Removing Winbluesoft ((Please help me!))

Unfortunately, my computer has become infected with the Winbluesoft virus that seems to be giving so many people problems lately. I could definately use some help getting rid of it.

At the moment I'm typing this from a different computer since I can't access the internet from the infected computer. That means I can't download any needed programs or updates onto the infected computer. I can tranfer files to it from this computer though.
Also, both computers are using Vista.

Edit: I'm running the infected computer in safe mode. I am unable to do anything with it in normal mode.

Last edited by tifa54321 on 3rd June 2009, 6:11 pm; edited 1 time in total (Reason for editing : Messed around with my computer a bit and got a new HijackThis log to post.)

I finally got Malwarebytes working on the infected computer. After doing both a quick scan and a full scan, I managed to remove 3 files. It didn't help my problem with Winbluesoft though.

I ran HijackThis again since I wasn't sure deleting those files would change the log or not. Here's my new log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:57 AM, on 6/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\helppane.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Izumi\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236957017165&h=953df9eb8f3c5d6a135a96f27bb0b9a4/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - B:\HmelyoffLabs\VHToolkit\Skype4COM.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: blocker.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8631 bytes

Hello.

I see that you are running BitTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If BitTorrent is not removed, then I won't help you.

If you choose to follow my recommendation then follow these instructions.

• Click Start >> Control Panel.
  
• Under the Programs click Uninstall a Program
  
• Highlight BitTorrent
  
• Click on the Uninstall/Change button at the top.
  

Now we can try and sort this mess out.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Delete a file on reboot..."
  
• Then find and select this file: C:\windows\system32\blocker.dll
  
• Select okay and select yes to reboot.
  

You can boot back to normal mode now, that blocker.dll is the problem blocking software, and Hijack This will delete it. We can clean the mess in normal mode then.

• Once back in normal mode, open HijackThis again.
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
  O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Izumi\Program Files\DNA\btdna.exe"
  O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
  O20 - AppInit_DLLs: blocker.dll
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Once that is done, let me know.

Okay, I'm done with that.

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV. (Mcafee)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

((It's a long file. It will take 2 or 3 posts to get it all.))

