tz5ef2873.cpl
c:\windows\598fspzrse23835.exe
c:\windows\59a4ba9kzoor1989.exe
c:\windows\59a5sparse5z94.dll
c:\windows\59c9downloader303z5.exe
c:\windows\59e0zhief3575.dll
c:\windows\59eazparse5571.ocx
c:\windows\5a0stez99.dll
c:\windows\5a7bzir1493.exe

descriptionWinbluesoft infected EmptyRe: Winbluesoft infectedFri Jun 05, 2009 11:48 am

more_horiz
c:\windows\5b3db9c5dzor1903.dll
c:\windows\5b96threzt13819.ocx
c:\windows\5c769h5eat306z4.cpl
c:\windows\5c7back9oorz784.ocx
c:\windows\5c9cspyzare3296.dll
c:\windows\5cf85ownloz9er89.ocx
c:\windows\5d57addw95z432.ocx
c:\windows\5db9addzare992.cpl
c:\windows\5z5029pambot54.ocx
c:\windows\5z6fb5c9door3231.exe
c:\windows\60d7th9eat28z475.dll
c:\windows\6113back5ozr9212.exe
c:\windows\6133t5iez25089.cpl
c:\windows\61d4stezl93405.exe
c:\windows\63dcv9r15z6.cpl
c:\windows\644cste9l5155z.ocx
c:\windows\64z79tea52084.ocx
c:\windows\6532zpy9are2977.ocx
c:\windows\65aatz9ef2365.exe
c:\windows\65b095z886.bin
c:\windows\65b0spy5a9e32z3.exe
c:\windows\680fadzwa951953.exe
c:\windows\6892wozm5b9.cpl
c:\windows\6950zpyware1598.cpl
c:\windows\698ath5eat1464z.bin
c:\windows\69cbsp5wzre1132.bin
c:\windows\6a5695wnlzader1863.exe
c:\windows\6ab2a5dwaz91552.dll
c:\windows\6af4za5kdoor11979.bin
c:\windows\6b75b9ckdoor1z95.exe
c:\windows\6b79zi925905.ocx
c:\windows\6cfesteal574z9.dll
c:\windows\6df9zpywa5e2957.cpl
c:\windows\6e88s5a9ze1792.cpl
c:\windows\6ezadown9oad5r2770.bin
c:\windows\6f45d5wnloade931z1.exe
c:\windows\6z87backdoor24059.bin
c:\windows\71569hrezt13208.cpl
c:\windows\72299parse5z16.ocx
c:\windows\7255w5rm1z9.exe
c:\windows\73325owzloader1941.dll
c:\windows\7349steal26z35.exe
c:\windows\736b9ckdz5r1788.bin
c:\windows\74b7down5zader9569.dll
c:\windows\7503sp59are9z9.ocx
c:\windows\7512sp9zare120.exe
c:\windows\7553z9y58.ocx
c:\windows\7564thi9f1z23.cpl
c:\windows\7569azdware1570.exe
c:\windows\7591ste5l2862z.exe
c:\windows\7691vz5211.cpl
c:\windows\7950vi9z866.cpl
c:\windows\795edownload9z30165.bin
c:\windows\7cazth5ef9993.cpl
c:\windows\7d32sparze29735.exe
c:\windows\7d44zir3159.bin
c:\windows\7z99vi9580.ocx
c:\windows\8108not-z-vir5s519.cpl
c:\windows\8152sp5z749.ocx
c:\windows\820spars9z559.bin
c:\windows\825z9r752.dll
c:\windows\8397vi5uz9b8.dll
c:\windows\8560zpy963.bin
c:\windows\89379orm15az.ocx
c:\windows\902st5a9z035.exe
c:\windows\9036zor54d6.cpl
c:\windows\9040thief53z6.exe
c:\windows\9066t5oj3zf.dll
c:\windows\91453hzcktool758.exe
c:\windows\914z5spy652.bin
c:\windows\9156backdooz967.exe
c:\windows\92415worm3z.ocx
c:\windows\9295virus4z9.bin
c:\windows\93229hackz5ol633.cpl
c:\windows\9364not-a-zirus459.bin
c:\windows\9402backdo5rz008.exe
c:\windows\9495addware371z.bin
c:\windows\94z90w5rm77d.dll
c:\windows\9516spy115z.exe
c:\windows\9528spazbot4ca9.ocx
c:\windows\9537zspambot28d.cpl
c:\windows\95fv5r6z.bin
c:\windows\96055zamb9t42b.bin
c:\windows\96417wozm5d5.bin
c:\windows\97271woz5105.ocx
c:\windows\97325vir5s476z.bin
c:\windows\9850hacztoo9611.dll
c:\windows\9856downlzader2315.ocx
c:\windows\9879threat147z25.cpl
c:\windows\9898not-a-viruz3599.dll
c:\windows\98acspzrs52272.ocx
c:\windows\99155irz336.exe
c:\windows\9925wzr97a3.exe
c:\windows\993asteal1524z.exe
c:\windows\9952vizus6d.ocx
c:\windows\99785pzrse140.ocx
c:\windows\9c4c5ddware27z5.ocx
c:\windows\9c96threa5z88.exe
c:\windows\9e15ir276z.bin
c:\windows\9z51tro590.exe
c:\windows\9z809tr5j2f3.cpl
c:\windows\a3ethze524489.cpl
c:\windows\bcdsp5rsz22329.dll
c:\windows\c5aspywaz97585.exe
c:\windows\e45zpa9se917.exe

descriptionWinbluesoft infected EmptyRe: Winbluesoft infectedFri Jun 05, 2009 11:49 am

more_horiz
c:\windows\system32\1019spars52z12.cpl
c:\windows\system32\10382hac5tooz49.cpl
c:\windows\system32\107z5viru944d.dll
c:\windows\system32\10a2backdoor969z5.dll
c:\windows\system32\11189not-a-59rzs404.cpl
c:\windows\system32\1119steaz2345.ocx
c:\windows\system32\11330zot-a-vi5us2f9.ocx
c:\windows\system32\11754vir9z3e7.exe
c:\windows\system32\12528tro93z.bin
c:\windows\system32\12570tzo95105.bin
c:\windows\system32\125at5izf913.ocx
c:\windows\system32\1275s9ywaze168.exe
c:\windows\system32\1296spyzd05.dll
c:\windows\system32\13135h9cktool7z4.ocx
c:\windows\system32\133495iruz2ec.cpl
c:\windows\system32\13436h5cztool951.bin
c:\windows\system32\13902sp59zot335.bin
c:\windows\system32\13e05h9zat28893.ocx
c:\windows\system32\14546wzr9255.dll
c:\windows\system32\14941nzt-a-vi9us3595.dll
c:\windows\system32\15067n9t-a-virusz5d.bin
c:\windows\system32\152995arsez513.bin
c:\windows\system32\155z9troj1e5.ocx
c:\windows\system32\15627spamb9z2d1.cpl
c:\windows\system32\15647spydz9.exe
c:\windows\system32\1572z9ot5a-virus62e.cpl
c:\windows\system32\1584zhacktool95a.ocx
c:\windows\system32\1592zspy61.cpl
c:\windows\system32\15fzth5ef1098.dll
c:\windows\system32\16554hz5ktool49e.cpl
c:\windows\system32\16595ackdozr2794.ocx
c:\windows\system32\16695hackto5l3z09.dll
c:\windows\system32\16z46spam9o510e.bin
c:\windows\system32\16z88vir5s9c5.dll
c:\windows\system32\17052vir9s496z.dll
c:\windows\system32\17075w9zm5d1.ocx
c:\windows\system32\17799not-a-virzs6595.bin
c:\windows\system32\1899thze5t94960.dll
c:\windows\system32\19145viruz5bb.bin
c:\windows\system32\19263h5ckzool7c8.bin
c:\windows\system32\19305hazktool153.bin
c:\windows\system32\19474spamzo9c5.cpl
c:\windows\system32\19585hazktool271.exe
c:\windows\system32\1967hzckto9l115.bin
c:\windows\system32\19820not5a-z9rus5aa.exe
c:\windows\system32\19831spamboz145.exe
c:\windows\system32\1995stealz417.dll
c:\windows\system32\19a5downl9ad5r323z.ocx
c:\windows\system32\19z835o9m2de.exe
c:\windows\system32\1dza9ir24565.ocx
c:\windows\system32\1f1c9ownlzad5r1325.ocx
c:\windows\system32\1z161tro9353.ocx
c:\windows\system32\1z371not-9-vir5sfc.ocx
c:\windows\system32\1z3threat58959.bin
c:\windows\system32\1z4b9p5rse1696.dll
c:\windows\system32\203739pamboz15.exe
c:\windows\system32\206zs9eal5048.dll
c:\windows\system32\20zavi9251.exe
c:\windows\system32\21981not5a-virus76z.ocx
c:\windows\system32\22185h9cktool7z3.bin
c:\windows\system32\223525orm979z.ocx
c:\windows\system32\22812zirus53a9.ocx
c:\windows\system32\22f19z5640.exe
c:\windows\system32\232765izus694.bin
c:\windows\system32\23508wzrm549.bin
c:\windows\system32\2379z5rm259.exe
c:\windows\system32\23856spambztc79.ocx
c:\windows\system32\23933tzoj559.cpl
c:\windows\system32\23933v95usz14.dll
c:\windows\system32\23b3stezl15129.ocx
c:\windows\system32\23b5z9r1005.bin
c:\windows\system32\24255not-a-vir9s5z8.ocx
c:\windows\system32\24366not5a-viru98z.dll
c:\windows\system32\245dzh9eat19116.cpl
c:\windows\system32\24635spam9ot50z.exe
c:\windows\system32\247669zr56f8.dll
c:\windows\system32\24774hackto5lz8d9.dll
c:\windows\system32\2497759oj7aaz.dll
c:\windows\system32\2498th5zat10487.bin
c:\windows\system32\24z4hac9tool5ca.cpl
c:\windows\system32\2501a5dza9e582.bin
c:\windows\system32\251zdown9oader915.exe
c:\windows\system32\25314zroj3ff9.ocx
c:\windows\system32\25369zorm1159.ocx
c:\windows\system32\255cth9ezt17725.cpl
c:\windows\system32\25819zo9579a.ocx
c:\windows\system32\25915spy558z.exe
c:\windows\system32\261ha5kt9olz3a.bin
c:\windows\system32\268z2hackto9l593.exe
c:\windows\system32\26995viruz5b2.dll
c:\windows\system32\26zf5ir1494.cpl
c:\windows\system32\271645roj794z.dll
c:\windows\system32\27557t9oj50z.cpl
c:\windows\system32\275z9hackt5ol21.cpl
c:\windows\system32\2835z5py9e5.bin
c:\windows\system32\28785zorm593.cpl
c:\windows\system32\28830z9ambot251.ocx
c:\windows\system32\2890z95rus16.exe
c:\windows\system32\28955sp9m5ozc9.bin
c:\windows\system32\29005spy7aaz.bin
c:\windows\system32\292045py15z9.exe
c:\windows\system32\29351szy52c5.bin
c:\windows\system32\295z3sp5230.exe
c:\windows\system32\2964459rm3z9.dll
c:\windows\system32\29809v9zus7ce5.cpl
c:\windows\system32\29830hack9oo5z26.exe
c:\windows\system32\29f5viz2492.bin
c:\windows\system32\29z00s594f5.bin
c:\windows\system32\2a065hr9at69z7.dll
c:\windows\system32\2c35z9ief415.dll
c:\windows\system32\2c55s9arse1407z.ocx
c:\windows\system32\2e7thr5at4969z.dll
c:\windows\system32\2z094worm575.exe
c:\windows\system32\2z0spar9e2582.bin
c:\windows\system32\2z7139roj7e5.bin
c:\windows\system32\2z888wo954cd.cpl
c:\windows\system32\2z89dow5loader9964.bin
c:\windows\system32\2zb5spy5ar91645.ocx

descriptionWinbluesoft infected EmptyRe: Winbluesoft infectedFri Jun 05, 2009 11:50 am