ComboFix 09-06-03.01 - Izumi 06/03/2009 12:10.1 - NTFSx86
Microsoft Windows Vista Business 6.0.6001.1.1252.1.1033.18.2046.1178 [GMT -7:00]
Running from: c:\users\Izumi\Desktop\Combo-Fix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10045tzo54e9.bin
c:\windows\1005zhack9oo519d.ocx
c:\windows\1023dzwnload9r3518.cpl
c:\windows\10890troz245.ocx
c:\windows\1090spzm9ot159.exe
c:\windows\109as9e5z3148.ocx
c:\windows\1159zha9ktool565.cpl
c:\windows\116z8v5ru9195.ocx
c:\windows\11794w5rm505z.dll
c:\windows\11a1ad5w9ze2558.bin
c:\windows\12377h9cktzol25e.cpl
c:\windows\1263sparsz19615.cpl
c:\windows\12854virus9fz5.exe
c:\windows\13408hac59ooz315.exe
c:\windows\1353hac5zo9l3ca.exe
c:\windows\13625ha9z5ool6bb.cpl
c:\windows\13d9addwarez589.bin
c:\windows\14459spy516z.exe
c:\windows\1449stez92523.cpl
c:\windows\14529roj552z.bin
c:\windows\14559orz5d5.dll
c:\windows\1532zspam9ot19.cpl
c:\windows\1545zr95618.dll
c:\windows\1553threat91z.bin
c:\windows\156zpa9bot25e.cpl
c:\windows\15919s5ambot3cz.exe
c:\windows\15972trzj33.bin
c:\windows\159zorm4b39.ocx
c:\windows\15edzddware9175.cpl
c:\windows\15eeaddw5rz59.ocx
c:\windows\15zthief2039.dll
c:\windows\16192wo5z593.dll
c:\windows\16646w5zm53e9.dll
c:\windows\168525ot-a-v9rusz1f.dll
c:\windows\169fzir1516.ocx
c:\windows\16z92ha5kto9l64e.dll
c:\windows\171695ormz6f.bin
c:\windows\17654zpy509.bin
c:\windows\177z1sp5697.exe
c:\windows\1812tzo9435.bin
c:\windows\18489virz523f9.dll
c:\windows\185949zambot7fb5.dll
c:\windows\18737spy6z59.exe
c:\windows\1878not9a-virus5z5.cpl
c:\windows\18894spa9bo568az.cpl
c:\windows\18959hacktzol6ed.cpl
c:\windows\190235azktool3a99.dll
c:\windows\19069troj755z.dll
c:\windows\1907threz57760.cpl
c:\windows\195zst5al2666.ocx
c:\windows\19629spam5ot3zd.dll
c:\windows\19689wo9m655z.dll
c:\windows\1971ad9wzre15225.ocx
c:\windows\19eadd5arez69.bin
c:\windows\1a61spars91z58.exe
c:\windows\1ae69zyware2755.exe
c:\windows\1az0bac9d5or887.dll
c:\windows\1b95zpyware954.cpl
c:\windows\1z05s9y2b4.ocx
c:\windows\1z395vi9us57c.dll
c:\windows\1z683sp94d5.exe
c:\windows\1z795troj2f5.cpl
c:\windows\1z911t9oj750.ocx
c:\windows\1z99sp5mbot3fc.dll
c:\windows\1z9athief3057.bin
c:\windows\1zb5vir5759.dll
c:\windows\20025pazse983.dll
c:\windows\20185t5oz498.bin
c:\windows\20530notza-59rus173.bin
c:\windows\20558n5t-z-v9rus5d8.bin
c:\windows\205629irus6az.cpl
c:\windows\20689ot-azvi5us75d.cpl
c:\windows\207345pz937.dll
c:\windows\20c59teal587z.exe
c:\windows\20cstezl2951.exe
c:\windows\220859ackzool415.ocx
c:\windows\2222hack9oo5z1.ocx
c:\windows\22510zorm974.bin
c:\windows\228349pa5zot565.ocx
c:\windows\22956zpyfe.cpl
c:\windows\22bzbac9do5r2691.ocx
c:\windows\22z54ha9ktool3d7.bin
c:\windows\231z8s5am9ot5a7.exe
c:\windows\23b3spa5se9245z.cpl
c:\windows\24095spamb5t99z.bin
c:\windows\24528vizus6db9.ocx
c:\windows\248475pa9bot25z.bin
c:\windows\24925spambot7zd9.ocx
c:\windows\249845ot-a-viruz29f.cpl
c:\windows\24986zot-a-vi5us86.cpl
c:\windows\24z57not-9-virus32e.ocx
c:\windows\252zvi92155.ocx
c:\windows\25389tzoj295.cpl
c:\windows\2539threaz31192.ocx
c:\windows\25531w5rm439z.cpl
c:\windows\256565zrm918.cpl
c:\windows\256z9sp9mbot3b4.ocx
c:\windows\25730tr9j5za5.cpl
c:\windows\2578add9are2z79.cpl
c:\windows\25982worz4cc.cpl
c:\windows\25z155roj699.bin
c:\windows\261035pam9oz58f.ocx
c:\windows\265z09i5us29c.cpl
c:\windows\26908zorm1f5.exe
c:\windows\2721ztr9j6d5.bin
c:\windows\272395pzmbot30e.cpl
c:\windows\27309n5t-a-virus459z.cpl
c:\windows\27350hackzo9l13b.cpl
c:\windows\27z89t9o59b.exe
c:\windows\2900zsp5489.ocx
c:\windows\29112tzo534.ocx
c:\windows\29119hackz5ol17.dll
c:\windows\29257not-9-virzs255.cpl
c:\windows\29653sp54zd.dll
c:\windows\29804noz-a-virus15a9.exe
c:\windows\298155iruszc.exe
c:\windows\298ezownl59der2659.exe
c:\windows\29965tea92975z.bin
c:\windows\2c2athief1509z.cpl
c:\windows\2d9tzie52865.exe
c:\windows\2e89dzwnloader1475.exe
c:\windows\2ec49hreat51z45.ocx
c:\windows\2f945pyware1244z.dll
c:\windows\2z355hac9tool60f.bin
c:\windows\2z508spy5a09.cpl
c:\windows\2z510worm974.cpl
c:\windows\2z725worm1e49.cpl
c:\windows\2z795worm55f.dll
c:\windows\2zc9downloade93255.dll
c:\windows\2zdbaddwar51559.exe
c:\windows\2zf5spyware9482.exe
c:\windows\3011troj59ez.ocx
c:\windows\30255zirus3829.exe
c:\windows\302fzpywar91528.cpl
c:\windows\30719spzmbot6405.dll
c:\windows\3096zvirus1e15.exe
c:\windows\31403s9yz5.ocx
c:\windows\314zsparse95.dll
c:\windows\32519s95z90.exe
c:\windows\32639spzmbot985.ocx
c:\windows\329ad5wzloa9er2295.dll
c:\windows\329z9troj7395.ocx
c:\windows\3409hack95ol6ez.bin
c:\windows\3434t9re5t26768z.cpl
c:\windows\343zth5eat31929.exe
c:\windows\3493thzef2256.cpl
c:\windows\34zsp5wa9e1760.ocx
c:\windows\35685p9rse17z5.ocx
c:\windows\3598addware1125z.ocx
c:\windows\35a1spzrse27295.ocx
c:\windows\360zspars95669.bin
c:\windows\3714z59mbot373.cpl
c:\windows\372dspa5se916z.cpl
c:\windows\389aaddz5re2502.bin
c:\windows\3935sparse9z5.exe
c:\windows\396fthre5tz1406.dll
c:\windows\39849roz75d.dll
c:\windows\39zet5ief1504.cpl
c:\windows\3ac5do9nloaz5r2353.cpl
c:\windows\3d7eadzwa5e1999.cpl
c:\windows\3d9d9hi5f1190z.ocx
c:\windows\3e09sparze5359.dll
c:\windows\3ee5zackdoor339.exe
c:\windows\3f405teaz9135.ocx
c:\windows\3f4f5parze1693.ocx
c:\windows\3z35spy9ar5168.ocx
c:\windows\3zb9backd5or3107.ocx
c:\windows\4039thze51117.ocx
c:\windows\4043wormz9a5.bin
c:\windows\4156stza9366.dll
c:\windows\43z3w5rm49d.bin
c:\windows\45599pz434.dll
c:\windows\4599szyware224.ocx
c:\windows\4650stza93205.cpl
c:\windows\4655o9z7a4.exe
c:\windows\46z1d59nloader2406.cpl
c:\windows\4755spamz5t189.cpl
c:\windows\476bth95zt24840.cpl
c:\windows\48075zdwa9e1594.dll
c:\windows\4851vir3z98.cpl
c:\windows\48bddownloader98z15.cpl
c:\windows\48z7back5o9r90.exe
c:\windows\493ebazk5oor1938.bin
c:\windows\4945downloazer3026.ocx
c:\windows\4966spzrse565.ocx
c:\windows\498vz95s751.dll
c:\windows\4998bzck5oo92287.bin
c:\windows\4aa1down5oaderz1639.bin
c:\windows\4ae495ckdoor22z5.ocx
c:\windows\4b90sparse58z9.exe
c:\windows\4b9ethr5at985z.ocx
c:\windows\4d1cstzal9455.bin
c:\windows\4e3dthr5az19923.exe
c:\windows\4ecest59l2z10.dll
c:\windows\4ee4szarse5296.cpl
c:\windows\4f3cthrez525964.dll
c:\windows\4fdfdownlz9d5r2274.dll
c:\windows\4zedadd9are2005.exe
c:\windows\50234zirus9ab.exe
c:\windows\50379hackzoolbc.cpl
c:\windows\5045v9ruszf5.cpl
c:\windows\505baddware1919z.dll
c:\windows\5118sparse2z695.dll
c:\windows\5175hacztool291.dll
c:\windows\51baddwa9e5z56.cpl
c:\windows\51f6thief979z.ocx
c:\windows\5211nzt-5-vi9us68f.cpl
c:\windows\524zw95m2e6.exe
c:\windows\5254stza9281.bin
c:\windows\52740troj79dz.exe
c:\windows\52869vizus4e.exe
c:\windows\5297ad5zare615.exe
c:\windows\52a5stea9z7555.cpl
c:\windows\52c1tz95f657.ocx
c:\windows\533zvirus5395.cpl
c:\windows\5340spy9arez439.ocx
c:\windows\5350zpy9b9.exe
c:\windows\541zworm295.bin
c:\windows\542e9teal2652z.exe
c:\windows\5432s9zal18185.dll
c:\windows\5496not-a-virus49z.dll
c:\windows\54bcdzwnloade93148.dll
c:\windows\54f4sparsez93.exe
c:\windows\5581spa9bzt575.dll
c:\windows\5674sp9za0.bin