more_horiz
c:\windows\system32\30251spy7z9.cpl
c:\windows\system32\30380no5-a-virusz92.cpl
c:\windows\system32\3051659cktoolz41.bin
c:\windows\system32\30582sz96b5.exe
c:\windows\system32\305cspyza9e5252.cpl
c:\windows\system32\3095szambot29d.cpl
c:\windows\system32\3114ba9kdooz5157.bin
c:\windows\system32\312cdo5nloazer5049.bin
c:\windows\system32\313z8tr5j797.dll
c:\windows\system32\31496trzj651.ocx
c:\windows\system32\31574not-a9viruz5c2.cpl
c:\windows\system32\3187z9r57d7.exe
c:\windows\system32\31974virz5995.bin
c:\windows\system32\31afaddw5re1932z.cpl
c:\windows\system32\320599acztoolc2.exe
c:\windows\system32\3246sparse259z.dll
c:\windows\system32\32535z9amb5t26.cpl
c:\windows\system32\32691zp55cf.dll
c:\windows\system32\3273v9r287z5.cpl
c:\windows\system32\32c59hreatz0485.ocx
c:\windows\system32\3310threz959818.exe
c:\windows\system32\347fspa5ze21569.ocx
c:\windows\system32\349bazkdoor2965.bin
c:\windows\system32\350dth9ez1181.cpl
c:\windows\system32\3533vir5z439.dll
c:\windows\system32\355dthie9z045.dll
c:\windows\system32\3566zddware904.exe
c:\windows\system32\35b9downloader154z.exe
c:\windows\system32\3633s95mbotz51.exe
c:\windows\system32\369baddware1585z.dll
c:\windows\system32\369esze5l28699.dll
c:\windows\system32\37759hreat1z248.exe
c:\windows\system32\3799sp5ware1z12.exe
c:\windows\system32\384b9hz5at13734.bin
c:\windows\system32\38585ackdoorz1759.cpl
c:\windows\system32\388c5teal967z.cpl
c:\windows\system32\3959stezl1454.dll
c:\windows\system32\3961zpywar512759.cpl
c:\windows\system32\39z69hac5tool7de.cpl
c:\windows\system32\39zvir3574.bin
c:\windows\system32\3b1ba5kdo9z2403.ocx
c:\windows\system32\3e1zba9kdoor2753.dll
c:\windows\system32\3e9dthz95384.cpl
c:\windows\system32\3f93stezl27995.exe
c:\windows\system32\3z749worm21f5.ocx
c:\windows\system32\3z97sp5ware2386.dll
c:\windows\system32\3z99addware17025.dll
c:\windows\system32\401cb95kdoorz281.ocx
c:\windows\system32\42609ac5door1z29.ocx
c:\windows\system32\4315spambo529z.cpl
c:\windows\system32\43dzd9wnloade52814.ocx
c:\windows\system32\43z99teal11385.ocx
c:\windows\system32\44aaba5kzoor3199.dll
c:\windows\system32\44z59roj524.dll
c:\windows\system32\45029ir275z.dll
c:\windows\system32\454cstezl9725.exe
c:\windows\system32\4550backdooz24139.bin
c:\windows\system32\4599downz9a5er904.bin
c:\windows\system32\468dspzwar91815.ocx
c:\windows\system32\47049hrea5z9042.dll
c:\windows\system32\488bsp9rsz2575.cpl
c:\windows\system32\48a1zd9ware1539.bin
c:\windows\system32\492d59wzloader2599.cpl
c:\windows\system32\49a2thr5at4709z.cpl
c:\windows\system32\4a95azdware2423.bin
c:\windows\system32\4a98zhi9f3045.ocx
c:\windows\system32\4bd0sp9w5re27z3.exe
c:\windows\system32\4d46t5reaz89909.bin
c:\windows\system32\4de3spy9arez258.bin
c:\windows\system32\4df45ownlozder9149.cpl
c:\windows\system32\4f56th5eat39497z.cpl
c:\windows\system32\4fz45ackdoor2598.dll
c:\windows\system32\5039zief2965.bin
c:\windows\system32\50593worm139z.exe
c:\windows\system32\5273add9are1z58.dll
c:\windows\system32\52e5s9eal32z1.ocx
c:\windows\system32\5366spy519z.dll
c:\windows\system32\53c9szars929555.ocx
c:\windows\system32\53fspzr9e17355.ocx
c:\windows\system32\54649irzs750.ocx
c:\windows\system32\549zroj490.dll
c:\windows\system32\54b2bac5doz92164.ocx
c:\windows\system32\54dzba9kdoor1495.ocx
c:\windows\system32\54z15worm49a.dll
c:\windows\system32\54z75py79.ocx
c:\windows\system32\551edownloa5zr1639.bin
c:\windows\system32\5522sparze9962.ocx
c:\windows\system32\5530spyw9re140z.dll
c:\windows\system32\553dspy5arez3169.exe
c:\windows\system32\5578s5arz9179.bin
c:\windows\system32\55999hief1z76.cpl
c:\windows\system32\55abzckdoor3097.exe
c:\windows\system32\55bdaddware17z79.bin
c:\windows\system32\5600ad9wa5e266z.bin
c:\windows\system32\5617noz-a-v9r5s556.exe
c:\windows\system32\5688thiz92551.cpl
c:\windows\system32\5708spamb5z42c9.dll
c:\windows\system32\5771spyzare5590.ocx
c:\windows\system32\577z6spambot9c.ocx
c:\windows\system32\57afs5a9sez792.dll
c:\windows\system32\581dthre5t19z999.bin
c:\windows\system32\5887s9azbot295.dll
c:\windows\system32\5892dzwnloader5849.dll
c:\windows\system32\58a4backdo9rz107.bin
c:\windows\system32\58aaspywzr59325.dll
c:\windows\system32\58fcth5ef2193z.exe
c:\windows\system32\5921backzoor5489.bin
c:\windows\system32\592zvi9use5.cpl
c:\windows\system32\5933backdzo5748.dll
c:\windows\system32\5989sp9mboz153.bin
c:\windows\system32\599395rzat29939.dll
c:\windows\system32\59963tzoj621.ocx
c:\windows\system32\59acthiefz311.ocx
c:\windows\system32\59bdvi52z309.exe
c:\windows\system32\59d5szeal1599.exe
c:\windows\system32\59d5zteal9595.ocx
c:\windows\system32\5a0as59az42.exe
c:\windows\system32\5a9caddwzre759.ocx
c:\windows\system32\5b45spzr9e1069.exe
c:\windows\system32\5bc5down9zader2995.exe
c:\windows\system32\5c5z9ow5loader1402.dll
c:\windows\system32\5cba5zr99.ocx
c:\windows\system32\5dbzback5o9r1036.dll
c:\windows\system32\5f98zhief500.ocx
c:\windows\system32\5z57spy579.dll
c:\windows\system32\5z94stea91237.cpl
c:\windows\system32\5zff9hreat1392.dll
c:\windows\system32\608zv5rus329.exe
c:\windows\system32\6294t5iez2526.cpl
c:\windows\system32\6429t95j3zb.cpl
c:\windows\system32\646zth5ef9302.ocx
c:\windows\system32\647a9teaz2365.bin
c:\windows\system32\6539addzare78.ocx
c:\windows\system32\6590zpyware21895.bin
c:\windows\system32\6599downloa9ez771.dll
c:\windows\system32\65c5thief14z29.cpl
c:\windows\system32\6793ad5ware327z.exe
c:\windows\system32\6799t5reat2643z.exe
c:\windows\system32\6894hazktool1145.exe
c:\windows\system32\6933tr5j162z.ocx
c:\windows\system32\69zdthrea5198409.dll
c:\windows\system32\6a34do5nloadez970.exe
c:\windows\system32\6a92spa5sz2447.dll
c:\windows\system32\6aefb9ckdzor2533.ocx
c:\windows\system32\6b5fthreaz8409.ocx
c:\windows\system32\6c2ezt5a91883.bin
c:\windows\system32\6c9cstza52737.exe
c:\windows\system32\6dz9addwa5e2779.cpl
c:\windows\system32\6eb9bzck5oor2214.cpl
c:\windows\system32\6efdownloade91956z.bin
c:\windows\system32\6fa1s9arse850z.exe
c:\windows\system32\6z985p9658.bin
c:\windows\system32\6z99thi5f3129.dll
c:\windows\system32\70479ackd5zr2164.bin
c:\windows\system32\711dthreaz99335.ocx
c:\windows\system32\71bcspzrs95133.exe
c:\windows\system32\7209a9dwar52651z.cpl
c:\windows\system32\7278ad5ware9196z.ocx
c:\windows\system32\733895ojz19.cpl
c:\windows\system32\73e5th9ez958.dll
c:\windows\system32\745zs9y2d4.cpl
c:\windows\system32\7479wor59za.cpl
c:\windows\system32\74e5s5ez91095.exe
c:\windows\system32\75125ddw9ze3006.cpl
c:\windows\system32\751zspywar938.exe
c:\windows\system32\75fczpyw9re1139.dll
c:\windows\system32\76c8bac9dooz5682.bin
c:\windows\system32\7705wozm9c9.exe
c:\windows\system32\782adzware1945.dll
c:\windows\system32\7939addwzre509.bin
c:\windows\system32\7a27addw5rz906.exe
c:\windows\system32\7c98downloadzr5992.dll
c:\windows\system32\7d5abackdzor9059.dll
c:\windows\system32\7e2sp5zse9908.cpl
c:\windows\system32\7e62baz5do9r231.exe
c:\windows\system32\7fcs5ywa9e23z9.exe
c:\windows\system32\7z16backdoor32695.cpl
c:\windows\system32\7z69download952765.exe
c:\windows\system32\7zf9ddware3574.dll
c:\windows\system32\8225zpamb9t2b1.dll
c:\windows\system32\8355nzt-a-vi5usa9.cpl
c:\windows\system32\856spaz9e1853.ocx
c:\windows\system32\8588viru9587z.dll
c:\windows\system32\89785pyz42.exe
c:\windows\system32\8zfa95ware1932.cpl
c:\windows\system32\90070hackto5z7e7.dll
c:\windows\system32\9054thiefz151.exe
c:\windows\system32\90937wzrm4005.dll
c:\windows\system32\91054noz-a-virus51d.ocx
c:\windows\system32\91b25ir435z.dll
c:\windows\system32\9215pywarez200.bin
c:\windows\system32\92deth5ef21z.ocx
c:\windows\system32\9351zvirus2e1.cpl
c:\windows\system32\935ste9l1986z.bin
c:\windows\system32\94495ownzoader2289.dll
c:\windows\system32\9450szambot592.dll
c:\windows\system32\95417not-a-v5rzs2ae.dll
c:\windows\system32\9545trojz18.exe
c:\windows\system32\9578zpyware2085.bin
c:\windows\system32\9582notza-virus711.cpl
c:\windows\system32\9583spy10z.cpl
c:\windows\system32\959cdownlza5er1280.exe
c:\windows\system32\95d8thiez3017.bin
c:\windows\system32\9608vir5729z.exe
c:\windows\system32\9659virus5cz.dll
c:\windows\system32\9704zpa9bot502.bin
c:\windows\system32\9712dowzloader3505.cpl
c:\windows\system32\9757spa9botc1z.dll
c:\windows\system32\9858szy509.ocx
c:\windows\system32\9956v5rus5zf.cpl
c:\windows\system32\9azcs5eal2464.cpl
c:\windows\system32\9c5fbzckdoor2306.bin
c:\windows\system32\9c5steaz2064.bin
c:\windows\system32\9c5szeal9762.dll
c:\windows\system32\9d53spywarz2301.exe
c:\windows\system32\9e3aspzware2255.exe
c:\windows\system32\9f56vir18z6.cpl
c:\windows\system32\9z176troj159.exe
c:\windows\system32\b29th5ezt871.cpl
c:\windows\system32\c95backdoo5z492.ocx
c:\windows\system32\d49h5ef227z.exe
c:\windows\system32\d53th9zf1894.exe
c:\windows\system32\drivers\gxvxcserv.sys
c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\f49zhreat53151.bin
c:\windows\system32\f599hzeat13918.dll
c:\windows\system32\f59zhief21155.bin
c:\windows\system32\setup2.exe
c:\windows\system32\z0319hacktool15f.dll
c:\windows\system32\z0752viru9659.bin
c:\windows\system32\z13b9h5eat11677.cpl
c:\windows\system32\z25cvi91366.dll
c:\windows\system32\z290st59l1710.bin
c:\windows\system32\z5935py72d.exe
c:\windows\system32\z5979spambot429.cpl
c:\windows\system32\z5e5pars9726.cpl
c:\windows\system32\z5fdvir9606.exe
c:\windows\system32\z717down9oader26355.bin
c:\windows\system32\z7295ac9tool5ee.dll
c:\windows\system32\z761spy9are32475.bin
c:\windows\system32\z9079wor59d.ocx
c:\windows\system32\z929spy7a65.dll
c:\windows\system32\z9dcspy5are490.exe
c:\windows\system32\za4athreat9655.cpl
c:\windows\system32\zbb05teal998.ocx
c:\windows\system32\zc14spy9are2599.exe
c:\windows\system32\zc3aaddwa5e1590.dll
c:\windows\system32\zddathie5695.dll
c:\windows\system32\ze76threat516919.ocx
c:\windows\z0651no9-a5virus43a.cpl
c:\windows\z1293virus635.cpl
c:\windows\z2502virus958.dll
c:\windows\z2dcthi59404.bin
c:\windows\z303backd5o92601.exe
c:\windows\z357spywa9e317.dll
c:\windows\z38dbac9doo51266.ocx
c:\windows\z42steal5955.exe
c:\windows\z445downloader9912.bin
c:\windows\z4795hief53.ocx
c:\windows\z58039pyd8.bin
c:\windows\z596addware51319.ocx
c:\windows\z5dcs9arse94.bin
c:\windows\z606spyware2519.dll
c:\windows\z62da5dwar92310.exe
c:\windows\z661v9r5.exe
c:\windows\z6bdspa9se7875.ocx
c:\windows\z705downloader53789.bin
c:\windows\z712spam5ot49c.exe
c:\windows\z792spywa5e1909.ocx
c:\windows\z795st5al798.cpl
c:\windows\z8869not-a-viru563.bin
c:\windows\z9059s5y55.ocx
c:\windows\z908addw5re1497.dll
c:\windows\z914v5r5099.exe
c:\windows\zc2ba9kdoor23685.cpl
c:\windows\zef4sp9rs53079.cpl
c:\windows\zf665par9e1982.bin