c:\windows\56958worm4zd.bin
c:\windows\56996spamboz1f1.exe
c:\windows\56e9ste9l25z9.exe
c:\windows\5793sz56c8.ocx
c:\windows\57afzir9583.dll
c:\windows\5854t5o975z.exe
c:\windows\58a8dow5l9ader192z.ocx
c:\windows\5919spazs51698.cpl
c:\windows\59205parze9386.bin
c:\windows\5936s9y5za.bin
c:\windows\5957hacktooz405.exe
c:\windows\59czvir13865.bin
c:\windows\59f5backdoor94z.exe
c:\windows\5a915pyzare568.dll
c:\windows\5a99vir96z9.dll
c:\windows\5abdback9oor389z.dll
c:\windows\5b539teaz1394.dll
c:\windows\5bab9hiefz520.exe
c:\windows\5c77tzreat165979.bin
c:\windows\5c93zparse3599.cpl
c:\windows\5cb4vzr1795.exe
c:\windows\5e18addware19z.exe
c:\windows\5e919hz5at8468.ocx
c:\windows\5f0ebackdoorz095.bin
c:\windows\5f3d9pzrse1051.exe
c:\windows\5f92zi9401.bin
c:\windows\5f9zaddware9403.ocx
c:\windows\5fdbs5y9aze2012.cpl
c:\windows\5z488vir9se6.bin
c:\windows\5z6c5dd9are940.ocx
c:\windows\5zfaddware9136.dll
c:\windows\6057haczt5ol469.bin
c:\windows\620fspzwar92556.ocx
c:\windows\631dsz9war564.exe
c:\windows\6333spz7595.bin
c:\windows\6385sz5rse1539.cpl
c:\windows\64959irz537.bin
c:\windows\6495backdoo9271z.exe
c:\windows\65319hizf2377.ocx
c:\windows\6558spywa9e156z.dll
c:\windows\6580tzoj978.dll
c:\windows\6599worz539.bin
c:\windows\659zvi52.exe
c:\windows\65d4d9wnloadez271.exe
c:\windows\65fzth5eat22659.exe
c:\windows\6897t5iez249.bin
c:\windows\68zdth59at24456.bin
c:\windows\6957spywa5e2398z.exe
c:\windows\695bth9ez1154.cpl
c:\windows\6a19ackzoor2385.dll
c:\windows\6e3dstea59z88.exe
c:\windows\6e5zddware3099.dll
c:\windows\6e655dzw9re1825.exe
c:\windows\6ea5s5eal2915z.dll
c:\windows\6fcf95z1791.dll
c:\windows\6z59thief19999.bin
c:\windows\6zc4addwa5e809.dll
c:\windows\705z95476.ocx
c:\windows\7092addwz9e395.ocx
c:\windows\7139ztea51179.exe
c:\windows\7149hac5zo9l5c.bin
c:\windows\7272hack5ozl99.dll
c:\windows\734ab5ckdoorz649.bin
c:\windows\74f5th9ef226z.ocx
c:\windows\7577not-a-zirus699.cpl
c:\windows\7595thrzat29919.exe
c:\windows\75f0do9nlozder1716.dll
c:\windows\7651t9ief2924z.ocx
c:\windows\76c0tzrea512899.exe
c:\windows\76e9d5wnzo9der2161.exe
c:\windows\776bsparz59270.bin
c:\windows\785d9ddwarz3124.cpl
c:\windows\7894a5dwaze899.cpl
c:\windows\78c5a9dwar51999z.cpl
c:\windows\794d5wnloaderz063.bin
c:\windows\795dthreat2z185.ocx
c:\windows\7995spz5are2749.exe
c:\windows\799cztea5999.ocx
c:\windows\7c04d59nzoader1526.ocx
c:\windows\7c9bad5ware1258z.exe
c:\windows\7d89ir50z1.ocx
c:\windows\7z595ir151.ocx
c:\windows\8090s9z5c5.dll
c:\windows\89z0tr5j45c.exe
c:\windows\90078vzr5s713.exe
c:\windows\9085zhacktool5d5.exe
c:\windows\91959troj4z2.cpl
c:\windows\9195troj263z.bin
c:\windows\935thie915z6.exe
c:\windows\9475zroj9e6.ocx
c:\windows\95679spyz64.cpl
c:\windows\95999t5zj49.cpl
c:\windows\95dabackdoz5355.cpl
c:\windows\96005virzsb2.ocx
c:\windows\9615viz79.exe
c:\windows\9665zirus95c.dll
c:\windows\9705spa5bzt607.ocx
c:\windows\9725nzt-a5virus77a9.ocx
c:\windows\97535py9d5z.ocx
c:\windows\97z03worm5e5.ocx
c:\windows\98122troj5a5z.bin
c:\windows\9868spzmbota5.ocx
c:\windows\98f5spywzre2380.dll
c:\windows\9b59tezl162.ocx
c:\windows\9dfzb5ckdoor1697.exe
c:\windows\9e43tzreat1547.bin
c:\windows\9e4c5ackdoor617z.ocx
c:\windows\9ff8vzr705.exe
c:\windows\9z2795py275.ocx
c:\windows\9z645p9391.exe
c:\windows\9zf2th5ef2031.ocx
c:\windows\a5fthreaz92242.ocx
c:\windows\bbbvi91z465.dll
c:\windows\be0t5ie951z.exe
c:\windows\c1fazdware1519.dll
c:\windows\d11th5ezt6944.cpl
c:\windows\e49pzr5e45.ocx
c:\windows\f61steal9z56.exe
c:\windows\system32\10365wo9z15b5.exe
c:\windows\system32\1071zpa59e3181.dll
c:\windows\system32\107z9spy5da.bin
c:\windows\system32\10990v5rus197z.exe
c:\windows\system32\11000s9azbot5c3.dll
c:\windows\system32\1137addware521z9.dll
c:\windows\system32\1139notza-vir9s695.exe
c:\windows\system32\11799not-a-vi5uszd7.cpl
c:\windows\system32\12108vzru55d59.dll
c:\windows\system32\12223hac9zool3265.ocx
c:\windows\system32\12935spamb5t3ez.ocx
c:\windows\system32\13155iru9675z.dll
c:\windows\system32\13962wzrm571.ocx
c:\windows\system32\14139n9t-a-v5zus6d4.cpl
c:\windows\system32\14296viz5s6d4.ocx
c:\windows\system32\14812v95us3zd.ocx
c:\windows\system32\14839not-a-viz5s494.ocx
c:\windows\system32\14beb9ckdooz2552.cpl
c:\windows\system32\15415ozn9oader1500.dll
c:\windows\system32\15941zorm562.exe
c:\windows\system32\15958z9y509.exe
c:\windows\system32\1595sparse25z0.exe
c:\windows\system32\1596tzreat7369.exe
c:\windows\system32\15972ha9k5oolz4c.exe
c:\windows\system32\16061not-9zviru5548.bin
c:\windows\system32\161z8h9cktool14d5.ocx
c:\windows\system32\163099pyz53.ocx
c:\windows\system32\16465ha5k9zol45c.ocx
c:\windows\system32\171629ot-a-viru5zc0.dll
c:\windows\system32\172z8spy954.exe
c:\windows\system32\178ftzief17915.cpl
c:\windows\system32\17991spz6e5.ocx
c:\windows\system32\179z0spy56b9.bin
c:\windows\system32\18441spzm9ot5255.cpl
c:\windows\system32\18450troj59z5.cpl
c:\windows\system32\18523tr9z470.ocx
c:\windows\system32\18592virus124z.cpl
c:\windows\system32\18e4downlzader1659.cpl
c:\windows\system32\18z155py75d9.cpl
c:\windows\system32\19129virzs558.dll
c:\windows\system32\19219not-5-virzs4f6.cpl
c:\windows\system32\1922zvirus5e9.ocx
c:\windows\system32\19544spambo52z1.bin
c:\windows\system32\195abackzoor2536.dll
c:\windows\system32\1982zhackt9o525f.bin
c:\windows\system32\199095py1ez9.bin
c:\windows\system32\199425roj6z9.ocx
c:\windows\system32\199b5ir2976z.dll
c:\windows\system32\19z26not-a9virus65.bin
c:\windows\system32\19z75wo9m2e.bin
c:\windows\system32\1b59vir1579z.bin
c:\windows\system32\1b9zbackd95r1857.cpl
c:\windows\system32\1dd9dz5nloa9er1259.bin
c:\windows\system32\1e3czac95oor3097.exe
c:\windows\system32\1e4fbazkd9or235.dll
c:\windows\system32\1ebzsp9ware5047.cpl
c:\windows\system32\1ed4st59lz128.bin
c:\windows\system32\1f0zd5wn9oader16.exe
c:\windows\system32\1febth5eat17z269.cpl
c:\windows\system32\1z078wo5m790.ocx
c:\windows\system32\1z721not-a9vir5s370.dll
c:\windows\system32\1zb79parse31855.ocx
c:\windows\system32\20121not-59virusz3.bin
c:\windows\system32\2013doznload5r3901.exe
c:\windows\system32\20445notz5-v9rus1b9.dll
c:\windows\system32\20535vzru93e6.cpl
c:\windows\system32\20786not-a-vi9zs5dc.dll
c:\windows\system32\20945not-a-9iruz5e4.bin
c:\windows\system32\2094sz5ware1423.dll
c:\windows\system32\209985pyzbe.dll
c:\windows\system32\21085p9mbot42z.bin
c:\windows\system32\2140thizf3549.bin
c:\windows\system32\215109py198z.cpl
c:\windows\system32\2151zha9ktool2ca.exe
c:\windows\system32\2197zvir5s59.cpl
c:\windows\system32\21z389irus5ae.cpl
c:\windows\system32\2223wormz995.cpl
c:\windows\system32\2296zv95us4bb.bin
c:\windows\system32\23542noz9a-virus35e5.cpl
c:\windows\system32\235bd9wnlzader585.bin
c:\windows\system32\23794tro5z47.dll
c:\windows\system32\23920trzj925.ocx
c:\windows\system32\23afv9r279z5.cpl
c:\windows\system32\23d2bac5door1993z.bin
c:\windows\system32\23z29s9ambot75e.ocx
c:\windows\system32\24085no9-azvirus5f15.dll
c:\windows\system32\2450z5pambot4859.ocx
c:\windows\system32\2455spa9ze1598.exe
c:\windows\system32\25052wzrm669.exe