descriptionWinbluesoft infected EmptyRe: Winbluesoft infectedFri Jun 05, 2009 11:50 am

more_horiz
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.

2009-06-05 15:34 . 2009-06-05 15:34 -------- d-----w- C:\temp
2009-06-05 15:34 . 2009-06-05 15:34 -------- d-----w- \temp
2009-06-05 15:26 . 2009-06-05 15:37 -------- d-s---w- \Combo-Fix
2009-06-05 15:21 . 2009-06-05 15:21 6736 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2009-06-05 15:21 . 2009-06-05 15:26 -------- d-----w- \Qoobox
2009-06-05 14:28 . 2009-06-05 14:28 -------- d-----w- c:\program files\Trend Micro
2009-06-05 05:21 . 2009-06-05 05:21 -------- d-----w- c:\windows\system32\N360_BACKUP
2009-06-05 05:05 . 2009-06-05 05:05 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-05 05:04 . 2009-06-05 05:04 -------- d-----w- c:\users\Johnny\AppData\Roaming\Malwarebytes
2009-06-05 05:04 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 05:04 . 2009-06-05 05:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 05:04 . 2009-06-05 05:04 -------- d-----w- c:\programdata\Malwarebytes
2009-06-05 05:04 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 05:03 . 2009-06-05 15:36 2006994944 --sha-w- \hiberfil.sys
2009-06-05 02:09 . 2009-04-15 18:16 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVENG.SYS
2009-06-05 02:09 . 2009-04-15 18:16 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVEX15.SYS
2009-06-05 02:09 . 2009-04-15 18:16 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVENG32.DLL
2009-06-05 02:09 . 2009-04-15 18:16 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVEX32A.DLL
2009-06-05 02:09 . 2009-04-15 18:16 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\ERASER.SYS
2009-06-05 02:09 . 2009-04-15 18:16 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\EECTRL.SYS
2009-06-05 02:09 . 2009-04-15 18:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\ECMSVR32.DLL
2009-06-05 02:09 . 2009-04-15 18:16 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\CCERASER.DLL
2009-06-04 16:09 . 2009-04-15 18:16 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\NAVENG.SYS
2009-06-04 16:09 . 2009-04-15 18:16 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\NAVEX15.SYS
2009-06-04 16:09 . 2009-04-15 18:16 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\EECTRL.SYS
2009-06-04 16:09 . 2009-04-15 18:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\ECMSVR32.DLL
2009-06-04 16:09 . 2009-04-15 18:16 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\CCERASER.DLL
2009-06-04 16:09 . 2009-04-15 18:16 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\NAVENG32.DLL
2009-06-04 16:09 . 2009-04-15 18:16 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\NAVEX32A.DLL
2009-06-04 16:09 . 2009-04-15 18:16 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.002\ERASER.SYS
2009-06-04 00:35 . 2009-06-04 00:35 -------- d-----w- c:\programdata\Electronic Arts
2009-06-03 21:40 . 2009-06-03 21:40 10134 ----a-r- c:\users\Johnny\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-03 21:40 . 2009-06-03 21:40 -------- d-----w- c:\program files\Microsoft WSE
2009-06-03 21:23 . 2009-06-03 21:41 -------- d-----w- c:\program files\Electronic Arts
2009-06-03 21:16 . 2009-06-03 21:16 680 ----a-w- c:\users\Johnny\AppData\Local\d3d9caps.dat
2009-06-01 06:43 . 2009-06-01 06:43 -------- d-----w- c:\program files\DVDFab 5
2009-05-31 21:24 . 2009-05-31 21:24 -------- d-----w- c:\users\Johnny\AppData\Roaming\VistaCodecs
2009-05-31 21:24 . 2009-05-31 21:24 -------- d-----w- c:\program files\VistaCodecPack
2009-05-31 21:22 . 2009-05-31 21:24 -------- d-----w- c:\programdata\VistaCodecs
2009-05-29 21:52 . 2009-05-29 21:52 204800 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:47 . 2009-05-29 21:47 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-29 18:42 . 2009-04-28 04:14 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSxpx86.dll
2009-05-29 18:42 . 2009-04-28 04:14 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\Scxpx86.dll
2009-05-29 18:42 . 2009-04-28 04:14 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSviA64.sys
2009-05-29 18:42 . 2009-04-28 04:14 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSvix86.sys
2009-05-29 18:42 . 2009-04-28 04:14 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSco.sys
2009-05-29 18:42 . 2009-04-28 04:14 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSI.dll
2009-05-29 18:42 . 2009-04-28 04:14 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDS9xx86.dll
2009-05-29 10:11 . 2009-05-29 10:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-25 17:34 . 2009-05-25 17:34 -------- d-----w- c:\users\Johnny\AppData\Local\Real
2009-05-25 17:29 . 2009-05-25 17:29 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-25 17:29 . 2009-05-25 17:29 -------- d-----w- c:\program files\Real
2009-05-25 17:29 . 2009-05-25 17:29 -------- d-----w- c:\program files\Common Files\Real
2009-05-20 22:47 . 2009-04-28 04:14 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSxpx86.dll
2009-05-20 22:47 . 2009-04-28 04:14 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\Scxpx86.dll
2009-05-20 22:47 . 2009-04-28 04:14 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSviA64.sys
2009-05-20 22:47 . 2009-04-28 04:14 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSvix86.sys
2009-05-20 22:47 . 2009-04-28 04:14 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\SymIDSco.sys
2009-05-20 22:47 . 2009-04-28 04:14 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\SymIDSI.dll
2009-05-20 22:47 . 2009-04-28 04:14 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDS9xx86.dll
2009-05-17 19:36 . 2009-05-17 19:36 -------- d-----w- c:\programdata\SpinTop Games
2009-05-17 19:27 . 2009-05-17 19:27 -------- d-----w- c:\programdata\HipSoft
2009-05-16 23:26 . 2009-05-16 23:26 -------- d-----w- c:\program files\Apollo DivX to DVD Creator
2009-05-11 17:40 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-10 04:17 . 2009-05-11 01:44 -------- d-----w- c:\users\Johnny\AppData\Roaming\Digidesign
2009-05-10 04:17 . 2009-05-10 04:17 -------- d-----w- C:\Digidesign Databases
2009-05-10 04:17 . 2009-05-10 04:17 -------- d-----w- \Digidesign Databases
2009-05-10 03:15 . 2007-10-31 05:34 196608 ----a-w- c:\windows\system32\Digi32.dll
2009-05-10 03:03 . 2009-03-03 04:46 3547632 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-05-10 03:02 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-05-10 03:02 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-05-10 03:02 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-05-10 03:00 . 2008-12-05 04:32 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-05-10 03:00 . 2008-12-05 04:32 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-05-10 02:59 . 2009-04-15 18:16 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX15.SYS
2009-05-10 02:59 . 2009-04-15 18:16 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG32.DLL
2009-05-10 02:59 . 2009-04-15 18:16 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX32A.DLL
2009-05-10 02:59 . 2009-04-15 18:16 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG.SYS
2009-05-10 02:59 . 2009-04-15 18:16 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\EECTRL.SYS
2009-05-10 02:59 . 2009-04-15 18:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ECMSVR32.DLL
2009-05-10 02:59 . 2009-04-15 18:16 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\CCERASER.DLL
2009-05-10 02:59 . 2009-04-15 18:16 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.SYS
2009-05-10 02:59 . 2008-11-01 03:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-05-10 02:59 . 2008-11-01 01:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-10 02:59 . 2008-03-08 04:21 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-05-10 02:58 . 2008-04-26 08:08 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-05-10 02:58 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2009-05-10 02:58 . 2008-06-23 01:59 2868736 ----a-w- c:\windows\system32\mf.dll
2009-05-10 02:58 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-05-10 02:58 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2009-05-10 02:58 . 2008-10-21 05:25 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-05-10 02:58 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-05-10 02:58 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-05-10 02:58 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-05-10 02:50 . 2008-09-10 03:40 1334272 ----a-w- c:\windows\system32\msxml6.dll
2009-05-10 02:44 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-10 02:44 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-10 02:44 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-05-10 02:44 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-10 02:43 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-10 02:43 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-10 02:43 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-05-10 02:42 . 2008-10-16 19:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-05-10 02:42 . 2008-10-16 18:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-05-10 02:42 . 2009-05-10 02:42 -------- d-----w- c:\users\Johnny\AppData\Local\Symantec
2009-05-10 02:42 . 2009-05-14 02:18 -------- d-----w- c:\users\Johnny\AppData\Roaming\DivX
2009-05-10 02:17 . 2009-05-10 02:17 -------- d-----w- c:\users\Johnny\AppData\Roaming\PACE Anti-Piracy
2009-05-10 02:17 . 2009-05-10 02:17 -------- d-----w- c:\programdata\PACE Anti-Piracy
2009-05-10 02:17 . 2009-05-10 02:17 -------- d-----w- c:\users\Johnny\AppData\Local\PACE Anti-Piracy
2009-05-10 01:54 . 2009-05-10 02:18 -------- d-----w- c:\users\Johnny\AppData\Roaming\Download Manager
2009-05-10 01:02 . 2009-05-09 23:45 -------- d-----w- c:\windows\Panther
2009-05-10 01:02 . 2009-05-02 18:41 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-10 01:02 . 2007-11-09 22:00 23640 ----a-w- c:\windows\system32\drivers\TVALZ_O.SYS
2009-05-10 01:02 . 2008-07-28 23:53 919552 ----a-w- c:\windows\system32\drivers\athr.sys
2009-05-10 01:02 . 2007-12-07 02:12 196400 ----a-w- c:\windows\system32\drivers\SynTP.sys
2009-05-10 01:02 . 2007-12-07 02:12 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2009-05-10 01:02 . 2007-12-07 01:20 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2009-05-10 01:02 . 2007-12-07 01:09 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2009-05-10 01:02 . 2007-12-07 01:08 163840 ----a-w- c:\windows\system32\SynCOM.dll
2009-05-10 01:02 . 2006-03-09 17:58 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2009-05-10 00:52 . 2009-05-10 00:52 -------- d--h--w- C:\$WINDOWS.~Q
2009-05-10 00:52 . 2009-05-10 00:52 -------- d--h--w- \$WINDOWS.~Q
2009-05-10 00:47 . 2009-05-10 00:47 -------- d--h--w- C:\$INPLACE.~TR
2009-05-10 00:47 . 2009-05-10 00:47 -------- d--h--w- \$INPLACE.~TR
2009-05-10 00:31 . 2009-05-10 00:31 -------- d-----w- c:\program files\InterLok

descriptionWinbluesoft infected EmptyRe: Winbluesoft infectedFri Jun 05, 2009 11:51 am