c:\windows\system32\2531not9a-v5rus5zb.bin
c:\windows\system32\2545ztroja9.cpl
c:\windows\system32\25591z9r54b3.bin
c:\windows\system32\2645zwor97c5.dll
c:\windows\system32\26509s5ambot199z.ocx
c:\windows\system32\2652b5ckdozr14969.cpl
c:\windows\system32\26993zot5a-vir9s1c.exe
c:\windows\system32\26c995yware1407z.ocx
c:\windows\system32\27412w59m7z7.bin
c:\windows\system32\27557spa9bo5z06.ocx
c:\windows\system32\279585or93d6z.exe
c:\windows\system32\28579wzrm799.ocx
c:\windows\system32\2900sp59are1145z.exe
c:\windows\system32\29254zo9-a-virus6f0.exe
c:\windows\system32\29352spy6faz.exe
c:\windows\system32\29475zroj46c.bin
c:\windows\system32\295cthief1z8.bin
c:\windows\system32\295vizus2c4.bin
c:\windows\system32\295z7s9y6a3.cpl
c:\windows\system32\295zhacktoo5447.cpl
c:\windows\system32\2975acktool42z.dll
c:\windows\system32\29845spzmbot9465.bin
c:\windows\system32\2993backdoor1935z.exe
c:\windows\system32\2994zte5l750.dll
c:\windows\system32\29z35spambot2905.cpl
c:\windows\system32\29z5hrea918548.dll
c:\windows\system32\2az9vi51127.dll
c:\windows\system32\2b99spyw5rz1388.bin
c:\windows\system32\2c09zpars5552.exe
c:\windows\system32\2d45a9dzare1795.cpl
c:\windows\system32\2d5ab9ckdoor179z.ocx
c:\windows\system32\2ea5vzr31959.exe
c:\windows\system32\2f995hiz92764.bin
c:\windows\system32\2z595s5y52e.exe
c:\windows\system32\2z599tro542c9.ocx
c:\windows\system32\2z605spy99.dll
c:\windows\system32\2z79sparse3519.exe
c:\windows\system32\2z9cstea51595.bin
c:\windows\system32\300z9t5oj5ac.cpl
c:\windows\system32\302z0ha9ktool568.cpl
c:\windows\system32\309bazdwar5740.dll
c:\windows\system32\309ethie5z928.dll
c:\windows\system32\31259spambot9d1z.dll
c:\windows\system32\31511spambot95z.dll
c:\windows\system32\315dzow9loader979.exe
c:\windows\system32\3161zn5t-a-9irus493.dll
c:\windows\system32\31763wor5z98.exe
c:\windows\system32\31z5s597dc.dll
c:\windows\system32\31z79sp55ed.ocx
c:\windows\system32\3204wzrm985.dll
c:\windows\system32\3213spazb9t58.dll
c:\windows\system32\32910zpy75a.ocx
c:\windows\system32\32z2t5reat25956.ocx
c:\windows\system32\3515downloadz5996.dll
c:\windows\system32\35403zroj197.cpl
c:\windows\system32\3551zownloa9er166.cpl
c:\windows\system32\35617hacktoo92az.bin
c:\windows\system32\35651troj4z79.cpl
c:\windows\system32\3565troj9dz.dll
c:\windows\system32\3658zp91f5.dll
c:\windows\system32\3660s5e9z2139.dll
c:\windows\system32\36d15azk9oor2669.cpl
c:\windows\system32\37z0spyware925.ocx
c:\windows\system32\38zesparse589.bin
c:\windows\system32\39367z5y604.dll
c:\windows\system32\395vzr3129.cpl
c:\windows\system32\399bth5eatz10.dll
c:\windows\system32\399bthief145z.bin
c:\windows\system32\39z48worma15.bin
c:\windows\system32\3b5zdownlo9der2705.bin
c:\windows\system32\3c5fthrea9359z.exe
c:\windows\system32\3d00add5are3029z.dll
c:\windows\system32\3d3addwaze2895.ocx
c:\windows\system32\3d5ethie925z.ocx
c:\windows\system32\3eb15ir1z91.exe
c:\windows\system32\3f50virz395.exe
c:\windows\system32\3z48stea5249.bin
c:\windows\system32\3z69a5dware1548.exe
c:\windows\system32\4045sp9ware111z.ocx
c:\windows\system32\404Fix.exe
c:\windows\system32\40e6ba9zdoor5930.ocx
c:\windows\system32\415dbacz5oor2109.cpl
c:\windows\system32\43zste953130.bin
c:\windows\system32\451dsteal1998z.exe
c:\windows\system32\4550zparse2329.cpl
c:\windows\system32\4599zpy98b.dll
c:\windows\system32\45a195dwarez39.ocx
c:\windows\system32\45dfbzckdoor14559.cpl
c:\windows\system32\471zdownlo9der3053.cpl
c:\windows\system32\47e5spz9are3258.bin
c:\windows\system32\47e6zhrea532905.cpl
c:\windows\system32\489zvir9956.cpl
c:\windows\system32\48d7backd5or18z29.exe
c:\windows\system32\48z0sp595a.cpl
c:\windows\system32\4c45stzal29139.exe
c:\windows\system32\4d13th59fz878.bin
c:\windows\system32\4dz9hreat280755.cpl
c:\windows\system32\4z5ddownloa9er2557.exe
c:\windows\system32\4z9esteal5105.dll
c:\windows\system32\507ezd9ware1547.dll
c:\windows\system32\5095w5rmzcd.ocx
c:\windows\system32\50bzvir961.bin
c:\windows\system32\5133s5azse23549.exe
c:\windows\system32\5235st9al2z3.bin
c:\windows\system32\529z5ac9door2330.exe
c:\windows\system32\529zteal25359.dll
c:\windows\system32\5323addw5r938z.ocx
c:\windows\system32\5383sp5rse9z28.exe
c:\windows\system32\53abbaczdoor1959.exe
c:\windows\system32\53f0threat95996z.dll
c:\windows\system32\540estezl9453.exe
c:\windows\system32\54ddthi9f1z40.dll
c:\windows\system32\5539spyzare1716.bin
c:\windows\system32\5541do9nloaz5r44.dll
c:\windows\system32\555fb9zkdoo51903.dll
c:\windows\system32\559caddwz5e539.cpl
c:\windows\system32\55a9virz513.cpl
c:\windows\system32\56203hacz9ool3ab.dll
c:\windows\system32\56667spzmbo9642.dll
c:\windows\system32\56ezbac5door2993.cpl
c:\windows\system32\572f9parse1z39.bin
c:\windows\system32\57461vizus19.cpl
c:\windows\system32\5755ztroj22c9.dll
c:\windows\system32\5798spy5are59z.dll
c:\windows\system32\5831w9zmb5.cpl
c:\windows\system32\58cv9r5z0.dll
c:\windows\system32\58z0do95loader1737.cpl
c:\windows\system32\591zdownloader1535.cpl
c:\windows\system32\5926zpyware12395.bin
c:\windows\system32\5932tz5eat10951.cpl
c:\windows\system32\594zs59310.ocx
c:\windows\system32\5992zo5n9oader2397.ocx
c:\windows\system32\5999thie5z425.ocx
c:\windows\system32\59edthie59z1.cpl
c:\windows\system32\5a1dstzal975.cpl
c:\windows\system32\5a2zvi942.cpl
c:\windows\system32\5acfst5alz495.ocx
c:\windows\system32\5azdownload9r28865.ocx
c:\windows\system32\5b90s5arse2392z.dll
c:\windows\system32\5bz9th9eat20095.dll
c:\windows\system32\5czbspar5e9064.cpl
c:\windows\system32\5d3zteal2598.dll
c:\windows\system32\5d6down9oadez2555.dll
c:\windows\system32\5d9fthr5at9z54.bin
c:\windows\system32\5dd9viz1799.dll
c:\windows\system32\5f95vir11z3.dll
c:\windows\system32\5z5e9teal1578.cpl
c:\windows\system32\5z8virus2f69.ocx
c:\windows\system32\5z965ackdoo9349.bin
c:\windows\system32\5zb1ba9kd5or6.bin
c:\windows\system32\622adownloader2925z.bin