more_horiz
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 15:38 . 2009-05-02 03:03 -------- d-----w- c:\users\Johnny\AppData\Roaming\Skype
2009-06-05 15:38 . 2009-05-02 03:06 -------- d-----w- c:\users\Johnny\AppData\Roaming\skypePM
2009-06-05 15:36 . 2009-06-05 05:03 2006994944 --sha-w- \hiberfil.sys
2009-06-05 15:36 . 2009-03-06 14:36 2322862080 --sha-w- \pagefile.sys
2009-06-05 00:06 . 2009-05-02 16:21 -------- d-----w- c:\users\Johnny\AppData\Roaming\uTorrent
2009-06-04 21:46 . 2009-05-02 18:41 -------- d-----w- c:\users\Johnny\AppData\Roaming\Vso
2009-06-03 21:23 . 2008-09-30 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-01 06:43 . 2009-05-02 18:41 47360 ----a-w- c:\users\Johnny\AppData\Roaming\pcouffin.sys
2009-06-01 06:43 . 2009-05-02 18:41 47360 ----a-w- c:\users\Johnny\AppData\Roaming\pcouffin.sys
2009-05-26 15:18 . 2009-05-02 23:32 -------- d-----w- c:\users\Johnny\AppData\Roaming\TOSHIBA
2009-05-26 03:58 . 2008-09-30 19:09 -------- d-----w- c:\programdata\WildTangent
2009-05-26 03:55 . 2009-05-04 20:41 1608016 ----a-w- c:\programdata\WildTangent\TOSHIBA Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2009-05-26 03:55 . 2008-09-30 19:09 -------- d-----w- c:\program files\TOSHIBA Games
2009-05-25 17:28 . 2008-09-30 19:33 -------- d-----w- c:\program files\Google
2009-05-15 15:18 . 2009-05-03 19:01 -------- d-----w- c:\users\Johnny\AppData\Roaming\Ahead
2009-05-14 08:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-11 22:29 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-09 23:33 . 2009-05-03 22:29 -------- d-----w- c:\users\Johnny\AppData\Roaming\WildTangent
2009-05-09 23:33 . 2009-05-02 03:51 -------- d-----w- c:\users\Johnny\AppData\Roaming\Symantec
2009-05-09 23:24 . 2008-09-30 19:20 -------- d-----w- c:\programdata\Ulead Systems
2009-05-09 23:24 . 2008-09-30 19:43 -------- d-----w- c:\programdata\Symantec
2009-05-09 23:24 . 2008-09-30 19:03 -------- d-----w- c:\programdata\Toshiba
2009-05-09 23:24 . 2009-05-02 03:02 -------- d-----w- c:\programdata\Skype
2009-05-09 23:24 . 2009-05-03 19:20 -------- d-----w- c:\programdata\Nero
2009-05-09 23:24 . 2009-03-06 14:47 -------- d-----w- c:\programdata\Microsoft Help
2009-05-09 23:24 . 2009-05-03 19:23 -------- d-----w- c:\programdata\Ahead
2009-05-09 23:24 . 2009-03-06 15:10 -------- d-----w- c:\programdata\Atheros
2009-05-09 23:23 . 2009-05-02 16:43 -------- d-----w- c:\program files\VstPlugins
2009-05-09 23:23 . 2008-09-30 19:24 -------- d-----w- c:\program files\Windows Media Components
2009-05-09 23:23 . 2009-05-02 16:22 -------- d-----w- c:\program files\uTorrent
2009-05-09 23:23 . 2008-09-30 19:20 -------- d-----w- c:\program files\Ulead Systems
2009-05-09 23:23 . 2008-09-30 19:15 -------- d-----w- c:\program files\Toshiba Registration
2009-05-09 23:18 . 2008-09-30 17:56 -------- d-----w- c:\program files\Toshiba
2009-05-09 23:17 . 2008-09-30 19:44 -------- d-----w- c:\program files\Symantec
2009-05-09 23:17 . 2009-05-02 03:47 -------- d-----w- c:\program files\Sony
2009-05-09 23:16 . 2009-05-02 03:03 -------- d-----r- c:\program files\Skype
2009-05-09 23:16 . 2008-09-30 18:58 -------- d-----w- c:\program files\Realtek
2009-05-09 23:16 . 2008-09-30 19:34 -------- d-----w- c:\program files\Picasa2
2009-05-09 23:16 . 2009-05-02 16:42 -------- d-----w- c:\program files\Outsim
2009-05-09 23:16 . 2008-09-30 19:46 -------- d-----w- c:\program files\Norton 360
2009-05-09 23:16 . 2009-05-03 19:20 -------- d-----w- c:\program files\Nero
2009-05-09 23:16 . 2009-03-06 14:50 -------- d-----w- c:\program files\Microsoft Works
2009-05-09 23:16 . 2009-03-06 14:49 -------- d-----w- c:\program files\Microsoft.NET
2009-05-09 23:16 . 2009-03-06 14:54 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant
2009-05-09 23:15 . 2009-03-06 15:12 -------- d-----w- c:\program files\Jumpstart
2009-05-09 23:15 . 2009-03-06 15:03 -------- d-----w- c:\program files\ltmoh
2009-05-09 23:15 . 2008-09-30 19:28 -------- d-----w- c:\program files\Java
2009-05-09 23:15 . 2008-09-30 19:27 -------- d-----w- c:\program files\Intuit
2009-05-09 23:15 . 2008-09-30 19:25 -------- d-----w- c:\program files\InterVideo
2009-05-09 23:15 . 2008-09-30 18:56 -------- d-----w- c:\program files\Intel
2009-05-09 23:15 . 2009-05-02 16:41 -------- d-----w- c:\program files\Image-Line
2009-05-09 23:11 . 2009-05-03 18:57 -------- d-----w- c:\program files\Ahead
2009-05-09 23:11 . 2009-05-02 16:43 -------- d-----w- c:\program files\ASIO4ALL v2
2009-05-09 23:11 . 2009-03-06 15:10 -------- d-----w- c:\program files\Atheros
2009-05-02 03:51 . 2009-05-02 03:51 13 --sha-r- c:\windows\system32\drivers\fbd.sys
2009-05-02 03:51 . 2009-05-02 03:51 4 --sha-r- c:\windows\system32\drivers\taishop.sys
2009-05-02 03:12 . 2008-09-30 19:44 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-02 03:12 . 2008-09-30 19:44 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-02 03:12 . 2008-09-30 19:44 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 04:14 . 2009-05-02 03:13 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDS9xx86.dll
2009-04-28 04:14 . 2008-09-30 19:48 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\idsxpx86.dll
2009-04-28 04:14 . 2008-09-30 19:48 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\scxpx86.dll
2009-04-28 04:14 . 2008-09-30 19:48 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvia64.sys
2009-04-28 04:14 . 2008-09-30 19:48 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvix86.sys
2009-04-28 04:14 . 2008-09-30 19:48 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\symidsco.sys
2009-04-28 04:14 . 2008-09-30 19:48 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\SymIDSI.dll
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-01 04:46 . 2008-02-23 19:07 9584 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-03-30 06:57 . 2009-03-30 06:57 62149 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-03-17 03:38 . 2009-05-10 02:57 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-05-10 02:57 24064 ----a-w- c:\windows\system32\amxread.dll