c:\windows\system32\623faddwa9z2554.dll
c:\windows\system32\625z9eal137.exe
c:\windows\system32\629zsp5ware570.bin
c:\windows\system32\62ze5tea93065.dll
c:\windows\system32\6330spamzo55fb9.dll
c:\windows\system32\654zbackdo5r1599.bin
c:\windows\system32\657dstealz259.bin
c:\windows\system32\658spyz95.bin
c:\windows\system32\66e9bac5zoor9489.dll
c:\windows\system32\67069roz585.bin
c:\windows\system32\6717adzware2985.bin
c:\windows\system32\6744z95469.bin
c:\windows\system32\676z9roj4595.bin
c:\windows\system32\677fthrea92371z5.exe
c:\windows\system32\6918zi912475.ocx
c:\windows\system32\69bf5dzware465.dll
c:\windows\system32\69z1spyware18365.exe
c:\windows\system32\6b31ad5waz91442.dll
c:\windows\system32\6b55downloader296z.dll
c:\windows\system32\6b7daddw59e28z2.cpl
c:\windows\system32\6b97ad5waze10079.exe
c:\windows\system32\6bbbthrezt31595.cpl
c:\windows\system32\6bz5down9oader5708.cpl
c:\windows\system32\6cz85own9oader3150.exe
c:\windows\system32\6d99thz5f3659.cpl
c:\windows\system32\6zdbthief2985.ocx
c:\windows\system32\7139not-a-virus5ze5.exe
c:\windows\system32\7229vzr9s5bb5.dll
c:\windows\system32\7271t9ze5t31101.bin
c:\windows\system32\72c65tea914z1.exe
c:\windows\system32\7355s9arze982.exe
c:\windows\system32\7496zddware5.bin
c:\windows\system32\769fthi596z7.exe
c:\windows\system32\7794wo95z7.bin
c:\windows\system32\77zb95eal295.bin
c:\windows\system32\7825bazkdoor16649.cpl
c:\windows\system32\78925irusz54.cpl
c:\windows\system32\7925steaz2432.ocx
c:\windows\system32\7992sparse108z5.bin
c:\windows\system32\79z5spyware29145.ocx
c:\windows\system32\7c68dzw5loader1985.exe
c:\windows\system32\7db8threa530z059.dll
c:\windows\system32\7de5t9reat22z89.cpl
c:\windows\system32\7z115ackt9ol1b9.cpl
c:\windows\system32\7z50vi92344.dll
c:\windows\system32\8105no95a-virzs440.ocx
c:\windows\system32\8182ha5ktozl59.exe
c:\windows\system32\835addwa9z1730.exe
c:\windows\system32\8947spambot58z5.bin
c:\windows\system32\9020hazktool265.ocx
c:\windows\system32\9031vzr5189.dll
c:\windows\system32\90424not-a-zirus350.dll
c:\windows\system32\90529w5zm235.exe
c:\windows\system32\90969vz5us57e.cpl
c:\windows\system32\9151virus6z5.bin
c:\windows\system32\9172sparze2425.exe
c:\windows\system32\91bfzt5al1954.ocx
c:\windows\system32\9207zspy6b55.dll
c:\windows\system32\922sp9mboz503.bin
c:\windows\system32\92416hack5zol314.cpl
c:\windows\system32\9266zh5eat15000.exe
c:\windows\system32\93338wozm5a9.exe
c:\windows\system32\93fs9zware959.ocx
c:\windows\system32\94359tro56bz.dll
c:\windows\system32\95002not-a-vir5s78z.dll
c:\windows\system32\95119noz-a-viru5452.exe
c:\windows\system32\9531zpyware2989.exe
c:\windows\system32\9598zorm37f.ocx
c:\windows\system32\95a5dowzloader1425.ocx
c:\windows\system32\96029tzoj7895.cpl
c:\windows\system32\9605s9am5ot5z.dll
c:\windows\system32\963sp5mzot65a.exe
c:\windows\system32\965z9pambot215.exe
c:\windows\system32\96c8threat130z5.exe
c:\windows\system32\96zeaddware5565.ocx
c:\windows\system32\979zi512099.ocx
c:\windows\system32\98d8vir185z5.exe
c:\windows\system32\98zaddware2254.cpl
c:\windows\system32\9955wo9m26z.ocx
c:\windows\system32\99825ot-a-virus9az.dll
c:\windows\system32\9ae6addwaze508.exe
c:\windows\system32\9b0aviz1955.bin
c:\windows\system32\9e9addwz5e1560.exe
c:\windows\system32\9f2dzir545.ocx
c:\windows\system32\9z35hac9tool485.cpl
c:\windows\system32\a21spy5az9334.bin
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
c:\windows\system32\dumphive.exe
c:\windows\system32\e7espywz5e6029.exe
c:\windows\system32\ea2v9rz559.exe
c:\windows\system32\ed9st9az1685.ocx
c:\windows\system32\eddth5eatz9399.cpl
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\setup2.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\z01395py294.cpl
c:\windows\system32\z0552not-a-virus419.exe
c:\windows\system32\z13dd5wn9oader845.dll
c:\windows\system32\z217add5are1974.dll
c:\windows\system32\z2273not5a-virus139.exe
c:\windows\system32\z286v9r568.bin
c:\windows\system32\z299thre5t50029.ocx
c:\windows\system32\z4595troj1b0.ocx
c:\windows\system32\z4spywa9561.dll
c:\windows\system32\z555spamb9t175.exe
c:\windows\system32\z558virusd19.ocx
c:\windows\system32\z569tro95b5.exe
c:\windows\system32\z580stea52911.ocx
c:\windows\system32\z5bfthief859.cpl
c:\windows\system32\z64edownlo5der9939.exe
c:\windows\system32\z750s9arse999.exe
c:\windows\system32\z796wor5ae9.ocx
c:\windows\system32\z90175py7de9.bin
c:\windows\system32\ze25ba5kdoor298.bin
c:\windows\z0809viru554b.bin
c:\windows\z0979w5rm2f0.cpl
c:\windows\z0b0thief1259.cpl
c:\windows\z18349py5bb.dll
c:\windows\z2435r9j200.dll
c:\windows\z33ath9ef2657.dll
c:\windows\z359ha5kt9ol634.dll
c:\windows\z38bbackdo9r1865.ocx
c:\windows\z3b9add5are999.exe
c:\windows\z4129s5ambot274.exe
c:\windows\z44sparse2951.ocx
c:\windows\z5b7sparse95.dll
c:\windows\z5e9sp9rse505.bin
c:\windows\z65caddwar93218.ocx
c:\windows\z68a5hi9f993.cpl
c:\windows\z68cvi59438.cpl
c:\windows\z7659worm60e.exe
c:\windows\z7965hacktool4289.exe
c:\windows\z7ccspars92350.dll
c:\windows\z88495o9m2af.bin
c:\windows\z921vir252.dll
c:\windows\z969downloa5er1006.ocx
c:\windows\z9905wor94bb.ocx
c:\windows\z991t5ief1528.ocx
c:\windows\zba1vir7955.dll
c:\windows\zec2thi9f4635.cpl
c:\windows\zef95teal1146.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 18:52 . 2009-06-03 18:52 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-03 05:19 . 2009-06-03 19:11 53248 ----a-w- c:\windows\system32\Process.exe
2009-06-03 03:54 . 2009-06-03 03:54 -------- d-----w- c:\users\Izumi\AppData\Roaming\Malwarebytes
2009-06-03 03:54 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 03:54 . 2009-06-03 03:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 03:54 . 2009-06-03 03:54 -------- d-----w- c:\programdata\Malwarebytes
2009-06-03 03:54 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 03:06 . 2009-06-03 03:06 -------- d-----w- c:\program files\Trend Micro
2009-06-03 03:05 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-03 03:05 . 2009-04-03 18:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-03 03:05 . 2008-12-18 19:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-03 03:05 . 2009-06-03 03:05 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-03 03:05 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-03 03:05 . 2009-06-03 19:05 -------- d-----w- c:\program files\Spyware Doctor
2009-06-03 03:05 . 2009-06-03 03:05 -------- d-----w- c:\users\Izumi\AppData\Roaming\PC Tools
2009-06-03 03:05 . 2009-06-03 03:05 -------- d-----w- c:\programdata\PC Tools
2009-06-03 01:53 . 2009-06-03 01:53 -------- d-----w- c:\program files\WinBlueSoft Software
2009-05-22 20:03 . 2009-05-22 20:03 -------- d-----w- c:\programdata\WebcamMax
2009-05-22 19:57 . 2009-05-22 20:03 -------- d-----w- c:\users\Izumi\AppData\Roaming\Webcammax
2009-05-22 19:56 . 2008-12-18 14:02 1051136 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys
2009-05-21 00:11 . 2009-05-21 04:09 -------- d-----w- c:\programdata\PopCap Games
2009-05-18 07:33 . 2009-05-18 07:33 -------- d-----w- c:\program files\PowerISO
2009-05-16 04:07 . 2009-06-03 18:51 -------- d-----w- c:\users\Izumi\AppData\Roaming\skypePM
2009-05-16 04:06 . 2009-06-03 19:24 -------- d-----w- c:\users\Izumi\AppData\Roaming\Skype
2009-05-16 04:05 . 2009-05-16 04:05 -------- d-----w- c:\program files\Common Files\Skype
2009-05-16 04:05 . 2009-05-16 04:05 -------- d-----r- c:\program files\Skype
2009-05-16 04:05 . 2009-05-16 04:05 -------- d-----w- c:\programdata\Skype
2009-05-12 20:29 . 2008-12-18 02:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-12 20:29 . 2009-05-12 20:29 -------- d-----w- c:\program files\ffdshow
2009-05-12 20:29 . 2008-12-11 20:26 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-05-11 19:11 . 2009-05-11 19:11 -------- d-----w- c:\program files\Spirited Heart
2009-05-10 21:53 . 2009-05-10 21:53 -------- d-----w- c:\users\Izumi\AppData\Roaming\Megaupload
2009-05-10 21:52 . 2009-05-10 21:52 -------- d-----w- c:\program files\Megaupload
2009-05-10 21:51 . 2009-05-10 21:51 -------- d-----w- c:\users\Izumi\AppData\Roaming\InstallShield
2009-05-10 20:49 . 2009-05-10 20:49 -------- d-----w- c:\programdata\AlawarWrapper
2009-05-10 18:27 . 2009-05-10 18:27 -------- d-----w- c:\users\Izumi\AppData\Roaming\RenPy
2009-05-08 01:11 . 2009-05-08 01:11 161862 ----a-r- c:\users\Izumi\AppData\Roaming\Microsoft\Installer\{7958FD50-F724-4A8A-B7B7-F90F6DAF56C2}\_6FEFF9B68218417F98F549.exe
2009-05-08 01:11 . 2009-05-08 01:11 10134 ----a-r- c:\users\Izumi\AppData\Roaming\Microsoft\Installer\{7958FD50-F724-4A8A-B7B7-F90F6DAF56C2}\_FA19A6B6CAEDCBED7C99C2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 18:51 . 2009-02-14 04:51 -------- d-----w- c:\users\Izumi\AppData\Roaming\DNA
2009-06-03 18:51 . 2009-02-14 04:51 -------- d-----w- c:\program files\DNA
2009-06-03 05:42 . 2009-02-03 21:06 680 ----a-w- c:\users\Izumi\AppData\Local\d3d9caps.dat
2009-06-03 01:59 . 2007-08-10 14:56 217870192 ----a-w- c:\windows\DUMP36b0.tmp
2009-05-18 07:13 . 2009-02-07 18:46 -------- d-----w- c:\users\Izumi\AppData\Roaming\DAEMON Tools Lite
2009-05-18 07:11 . 2009-02-03 21:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-18 07:09 . 2009-02-03 21:12 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-13 10:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-01 20:33 . 2009-05-01 04:34 -------- d-----w- c:\program files\Project64 1.6
2009-05-01 04:34 . 2009-05-01 04:34 8854 ----a-r- c:\users\Izumi\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-05-01 04:34 . 2009-05-01 04:34 40960 ----a-r- c:\users\Izumi\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-05-01 04:34 . 2009-05-01 04:34 40960 ----a-r- c:\users\Izumi\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-04-18 16:52 . 2009-02-04 16:53 -------- d-----w- c:\program files\McAfee
2009-03-17 03:38 . 2009-04-14 17:36 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 17:36 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-03-13 15:09 . 2009-03-13 15:09 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-07 03:24 . 2009-03-07 03:24 297 ----a-w- c:\windows\EReg077.dat
2009-03-06 05:01 . 2009-02-03 21:08 52568 ----a-w- c:\users\Izumi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-06 02:15 . 2009-03-06 02:16 737280 ----a-w- c:\windows\iun6002.exe
2009-02-20 07:20 . 2009-02-20 06:55 56 --sh--r- c:\windows\System32\05F0063427.sys
2009-02-26 01:42 . 2009-02-20 06:55 1890 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-09 39408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-13 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-23 198160]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"WinBlueSoft"="c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe" [2009-06-02 1413120]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4917048B-A8FC-44DF-B3FD-00392C573E58}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{B7E5E030-1825-455A-826E-5A4659DF28BB}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{D4220144-65E7-4323-BC63-71E0044DD33F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6B113239-0223-445E-BC0C-B62EB7B465D3}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{0E9962C3-5F08-4C54-A712-97110817648D}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{893055C9-4A0A-4081-8DFA-B0D96AFB134A}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [6/2/2009 8:05 PM 130936]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\System32\drivers\CAMTHWDM.sys [5/22/2009 12:56 PM 1051136]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/2/2009 8:05 PM 348752]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [4/3/2009 9:36 AM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-04 21:32]

2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-04 21:32]

2009-06-03 c:\windows\Tasks\User_Feed_Synchronization-{C221CAC6-F9AB-4213-A05B-E3CD849A922F}.job
- c:\windows\system32\msfeedssync.exe [2009-02-06 07:33]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gaiaonline.com/
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 12:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5364)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\stobject.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\nexon\MapleStory\npkcmsvc.exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\windows\servicing\TrustedInstaller.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-06-03 12:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 19:29

Pre-Run: 15,855,460,352 bytes free
Post-Run: 17,726,656,512 bytes free

935 --- E O F --- 2009-05-27 10:01




((Okay, done.))

Hello.

I see that you are running BitTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If BitTorrent is not removed, then I won't help you.

If you choose to follow my recommendation then follow these instructions.

• Click Start >> Control Panel.
  
• Under the Programs click Uninstall a Program
  
• Highlight BitTorrent DNA
  
• Click on the Uninstall/Change button at the top.
  

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\DUMP36b0.tmp

Folder::
c:\users\Izumi\AppData\Roaming\DNA
c:\program files\DNA
c:\program files\BitTorrent
c:\program files\WinBlueSoft Software

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6B113239-0223-445E-BC0C-B62EB7B465D3}"=-
"{0E9962C3-5F08-4C54-A712-97110817648D}"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

I already followed your earlier instructions to remove BitTorrent...



I'm running into an issue when dragging the .txt file onto Combo-Fix. It gives me the following error message when the program tries to start after dropping the file:



You're saying to drag CFScript.txt to ComboFix. However, I was instructed to rename ComboFix to Combo-Fix when I downloaded it. Do I need to download it again, or was there something I missed?

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

Now download ComboFix as Combo-Fix again, and try running the script.

I tried that, and this error message keeps popping up:

Anyhow, the main problem is gone. Just delete the current exe file, and re-download it as normal without renaming it, it should still work.

ComboFix 09-06-03.01 - Izumi 06/03/2009 14:30.2 - NTFSx86
Microsoft Windows Vista Business 6.0.6001.1.1252.1.1033.18.2046.1259 [GMT -7:00]
Running from: c:\users\Izumi\Desktop\ComboFix.exe
Command switches used :: c:\users\Izumi\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\DUMP36b0.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\WinBlueSoft Software
c:\program files\WinBlueSoft Software\WinBlueSoft\data.bin
c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
c:\users\Izumi\AppData\Roaming\DNA
c:\users\Izumi\AppData\Roaming\DNA\dht.dat
c:\users\Izumi\AppData\Roaming\DNA\dht.dat.old
c:\users\Izumi\AppData\Roaming\DNA\dna.lng
c:\users\Izumi\AppData\Roaming\DNA\resume.dat
c:\users\Izumi\AppData\Roaming\DNA\resume.dat.old
c:\users\Izumi\AppData\Roaming\DNA\rss.dat
c:\users\Izumi\AppData\Roaming\DNA\rss.dat.old
c:\users\Izumi\AppData\Roaming\DNA\settings.dat
c:\users\Izumi\AppData\Roaming\DNA\settings.dat.old
c:\windows\DUMP36b0.tmp
c:\windows\system32\Process.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 21:33 . 2009-06-03 21:36 -------- d-----w- c:\users\Izumi\AppData\Local\temp
2009-06-03 19:07 . 2009-06-03 19:30 -------- d-s---w- C:\Combo-Fix
2009-06-03 18:52 . 2009-06-03 18:52 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-03 03:54 . 2009-06-03 03:54 -------- d-----w- c:\users\Izumi\AppData\Roaming\Malwarebytes
2009-06-03 03:54 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 03:54 . 2009-06-03 03:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 03:54 . 2009-06-03 03:54 -------- d-----w- c:\programdata\Malwarebytes
2009-06-03 03:54 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 03:06 . 2009-06-03 03:06 -------- d-----w- c:\program files\Trend Micro
2009-06-03 03:05 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-03 03:05 . 2009-04-03 18:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-03 03:05 . 2008-12-18 19:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-03 03:05 . 2009-06-03 03:05 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-03 03:05 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-03 03:05 . 2009-06-03 19:05 -------- d-----w- c:\program files\Spyware Doctor
2009-06-03 03:05 . 2009-06-03 03:05 -------- d-----w- c:\users\Izumi\AppData\Roaming\PC Tools
2009-06-03 03:05 . 2009-06-03 03:05 -------- d-----w- c:\programdata\PC Tools
2009-05-22 20:03 . 2009-05-22 20:03 -------- d-----w- c:\programdata\WebcamMax
2009-05-22 19:57 . 2009-05-22 20:03 -------- d-----w- c:\users\Izumi\AppData\Roaming\Webcammax
2009-05-22 19:56 . 2008-12-18 14:02 1051136 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys
2009-05-21 00:11 . 2009-05-21 04:09 -------- d-----w- c:\programdata\PopCap Games
2009-05-18 07:33 . 2009-05-18 07:33 -------- d-----w- c:\program files\PowerISO
2009-05-16 04:07 . 2009-06-03 18:51 -------- d-----w- c:\users\Izumi\AppData\Roaming\skypePM
2009-05-16 04:06 . 2009-06-03 21:36 -------- d-----w- c:\users\Izumi\AppData\Roaming\Skype
2009-05-16 04:05 . 2009-05-16 04:05 -------- d-----w- c:\program files\Common Files\Skype
2009-05-16 04:05 . 2009-05-16 04:05 -------- d-----r- c:\program files\Skype
2009-05-16 04:05 . 2009-05-16 04:05 -------- d-----w- c:\programdata\Skype
2009-05-12 20:29 . 2008-12-18 02:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-12 20:29 . 2009-05-12 20:29 -------- d-----w- c:\program files\ffdshow
2009-05-12 20:29 . 2008-12-11 20:26 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-05-11 19:11 . 2009-05-11 19:11 -------- d-----w- c:\program files\Spirited Heart
2009-05-10 21:53 . 2009-05-10 21:53 -------- d-----w- c:\users\Izumi\AppData\Roaming\Megaupload
2009-05-10 21:52 . 2009-05-10 21:52 -------- d-----w- c:\program files\Megaupload
2009-05-10 21:51 . 2009-05-10 21:51 -------- d-----w- c:\users\Izumi\AppData\Roaming\InstallShield
2009-05-10 20:49 . 2009-05-10 20:49 -------- d-----w- c:\programdata\AlawarWrapper
2009-05-10 18:27 . 2009-05-10 18:27 -------- d-----w- c:\users\Izumi\AppData\Roaming\RenPy
2009-05-08 01:11 . 2009-05-08 01:11 161862 ----a-r- c:\users\Izumi\AppData\Roaming\Microsoft\Installer\{7958FD50-F724-4A8A-B7B7-F90F6DAF56C2}\_6FEFF9B68218417F98F549.exe
2009-05-08 01:11 . 2009-05-08 01:11 10134 ----a-r- c:\users\Izumi\AppData\Roaming\Microsoft\Installer\{7958FD50-F724-4A8A-B7B7-F90F6DAF56C2}\_FA19A6B6CAEDCBED7C99C2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 05:42 . 2009-02-03 21:06 680 ----a-w- c:\users\Izumi\AppData\Local\d3d9caps.dat
2009-05-18 07:13 . 2009-02-07 18:46 -------- d-----w- c:\users\Izumi\AppData\Roaming\DAEMON Tools Lite
2009-05-18 07:11 . 2009-02-03 21:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-18 07:09 . 2009-02-03 21:12 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-13 10:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-01 20:33 . 2009-05-01 04:34 -------- d-----w- c:\program files\Project64 1.6
2009-05-01 04:34 . 2009-05-01 04:34 8854 ----a-r- c:\users\Izumi\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-05-01 04:34 . 2009-05-01 04:34 40960 ----a-r- c:\users\Izumi\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-05-01 04:34 . 2009-05-01 04:34 40960 ----a-r- c:\users\Izumi\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-04-18 16:52 . 2009-02-04 16:53 -------- d-----w- c:\program files\McAfee
2009-03-17 03:38 . 2009-04-14 17:36 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 17:36 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-03-13 15:09 . 2009-03-13 15:09 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-07 03:24 . 2009-03-07 03:24 297 ----a-w- c:\windows\EReg077.dat
2009-03-06 05:01 . 2009-02-03 21:08 52568 ----a-w- c:\users\Izumi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-06 02:15 . 2009-03-06 02:16 737280 ----a-w- c:\windows\iun6002.exe
2009-02-20 07:20 . 2009-02-20 06:55 56 --sh--r- c:\windows\System32\05F0063427.sys
2009-02-26 01:42 . 2009-02-20 06:55 1890 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-03_19.24.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-03 21:08 . 2009-06-03 19:24 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-03 21:08 . 2009-06-03 21:36 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-03 21:08 . 2009-06-03 19:24 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-03 21:08 . 2009-06-03 21:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-03 21:08 . 2009-06-03 19:24 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 21:08 . 2009-06-03 21:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-03 21:34 . 2009-06-03 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-03 19:23 . 2009-06-03 19:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-03 19:23 . 2009-06-03 19:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-03 21:34 . 2009-06-03 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-06-03 19:29 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-03 18:55 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-03 18:55 101144 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-03 19:29 101144 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-09 39408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-13 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-23 198160]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4917048B-A8FC-44DF-B3FD-00392C573E58}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{B7E5E030-1825-455A-826E-5A4659DF28BB}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{D4220144-65E7-4323-BC63-71E0044DD33F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{893055C9-4A0A-4081-8DFA-B0D96AFB134A}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [6/2/2009 8:05 PM 130936]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\System32\drivers\CAMTHWDM.sys [5/22/2009 12:56 PM 1051136]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/2/2009 8:05 PM 348752]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [4/3/2009 9:36 AM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-04 21:32]

2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-04 21:32]

2009-06-03 c:\windows\Tasks\User_Feed_Synchronization-{C221CAC6-F9AB-4213-A05B-E3CD849A922F}.job
- c:\windows\system32\msfeedssync.exe [2009-02-06 07:33]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinBlueSoft - c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gaiaonline.com/
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 14:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2380)
c:\program files\Spyware Doctor\pctgmhk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\nexon\MapleStory\npkcmsvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\System32\msiexec.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-06-03 14:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 21:39
ComboFix2.txt 2009-06-03 19:29

Pre-Run: 17,743,147,008 bytes free
Post-Run: 17,624,576,000 bytes free

233 --- E O F --- 2009-05-27 10:01




Alright, there's the log.

Hello.
That should do it.

Try the Combofix /u command again.

ComboFix has been uninstalled.