descriptionWinbluesoft infected EmptyRe: Winbluesoft infectedFri Jun 05, 2009 11:52 am

more_horiz
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-30 29744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=Digi32.dll
"midi1"=mbx2midu.dll
"MIDI2"=diomidi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{251D7A40-9C29-4489-8DCF-9BF36553A7F3}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{9F0A77B6-F95B-426D-B1A7-7B544D56FAE1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{935C58F4-343A-4BC5-8743-415371261A3F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E1FD762A-DD31-4944-9697-1A4E98144639}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0C1DE576-0D18-4D2C-90E1-553038F0A2E9}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090528.001\IDSvix86.sys [5/29/2009 1:42 PM 272432]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [4/17/2008 2:19 AM 40960]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\System32\drivers\diginet.sys [5/9/2009 10:14 PM 16400]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 7:37 AM 149352]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [9/30/2008 2:16 PM 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 8:03 PM 126976]
R3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [1/12/2008 2:32 PM 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/1/2009 10:13 PM 101936]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [5/9/2009 8:01 PM 7168]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 2:31 PM 41008]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [3/6/2009 10:12 AM 20384]
S2 gupdate1c9dd5e2e428ee0;Google Update Service (gupdate1c9dd5e2e428ee0);c:\program files\Google\Update\GoogleUpdate.exe [5/25/2009 12:28 PM 133104]
S3 dalwdmservice;dal service;c:\windows\System32\drivers\Dalwdm.sys [5/9/2009 10:14 PM 97808]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/30/2008 2:33 PM 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [3/6/2009 10:12 AM 954368]
S3 MBX2DFU;MBX2DFU;c:\windows\System32\drivers\mbx2dfu.sys [5/9/2009 10:14 PM 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\System32\drivers\mbx2midk.sys [5/9/2009 10:14 PM 21904]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [9/30/2008 4:00 PM 9216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-06-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 17:27]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TkBellExe - c:\program files\VistaCodecPack\rm\Update_OB\realsched.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 10:37
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Common Client\ccService\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_ccAppPlgMgr_3772"="{052156DA-638A-4F5D-94F8-7D647ED62C2F}"
"ccSvcHst_Seshlp_3772"="{052156DA-638A-4F5D-94F8-7D647ED62C2F}"
"ccSvcHst_ccAppPlgMgr_3784"="{B44A6F49-0472-4D87-9AE1-BAE72AC9039F}"
"ccSvcHst_ccAppPlgMgr_3640"="{B5D3E9DC-8F8A-4610-9846-46915B8F6C9E}"
"ccSvcHst_ccAppPlgMgr_3688"="{D157E57F-74AA-4479-B8B3-3298383063C9}"
"ccSvcHst_Seshlp_3688"="{D157E57F-74AA-4479-B8B3-3298383063C9}"
"ccSvcHst_ccAppPlgMgr_3532"="{BDDEDE90-FAC6-4967-A871-332AB4350187}"
"ccSvcHst_Seshlp_3532"="{BDDEDE90-FAC6-4967-A871-332AB4350187}"
"ccSvcHst_ccAppPlgMgr_3868"="{16D0B98E-B377-4810-9416-C09F8FF99655}"
"ccSvcHst_Seshlp_3868"="{16D0B98E-B377-4810-9416-C09F8FF99655}"
"ccSvcHst_ccAppPlgMgr_3768"="{EA7190B8-3360-46F7-ABC6-DD818BB574D5}"
"ccSvcHst_Seshlp_3768"="{EA7190B8-3360-46F7-ABC6-DD818BB574D5}"
"ccSvcHst_ccSetMgr"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"ccSvcHst_CLTNetCnService"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"cltIPCServer_Channel"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"ccSettingsService"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineCallbackIPC"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"SNDServiceRequestChannel"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"SNDLocationChannel"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"ccSvcHst_LiveUpdate Notice"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"ccSvcHst_ccEvtMgr"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"ccEvtCli"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"NortonNetServiceIPC"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"NetMapServiceIPC"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"_tpDataSvcComm_"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"ShieldDataServiceChannel"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"IPS_COMMAND_CHANNEL"="{A4AAF8D5-E53C-4EA9-97BD-5A85B78B6514}"
"ccSvcHst_Seshlp_3876"="{5D150339-C87D-4D9E-9E85-D481A6D83AE6}"
"ccSvcHst_ccAppPlgMgr_3876"="{5D150339-C87D-4D9E-9E85-D481A6D83AE6}"
"ToasterNotify\\SessionID_1"="{2E332008-B37E-4408-B3A7-B036E9A3F74B}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{2E332008-B37E-4408-B3A7-B036E9A3F74B}"
"ccSvcHst_Seshlp_2944"="{2E332008-B37E-4408-B3A7-B036E9A3F74B}"
"ccSvcHst_ccAppPlgMgr_2944"="{2E332008-B37E-4408-B3A7-B036E9A3F74B}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\igfxext.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-06-05 10:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-05 15:41

Pre-Run: 108,975,357,952 bytes free
Post-Run: 108,598,382,592 bytes free

1123 --- E O F --- 2009-05-14 08:01

descriptionWinbluesoft infected EmptyRe: Winbluesoft infectedFri Jun 05, 2009 2:23 pm

more_horiz
Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Folder::
c:\program files\uTorrent

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{251D7A40-9C29-4489-8DCF-9BF36553A7F3}"=-
"{9F0A77B6-F95B-426D-B1A7-7B544D56FAE1}"=-


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Winbluesoft infected Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Winbluesoft infected DXwU4
Winbluesoft infected VvYDg

descriptionWinbluesoft infected EmptyRe: Winbluesoft infected

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum