WiredWX Hobby Weather ToolsLog in

 


infected with winblue soft----stage after running combofix

3 posters

descriptioninfected with winblue soft----stage after running combofix Emptyinfected with winblue soft----stage after running combofix

more_horiz
HI,
my pc was infected with winblue soft...i followed the instructions that u specified in the other posts.....and executed combofix.exe....now i noticed that the logs created were different for different people, hence i need ur help from this point on....my log is as follows:-

ComboFix 09-06-04.06 - Jennifer 04-06-2009 22:06.1 - NTFSx86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.91.1033.18.3069.1710 [GMT -4:00]
Running from: c:\users\Jennifer\Desktop\Combo-Fix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\101t5reat1043z9.cpl
c:\windows\1030vi5z59.bin
c:\windows\103569o5-z-virus2ca.cpl
c:\windows\10405not-a-virzs79c.cpl
c:\windows\10597virus5z25.ocx
c:\windows\10954wo5m1cbz.ocx
c:\windows\112bspzwa9e16065.dll
c:\windows\11522hacktooz902.exe
c:\windows\11581spz749.ocx
c:\windows\1196trzj1825.dll
c:\windows\121cadzw5re3189.cpl
c:\windows\128z2sp597d.ocx
c:\windows\13025h9cktoolzed.exe
c:\windows\130659i5zs17d.ocx
c:\windows\1379w9zm550.cpl
c:\windows\14954spy45z.exe
c:\windows\15091v9ruz228.bin
c:\windows\150edownlo9dez2527.ocx
c:\windows\15177spambotzb99.exe
c:\windows\1529not5a-virzs97.cpl
c:\windows\1532backd5oz9368.exe
c:\windows\15380spambot5z9.exe
c:\windows\153z9ot-5-virus309.cpl
c:\windows\154es9yzare2267.ocx
c:\windows\1557zt9oj57e.exe
c:\windows\15729spambot1z8.exe
c:\windows\15963spam5zt5999.dll
c:\windows\15d9st9al16z0.ocx
c:\windows\15e6spz9se22455.ocx
c:\windows\16325z9j4a.dll
c:\windows\164hackt9oz25e.bin
c:\windows\1654z9orm155.bin
c:\windows\179fs9ar5ez859.cpl
c:\windows\18175v9zus69f.exe
c:\windows\18248spamz5t95.exe
c:\windows\18390hacktozl695.dll
c:\windows\18z4d9wnloade5113.ocx
c:\windows\18z9n5t-a-virus65f.ocx
c:\windows\19059zorm5f9.ocx
c:\windows\1917sparse560z.bin
c:\windows\1945v591916z.ocx
c:\windows\1953downlozd5r2597.ocx
c:\windows\1954vir297z.cpl
c:\windows\19659n5t-z-virus465.dll
c:\windows\196d5dzware2855.bin
c:\windows\197z2hacktool5af.bin
c:\windows\1987baczdoo52926.exe
c:\windows\19z75virus1b15.dll
c:\windows\19zespy9are5748.ocx
c:\windows\1a395ir1z5.exe
c:\windows\1bfbdowzloader2995.dll

descriptioninfected with winblue soft----stage after running combofix EmptyRe: infected with winblue soft----stage after running combofix

more_horiz
c:\windows\1c86th9efz0325.cpl
c:\windows\1f1as95ware23z.exe
c:\windows\1f8a9pywarz5194.dll
c:\windows\1z549v5rus378.bin
c:\windows\1z586spambot955.ocx
c:\windows\20045viruz922.ocx
c:\windows\20179hzckt5ol4ae.bin
c:\windows\202705orm2z9.cpl
c:\windows\20555not9a-virus455z.dll
c:\windows\205595arse9z7.bin
c:\windows\20696spamboz1b5.dll
c:\windows\21319t5ojz25.cpl
c:\windows\21396hackzool55a5.exe
c:\windows\2141zvir9529c.bin
c:\windows\217529irus4fz.dll
c:\windows\21767zroj59.exe
c:\windows\21950tzoj109.cpl
c:\windows\21963not-a-vzrus59.ocx
c:\windows\2209zspy95.bin
c:\windows\220w5z9707.dll
c:\windows\225dv9r293z.exe
c:\windows\23009spambot552z.bin
c:\windows\2319zh5cktool318.ocx
c:\windows\2373z9r5at11665.bin
c:\windows\23934z5t-a-vi9us77d.exe
c:\windows\23b2t5iz91986.cpl
c:\windows\23z439py5d4.dll
c:\windows\24085ddware9z72.cpl
c:\windows\24694hac5tool3z3.dll
c:\windows\25339zro91e2.bin
c:\windows\25385tro9ez.ocx
c:\windows\256bztea91139.cpl
c:\windows\2590threat1318z5.cpl
c:\windows\2593spyzare27965.cpl
c:\windows\25997viruz590.dll
c:\windows\25z06t5ojed9.cpl
c:\windows\25z34tr9j78.ocx
c:\windows\262585or9bz.bin
c:\windows\264209ozm545.dll
c:\windows\26z6thr9at19562.cpl
c:\windows\2705dd9are179z.dll
c:\windows\2707adzw5re2649.exe
c:\windows\27091ha5ktoolz9f.dll
c:\windows\2727z5r9j218.dll
c:\windows\27515spamzot2e9.cpl
c:\windows\275p9rse12z0.bin
c:\windows\2776zspamb9t353.exe
c:\windows\27865hz9f2129.dll
c:\windows\27z5spyware9185.dll
c:\windows\282195arsz3272.exe
c:\windows\282655o9m64z.cpl
c:\windows\28557spam9ot5ez.exe
c:\windows\28558not-azvir9s3c9.exe
c:\windows\28882haczto5l57e9.exe
c:\windows\28z55s5y5069.exe
c:\windows\290305ackzool691.ocx
c:\windows\29286zirus915.dll
c:\windows\2959stz9l5383.bin
c:\windows\29689s5amboz496.cpl
c:\windows\29852zroj90b.bin
c:\windows\29desparsz550.cpl
c:\windows\2a45bac9zoor1866.ocx
c:\windows\2as5yw9re55z.bin
c:\windows\2c19spywarz559.cpl
c:\windows\2c50spywaz59262.exe
c:\windows\2d97t5reat10z76.exe
c:\windows\2ebzspa5s9312.dll
c:\windows\2f00thief59z5.cpl
c:\windows\2fb1s5eaz892.ocx
c:\windows\2z09threa57998.bin
c:\windows\2z695tr9j46b.cpl
c:\windows\2z954sp5mbot925.exe
c:\windows\2za5thie91760.exe
c:\windows\30396w95m6z8.cpl
c:\windows\3040zacktoo9345.ocx
c:\windows\30584t9oj7fz.dll
c:\windows\30585vz9us5d3.cpl
c:\windows\30599spy3eez.bin
c:\windows\311aspywzr97845.exe
c:\windows\316255ackt9ol7z3.dll
c:\windows\3195zd9ware273.cpl
c:\windows\31966n5t-az9irus408.exe
c:\windows\320059acktool3z0.exe
c:\windows\32d5dow9loz5er567.bin
c:\windows\33b5zhi9f26535.cpl
c:\windows\33eedo5nloaz9r793.bin
c:\windows\3555spa9se1430z.ocx
c:\windows\358d9pywarz1506.bin
c:\windows\358ezpar5e1609.bin
c:\windows\35975ddware2329z.dll
c:\windows\35f6v5r92z.bin
c:\windows\3695v9rzs58c.ocx
c:\windows\38dspywa5z394.ocx
c:\windows\394bthrea925z965.bin
c:\windows\3951spzware9600.dll
c:\windows\3e4esze9l525.bin
c:\windows\3e95vi913z6.exe
c:\windows\3ea5spyzare1995.ocx
c:\windows\3z299no9-5-virus6d5.cpl
c:\windows\3z350worm91b.ocx
c:\windows\3z355p9ware202.exe
c:\windows\3z954spy3c7.cpl
c:\windows\4054t9oj7zb.cpl
c:\windows\40559zj234.exe
c:\windows\4066sp9waz51085.ocx
c:\windows\4073b5ckdoor968z.dll
c:\windows\40995acktool22z.exe
c:\windows\41145hreat17z779.dll
c:\windows\4124haczto9l705.exe
c:\windows\425f9pywaze366.bin
c:\windows\4311wor9z56.bin
c:\windows\4332threzt25299.dll
c:\windows\435zdow5loader14519.ocx
c:\windows\450est59l3z0.bin
c:\windows\454zwor9704.exe
c:\windows\455dzir28579.dll
c:\windows\455o9maez.dll
c:\windows\4565spzrs91717.exe
c:\windows\4591zteal27595.bin
c:\windows\45fbsparsz999.cpl
c:\windows\46fz9parse557.bin
c:\windows\4798virzs595.cpl
c:\windows\4929addw5rez905.bin
c:\windows\49319ormz5.bin
c:\windows\49z2v591303.ocx
c:\windows\4bb7threat5494z.exe
c:\windows\4bzdow5load9r1366.cpl
c:\windows\4c99thizf5350.cpl
c:\windows\4e27szeal591.cpl
c:\windows\4e9azddware5166.cpl
c:\windows\4f45sp5rz91503.dll
c:\windows\4z03not-a-vi5us94a.cpl
c:\windows\50250worm9zf.dll
c:\windows\5042downloa9ez1756.dll
c:\windows\5080ste95z695.exe
c:\windows\51105wzrm50c9.ocx
c:\windows\515bdown9oader1929z.dll
c:\windows\51769roj6bez.cpl
c:\windows\52006spz696.exe
c:\windows\5325thr9atz01355.dll
c:\windows\5393addzare1859.cpl
c:\windows\5509adzwar92405.cpl
c:\windows\55427sp94za.cpl
c:\windows\5585h9cktool3zc.bin
c:\windows\559abackdoor16z6.bin
c:\windows\559szywa5e795.cpl
c:\windows\55az9ir2367.cpl
c:\windows\55f6z9reat5988.dll
c:\windows\55z3sp9mb5t573.dll
c:\windows\57155ownloader793z.exe
c:\windows\57679spy7zb.bin
c:\windows\57729wozm69.ocx

descriptioninfected with winblue soft----stage after running combofix EmptyRe: infected with winblue soft----stage after running combofix

more_horiz
c:\windows\57z36troj789.dll
c:\windows\5848d9wnloade52770z.dll
c:\windows\584dzac9doo5305.cpl
c:\windows\5874backdoor94z.dll
c:\windows\58bespywzr9536.cpl
c:\windows\5912steal169z.exe
c:\windows\595fsp5rse251z.exe
c:\windows\597dz9ief1504.dll
c:\windows\5991t5reat16708z.dll
c:\windows\59e5spywarz734.exe
c:\windows\59ecspaz5e1383.dll
c:\windows\5a98zhie5599.dll
c:\windows\5ab2dow9lozder16855.exe
c:\windows\5b49t59eat7364z.exe
c:\windows\5cbbviz1599.dll
c:\windows\5d16stzal5609.exe
c:\windows\5d3zad9ware1255.bin
c:\windows\5d51zp9rse59.cpl
c:\windows\5d7bac5d9orz418.bin
c:\windows\5d7thze9t11714.ocx
c:\windows\5e1zd9wnloader1816.ocx
c:\windows\5e62do9nloazer2903.bin
c:\windows\5e7zthie98415.dll
c:\windows\5e9bz5ckdoor2998.exe
c:\windows\5eb8vir5095z.exe
c:\windows\5f5zsteal1299.bin
c:\windows\5f7fspy9aze736.cpl
c:\windows\5f83sparse1981z.bin
c:\windows\5f91threat50z81.exe
c:\windows\5fb5za5kdoor2619.ocx
c:\windows\5z28worm9e75.ocx
c:\windows\5z73a5dware1954.cpl
c:\windows\5z9downloader3056.cpl
c:\windows\5za7addwa9e1506.dll
c:\windows\61075orm65z9.ocx
c:\windows\6250no59a-virus5zc.exe
c:\windows\629095ckdoor1z18.cpl
c:\windows\63b9tzief4305.bin
c:\windows\63e35pa9se5z4.exe
c:\windows\63zc9hreat5204.bin
c:\windows\6471addwarez5079.bin
c:\windows\64e6vir958z5.ocx
c:\windows\6550b9ckdoor2686z.dll
c:\windows\6564not-a-v9ru5z93.cpl
c:\windows\656fszarse30309.ocx
c:\windows\6587spazse394.cpl
c:\windows\65959rz7eb.cpl
c:\windows\660dsp9r5e1356z.ocx
c:\windows\675downzoader559.exe
c:\windows\6875bzc9door329.ocx
c:\windows\68threa514z96.cpl
c:\windows\6938s59mbzt3fe.bin
c:\windows\6955trzj7b9.dll
c:\windows\69915orm5zb.cpl
c:\windows\69e9addw5re2171z.ocx
c:\windows\6azdspars95076.cpl
c:\windows\6b4zthief9571.cpl
c:\windows\6c92tz5ef949.cpl
c:\windows\6ce95irz52.ocx
c:\windows\6cza5pa9se2344.exe
c:\windows\6dczste5l2879.cpl
c:\windows\6ez9spar5e1496.dll
c:\windows\6z1d5hief2097.dll
c:\windows\6z29addware5305.ocx
c:\windows\6z5a5hreat95335.exe
c:\windows\6zca9h5eat15836.bin
c:\windows\7011st5a9z187.cpl
c:\windows\7199th5eatz104.bin
c:\windows\71c2thz5at9555.bin
c:\windows\7255spa9se3128z.exe
c:\windows\7325ztea9940.cpl
c:\windows\7335bazkdoo91598.dll
c:\windows\74a5sp9rse2z74.exe
c:\windows\7540w9rmz7e.cpl
c:\windows\7571zac5t9ol2f7.bin
c:\windows\7599virusz0b.bin
c:\windows\7664v9rz51d2.exe
c:\windows\773cs59warez000.ocx
c:\windows\77c8ad9waz51663.bin
c:\windows\784zsparse6529.dll
c:\windows\7930w5rm90bz.cpl
c:\windows\79649zo561f.bin
c:\windows\79za5parse1011.bin
c:\windows\7a55stzal8579.exe
c:\windows\7af9zt59l2901.ocx
c:\windows\7bf5thief2z93.exe
c:\windows\7c5ad9wnloadez2228.ocx
c:\windows\7c83s5ywa9z1405.cpl
c:\windows\7d2cspar9e5z9.dll
c:\windows\7d3ad9znloader9495.ocx
c:\windows\7d5athzef15699.exe
c:\windows\7ez5hief19.cpl
c:\windows\7z005hreat295529.ocx
c:\windows\7z879p526.ocx
c:\windows\8106not-a-95ruz81.dll
c:\windows\8189w95mz6c.cpl
c:\windows\84369zt-a-v5rus2ea.dll
c:\windows\8459n9t-a-vir5s19z.dll
c:\windows\8858sp59bz.cpl
c:\windows\88959py41fz.ocx
c:\windows\895vzrus4e5.cpl
c:\windows\8z02wor9395.bin
c:\windows\8z77n5t-a-virus39f.dll
c:\windows\90409py156z.bin
c:\windows\90544wozm7be.cpl
c:\windows\91394spy15z.exe
c:\windows\91z595cktool100.exe
c:\windows\920spyzb5.bin
c:\windows\93585spz638.cpl
c:\windows\935zsteal1519.ocx

descriptioninfected with winblue soft----stage after running combofix EmptyRe: infected with winblue soft----stage after running combofix

more_horiz
c:\windows\938azd5are895.ocx
c:\windows\94172t5oj5f1z.bin
c:\windows\9433downloader2255z.exe
c:\windows\9497downzoade53245.dll
c:\windows\94ecszeal5515.bin
c:\windows\94z63spy3cf5.dll
c:\windows\951spzrse1519.dll
c:\windows\95552virusz4.cpl
c:\windows\95699not-a5zirus629.cpl
c:\windows\95758hacktool3z4.dll
c:\windows\957zh5ck9ool150.dll
c:\windows\95f3threat2151z5.exe
c:\windows\96275not-a-viruz469.cpl
c:\windows\96365roz6fc9.cpl
c:\windows\964fzownloa5er601.cpl
c:\windows\96525tzoj5335.cpl
c:\windows\9765worz967.dll
c:\windows\98426spamzote55.dll
c:\windows\98546troz34c.cpl
c:\windows\989285pyz57.bin
c:\windows\98a6downlo5derz084.exe
c:\windows\98bz5r1963.cpl
c:\windows\98z0sp5rse1695.ocx
c:\windows\99805orm92z.bin
c:\windows\9995spy5b9z.dll
c:\windows\99a1bzckdoor24435.exe
c:\windows\99z5steal26985.dll
c:\windows\9a0zsparse6995.cpl
c:\windows\9a87backzoor1585.ocx
c:\windows\9bcs5yware156z.exe
c:\windows\9f7vir2759z.cpl
c:\windows\9z5525orm157.cpl
c:\windows\9z739irus635.cpl
c:\windows\9z851worm58b5.dll
c:\windows\a689zief1506.cpl
c:\windows\b5szyware1690.cpl
c:\windows\b64thief5419z.cpl
c:\windows\c39thr5at282z.ocx
c:\windows\d41backdo9r55z.ocx
c:\windows\ea4addwa9e50z.bin
c:\windows\ef9downzo9der21165.ocx
c:\windows\f51spyzare979.dll
c:\windows\ffaaddwa9e264z5.dll
c:\windows\system32\1019vir1z5.dll
c:\windows\system32\103279pz615.bin
c:\windows\system32\10750szam5otf9.bin
c:\windows\system32\10825zorm29c9.ocx
c:\windows\system32\1094wor539z.dll
c:\windows\system32\109cspywa5e21z3.dll
c:\windows\system32\10e75h9eat21z12.ocx
c:\windows\system32\10z71v5rus1d19.ocx
c:\windows\system32\11172t5oz93b.bin
c:\windows\system32\11244s5ambo937z.bin
c:\windows\system32\11502hac5t9zl69c.exe
c:\windows\system32\116439zru579c.cpl
c:\windows\system32\1194wozm557.exe
c:\windows\system32\1240sp5waze799.bin
c:\windows\system32\12579szy71d.exe
c:\windows\system32\12581hacktool4z9.cpl
c:\windows\system32\1270wzr96905.exe
c:\windows\system32\12z67spa9bot405.cpl
c:\windows\system32\13032s5ambo929dz.cpl
c:\windows\system32\1351do9nzoader1250.ocx
c:\windows\system32\13597spyz1d.dll
c:\windows\system32\1359zirus9d5.ocx
c:\windows\system32\13902worm1z59.cpl
c:\windows\system32\13957trzjaf.dll
c:\windows\system32\13z15troj199.cpl
c:\windows\system32\14082ha5ktoo91fz.exe
c:\windows\system32\142155ot-a-v9ruz2fc.dll
c:\windows\system32\14694spy549z.cpl
c:\windows\system32\14749hreatz6511.exe
c:\windows\system32\14772spambo5z90.dll
c:\windows\system32\1479zv5r9s159.bin
c:\windows\system32\148zvi95775.dll
c:\windows\system32\1496ha5ktoolzf9.dll
c:\windows\system32\14fat5zea915539.cpl
c:\windows\system32\15009sp927bz.cpl
c:\windows\system32\1513downzoa5er2699.bin
c:\windows\system32\15271worm95z.bin
c:\windows\system32\15297worm57dz.bin
c:\windows\system32\15376sp92fcz.cpl
c:\windows\system32\15585hzck5oo986.ocx
c:\windows\system32\15895z5rm10b.exe
c:\windows\system32\15925hazktool40f.ocx
c:\windows\system32\15999trojz5.dll
c:\windows\system32\16212z5o9517.bin
c:\windows\system32\16699iru531bz.exe
c:\windows\system32\17282zot9a5virus51c.dll
c:\windows\system32\17320spazb5t209.cpl
c:\windows\system32\17436not-a-v5ruz4f79.cpl
c:\windows\system32\1747z9o5-a-virus14d.bin
c:\windows\system32\17594zac9tool6125.bin
c:\windows\system32\175z9parse1010.cpl
c:\windows\system32\17z14sp95e5.ocx
c:\windows\system32\18395not-a-virus472z.dll
c:\windows\system32\1850downloaderz993.ocx
c:\windows\system32\18605vzrus39.cpl
c:\windows\system32\18758nzt-a5virus749.cpl
c:\windows\system32\18840spambo5zb99.cpl
c:\windows\system32\18898zot-a-virus235.exe
c:\windows\system32\1889hack9oo5612z.cpl
c:\windows\system32\1897395t-z-virusa1.dll
c:\windows\system32\1910859oj414z.dll
c:\windows\system32\1945troj45z.dll
c:\windows\system32\197z1no5-a-9irus5e8.cpl
c:\windows\system32\199d5zreat30058.bin
c:\windows\system32\19fspywa591z03.exe
c:\windows\system32\19z20not-a-virus519.dll
c:\windows\system32\1a53spar5e1z639.cpl
c:\windows\system32\1adz9ackdoor3568.exe
c:\windows\system32\1bf39teal5209z.ocx
c:\windows\system32\1c4es9eaz3156.dll
c:\windows\system32\1e13sp59sz1563.ocx
c:\windows\system32\1e43z5i9f8.bin
c:\windows\system32\1ez35ir7769.dll
c:\windows\system32\1fbz5ackdoor9244.exe
c:\windows\system32\1z369spy5e7.ocx
c:\windows\system32\1z70stea92545.cpl
c:\windows\system32\1zf4downloader5792.ocx
c:\windows\system32\20569worm6zb.cpl
c:\windows\system32\2082zpyw9re19085.bin
c:\windows\system32\209z0h5cktoo9702.ocx
c:\windows\system32\21845worm59z.exe
c:\windows\system32\21z009ir5sd5.dll
c:\windows\system32\21z3s9arse1575.ocx
c:\windows\system32\22229szy15a.ocx
c:\windows\system32\22319sp52zd.cpl
c:\windows\system32\22615s5z9bot36f.bin
c:\windows\system32\22696spamzot354.ocx
c:\windows\system32\22754noz-a-5irus995.bin
c:\windows\system32\2291zt5oj469.cpl
c:\windows\system32\2299add5a9z3055.dll
c:\windows\system32\22b9thze92550.cpl
c:\windows\system32\22f7spywar5z959.dll
c:\windows\system32\23035vizus904.cpl
c:\windows\system32\2365zhief914.cpl
c:\windows\system32\2436z5ot-a-v9rus6fe.ocx
c:\windows\system32\246z75py4829.ocx
c:\windows\system32\24a89a5kdoorz461.ocx
c:\windows\system32\24e3viz5059.dll
c:\windows\system32\25095zroj7e9.exe
c:\windows\system32\2529zp54bf.dll
c:\windows\system32\252ddownloadez9669.cpl
c:\windows\system32\25329hreat2z327.ocx
c:\windows\system32\25522spambo95bz5.ocx
c:\windows\system32\2561steal9z70.ocx
c:\windows\system32\2575vi5305z9.ocx
c:\windows\system32\25785hacktool291z.ocx
c:\windows\system32\25aaspyware4z9.ocx
c:\windows\system32\25c7sparze3298.ocx
c:\windows\system32\263z9hack5o9l49b.exe
c:\windows\system32\26513spambzt95f.cpl
c:\windows\system32\265589pazbot177.ocx
c:\windows\system32\2667zhac9tool68d5.exe
c:\windows\system32\26976hacktozl5c8.ocx
c:\windows\system32\26989no9-a-virus785z.dll
c:\windows\system32\274265pambot9az.cpl
c:\windows\system32\27754worzf39.cpl
c:\windows\system32\27d7zownl5ad9r2794.ocx
c:\windows\system32\2819downl5zder2922.cpl
c:\windows\system32\28519tr5j37ez.exe
c:\windows\system32\288835ot-z-virus57e9.cpl
c:\windows\system32\28965s95mboz170.bin
c:\windows\system32\292059zambot7cf5.bin
c:\windows\system32\2938thief592z.exe
c:\windows\system32\293zvi52419.exe
c:\windows\system32\2950bac5door709z.exe
c:\windows\system32\29875ddwaze632.ocx
c:\windows\system32\29975hac5zoo92.cpl
c:\windows\system32\2aa7downlozde9215.dll
c:\windows\system32\2z102spy7495.cpl
c:\windows\system32\2zas9eal25145.bin
c:\windows\system32\305435acktool2c9z.exe
c:\windows\system32\3083z95rus529.bin
c:\windows\system32\3087z9roj2fc5.ocx
c:\windows\system32\31085s9azbot63c.bin
c:\windows\system32\31133n5t-a-viru92z.ocx
c:\windows\system32\31340no5-a9virus5a3z.bin
c:\windows\system32\3206t5oj9z2.ocx
c:\windows\system32\320baddwzre11995.bin
c:\windows\system32\321a5ddwzre30439.dll
c:\windows\system32\32339wozm9095.cpl
c:\windows\system32\32564spazbo95905.dll
c:\windows\system32\32632zp5mbot75f9.bin
c:\windows\system32\32697not95-virus39z.bin
c:\windows\system32\32a5dowz9oader1993.bin
c:\windows\system32\33a55ddware97z.bin
c:\windows\system32\3509ba5kdoorz77.dll
c:\windows\system32\350aazdware6859.bin
c:\windows\system32\35czdownloader25239.ocx
c:\windows\system32\35f1thzea93599.dll
c:\windows\system32\3726vzru5249.dll
c:\windows\system32\3745spywarez93.ocx
c:\windows\system32\3759addwarez843.ocx
c:\windows\system32\3855sparse192z.bin
c:\windows\system32\38a6baczdoo51591.cpl
c:\windows\system32\3997downloader9z935.bin
c:\windows\system32\3aa5vir9z99.dll
c:\windows\system32\3cb4szar9e6865.ocx
c:\windows\system32\3d1595wzloader545.bin
c:\windows\system32\3d589parse393z.dll
c:\windows\system32\3d98s5azs9278.exe
c:\windows\system32\3de4a5dwarez9.cpl
c:\windows\system32\3e93backdoor5z93.bin
c:\windows\system32\3ebcadd5aze9233.exe
c:\windows\system32\3z1fbackd5or1309.cpl
c:\windows\system32\3z5cstea92043.cpl
c:\windows\system32\3z78not-a-vi95s14d.dll
c:\windows\system32\40bzb9ckdoor1925.bin
c:\windows\system32\40c8dowz59ader833.cpl
c:\windows\system32\4125trzj986.bin
c:\windows\system32\4413not-9zv5rusd8.ocx
c:\windows\system32\4493s5yware1z07.ocx
c:\windows\system32\44trzjc95.bin
c:\windows\system32\4519spambot4dz9.cpl
c:\windows\system32\457c9ir2z73.exe
c:\windows\system32\462ft9reat1z458.ocx
c:\windows\system32\463adow9loa5ez823.ocx
c:\windows\system32\4909backdzor29465.cpl
c:\windows\system32\491cbackdoor1955z.bin
c:\windows\system32\4958sza9se890.ocx
c:\windows\system32\4966addw5rz2959.cpl
c:\windows\system32\498ethief5z0.exe
c:\windows\system32\49z5steal2990.exe
c:\windows\system32\4d14addw5re157z9.bin
c:\windows\system32\4fd9zhief1905.ocx
c:\windows\system32\4z45thief579.exe
c:\windows\system32\50059ackdoorz125.exe
c:\windows\system32\501zvir9se5.dll
c:\windows\system32\5086w9rmz12.exe
c:\windows\system32\5095troz6995.exe
c:\windows\system32\50999not-a-virzs1d6.cpl
c:\windows\system32\50dzb59kdoor1469.exe
c:\windows\system32\5118zpam59t340.bin
c:\windows\system32\5153t9reatz8915.ocx
c:\windows\system32\51c7spy9zre2132.exe
c:\windows\system32\5202hackt5ol793z.cpl
c:\windows\system32\52259z9oj19a.cpl
c:\windows\system32\5260ztroj699.ocx
c:\windows\system32\52620noz-a-9irus49e.ocx
c:\windows\system32\52e0st5az3959.cpl
c:\windows\system32\530fthzef29599.dll
c:\windows\system32\53580vi9us17z.exe
c:\windows\system32\53598hzcktool7d3.ocx
c:\windows\system32\53599zr3225.bin
c:\windows\system32\53952spa9zotc9.cpl
c:\windows\system32\53dbspzware15569.cpl
c:\windows\system32\5419szy70c.exe
c:\windows\system32\5456ad9wzre2452.ocx
c:\windows\system32\549spywa9e161z.bin
c:\windows\system32\55579virus24ez.exe
c:\windows\system32\5559pambotfz.bin
c:\windows\system32\5564downloade926z.exe
c:\windows\system32\55770v9rus51z.cpl
c:\windows\system32\55afthzeat38999.ocx
c:\windows\system32\55b9spa9se2z28.bin
c:\windows\system32\562et9iez1588.bin
c:\windows\system32\56f7add9zre540.dll
c:\windows\system32\56z3vi931045.cpl
c:\windows\system32\57292tr9j4z.exe
c:\windows\system32\577dzackd9or2331.cpl
c:\windows\system32\5897zpy52e9.dll
c:\windows\system32\5909steal501z.bin
c:\windows\system32\59180spz509.cpl
c:\windows\system32\5938spambot1z9.exe
c:\windows\system32\59649trojza5.ocx
c:\windows\system32\5969spar5e1055z.bin
c:\windows\system32\596bthiefz820.cpl
c:\windows\system32\596z9teal1605.ocx
c:\windows\system32\59addware1656z.exe
c:\windows\system32\59bbz5dware922.bin
c:\windows\system32\59d3szarse1017.exe
c:\windows\system32\59fzstea52444.bin
c:\windows\system32\5a0cdownlzader1492.ocx
c:\windows\system32\5a1d95arsz972.dll
c:\windows\system32\5a1sp5zse629.dll

descriptioninfected with winblue soft----stage after running combofix EmptyRe: infected with winblue soft----stage after running combofix

more_horiz
c:\windows\system32\5a57spywarz2095.ocx
c:\windows\system32\5aa9thrz5t7973.dll
c:\windows\system32\5aathi591z56.ocx
c:\windows\system32\5af6downl95dzr1423.ocx
c:\windows\system32\5b1bbz9kdoo557.exe
c:\windows\system32\5b89hzef524.bin
c:\windows\system32\5bz7back5oor2239.dll
c:\windows\system32\5ce9a5dwar9z529.ocx
c:\windows\system32\5d0dadzwar91519.ocx
c:\windows\system32\5d39vzr2596.dll
c:\windows\system32\5d98tzief3297.ocx
c:\windows\system32\5dfaz5eal695.dll
c:\windows\system32\5e82bacz9oor5558.ocx
c:\windows\system32\5e9at5izf2266.dll
c:\windows\system32\5f0adow9loader3z91.bin
c:\windows\system32\5f7csp9war52402z.ocx
c:\windows\system32\5z56thr9at59992.bin
c:\windows\system32\5z99t5ie91211.dll
c:\windows\system32\5zathi9f1407.dll
c:\windows\system32\5zeevir15839.cpl
c:\windows\system32\62z1v953056.cpl
c:\windows\system32\6349n9t-a-virus55z.ocx
c:\windows\system32\6353vzr2947.dll
c:\windows\system32\6459thiez1250.exe
c:\windows\system32\6490do5nloazer3107.dll
c:\windows\system32\649av5r2131z.cpl
c:\windows\system32\64e5zteal2893.ocx
c:\windows\system32\6577d9wnloadzr1886.ocx
c:\windows\system32\6759not-a-vir9szb35.ocx
c:\windows\system32\689cspz5se290.ocx
c:\windows\system32\69189ackzoor2865.dll
c:\windows\system32\6929szea51296.bin
c:\windows\system32\692thief2572z.exe
c:\windows\system32\6968zot5a-virus189.ocx
c:\windows\system32\698zvi9530.cpl
c:\windows\system32\69f8spyware5325z.cpl
c:\windows\system32\69zcspywa5e2149.ocx
c:\windows\system32\6c0zback9oor520.dll
c:\windows\system32\6d09addwar519z9.ocx
c:\windows\system32\6d66thi5z9743.dll
c:\windows\system32\6dbc9hiefz524.dll
c:\windows\system32\6f40zpy59re1117.cpl
c:\windows\system32\714959yzcb.exe
c:\windows\system32\715zs9arse1557.bin
c:\windows\system32\729zvi9995.exe
c:\windows\system32\750spam9otza9.exe
c:\windows\system32\7550backdozr359.bin
c:\windows\system32\76dz9parse5932.bin
c:\windows\system32\77z9ir19145.exe
c:\windows\system32\7998vir2295z.dll
c:\windows\system32\79c6tzi5f1569.exe
c:\windows\system32\7bz79d5ware2170.cpl
c:\windows\system32\7c39backdozr5956.ocx
c:\windows\system32\7efs5ezl9552.exe
c:\windows\system32\7f0edoznload5r17989.exe
c:\windows\system32\7z665teal2290.cpl
c:\windows\system32\7z7espars516819.bin
c:\windows\system32\8510sp5mbot3zd9.ocx
c:\windows\system32\851vizus97.bin
c:\windows\system32\859znot-a-virus2a4.bin
c:\windows\system32\85z8spy698.exe
c:\windows\system32\877addw9rz1165.ocx
c:\windows\system32\904e5ir2z80.exe
c:\windows\system32\90737hack5oolzc1.dll
c:\windows\system32\90929sp5mbzt22a.bin
c:\windows\system32\9095z9y14d5.cpl
c:\windows\system32\90zvi52764.ocx
c:\windows\system32\9140spy356z.exe
c:\windows\system32\9142s5ezl1935.bin
c:\windows\system32\914viz5059.dll
c:\windows\system32\9151tzief2145.ocx
c:\windows\system32\9245spazbot516.cpl
c:\windows\system32\93435ir134z.bin
c:\windows\system32\94455szambot5f7.cpl
c:\windows\system32\9494spa5se2z69.exe
c:\windows\system32\94f9vir3z55.bin
c:\windows\system32\9504sp5rze2647.exe
c:\windows\system32\95922wormzb5.ocx
c:\windows\system32\9592troz7a1.bin
c:\windows\system32\95z7vir232.ocx
c:\windows\system32\95zcsteal105.bin
c:\windows\system32\9680z5rm3a49.ocx
c:\windows\system32\969vir1z50.ocx
c:\windows\system32\98558zirus51b.dll
c:\windows\system32\9a135irz26.dll
c:\windows\system32\9b2aaddware2354z.exe
c:\windows\system32\9c55backdozr2421.dll
c:\windows\system32\9e01thzeat51924.bin
c:\windows\system32\9ef0downlozder21965.ocx
c:\windows\system32\9fz45pyware347.dll
c:\windows\system32\9z515troj3a1.dll
c:\windows\system32\a8c5ddw9re74z.exe
c:\windows\system32\a965h9ezt30827.exe
c:\windows\system32\ad95tea9304z.ocx
c:\windows\system32\c5zv9r2607.cpl
c:\windows\system32\d119hief1056z.bin
c:\windows\system32\d56thie912z6.exe
c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
c:\windows\system32\e0threzt155119.dll
c:\windows\system32\e94steaz3059.dll
c:\windows\system32\ec5tzr5at10209.bin
c:\windows\system32\ecedz5nloader9953.ocx
c:\windows\system32\fa5spy9arz254.bin
c:\windows\system32\setup2.exe
c:\windows\system32\z0924hac9tool365.dll
c:\windows\system32\z150thief32479.ocx
c:\windows\system32\z17549pambot554.cpl
c:\windows\system32\z1c09teal519.ocx
c:\windows\system32\z256thre9t20952.exe
c:\windows\system32\z445s9eal914.exe
c:\windows\system32\z48thi9f503.cpl
c:\windows\system32\z5519spy175.dll
c:\windows\system32\z55spyware2985.cpl
c:\windows\system32\z5779teal1505.cpl
c:\windows\system32\z719backdoor15535.ocx
c:\windows\system32\z75tr9j558.bin
c:\windows\system32\z8807worm4995.bin
c:\windows\system32\z934thi5f1634.dll
c:\windows\system32\z951spam5ot395.ocx
c:\windows\system32\z98535py6c0.exe
c:\windows\system32\za95vir3151.cpl
c:\windows\system32\zb45sparse9646.dll
c:\windows\system32\ze4spa5s92472.ocx
c:\windows\system32\zf1av9r651.dll
c:\windows\z025ba5k9oor1415.exe
c:\windows\z03935py5c.exe
c:\windows\z0485hack5ool90c.ocx
c:\windows\z06as59rse2165.bin
c:\windows\z0965hacktoo540e.bin
c:\windows\z15969roj6b25.exe
c:\windows\z1903vir9s635.exe
c:\windows\z19hackto5lc9.bin
c:\windows\z1a5dd9are315.exe
c:\windows\z3315troj5a9.exe
c:\windows\z3341w95m4a9.dll
c:\windows\z4953sp95a.exe
c:\windows\z5173spy1b9.bin
c:\windows\z588steal19649.bin
c:\windows\z6584ha9kt5ol7e2.exe
c:\windows\z668s5amb9t592.dll
c:\windows\z699roj485.bin
c:\windows\z7301s593c1.dll
c:\windows\z747sp5759.ocx
c:\windows\z751backdoo914865.dll
c:\windows\z859steal2854.cpl
c:\windows\z9324spambot354.bin
c:\windows\z935spy1cd.bin
c:\windows\z958spars9959.bin
c:\windows\z99as5arse164.dll
c:\windows\zcc0s95al2241.cpl
c:\windows\zd09teal3530.ocx
c:\windows\zd0espy9ar51097.dll
c:\windows\zde9threat6952.cpl
c:\windows\zf29spyware18205.cpl
c:\windows\zfe9ad9war5977.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.

2009-06-05 02:00 . 2009-06-05 02:20 -------- d-s---w- \Combo-Fix
2009-06-05 01:48 . 2009-06-05 02:00 -------- d-----w- \Qoobox
2009-06-05 01:39 . 2009-06-05 01:40 -------- d-----w- C:\MGtools
2009-06-05 01:39 . 2009-06-05 01:40 -------- d-----w- \MGtools
2009-06-05 01:09 . 2009-06-05 01:16 3219193856 --sha-w- \hiberfil.sys
2009-06-04 21:31 . 2009-06-04 21:31 -------- d-----w- c:\program files\Trend Micro
2009-06-03 23:31 . 2009-06-03 23:31 -------- d-----w- c:\users\Jennifer\AppData\Roaming\Malwarebytes
2009-06-03 23:31 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 23:31 . 2009-06-03 23:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 23:31 . 2009-06-03 23:31 -------- d-----w- c:\programdata\Malwarebytes
2009-06-03 23:31 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 01:30 . 2009-06-03 01:30 10802 ----a-w- c:\windows\11663za5kto9ld.bin
2009-06-03 01:30 . 2009-06-03 01:30 -------- d-----w- c:\program files\WinBlueSoft Software
2009-05-23 13:52 . 2009-05-23 13:52 319488 ----a-w- c:\users\Jennifer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 02:18 . 2008-12-05 16:32 -------- d-----w- c:\users\Jennifer\AppData\Roaming\DNA
2009-06-05 01:17 . 2008-11-09 18:11 42524 ----a-w- c:\programdata\nvModes.dat
2009-06-05 01:16 . 2009-06-05 01:09 3219193856 --sha-w- \hiberfil.sys
2009-06-05 01:16 . 2008-05-09 05:03 3533000704 --sha-w- \pagefile.sys
2009-06-05 01:15 . 2008-05-08 21:39 2484 ----a-w- c:\windows\bthservsdp.dat
2009-06-05 01:12 . 2008-12-05 16:32 -------- d-----w- c:\program files\DNA
2009-06-04 21:02 . 2009-04-09 00:41 1356 ----a-w- c:\users\Jennifer\AppData\Local\d3d9caps.dat
2009-06-03 01:39 . 2008-05-08 22:24 -------- d-----w- c:\programdata\NVIDIA
2009-06-03 01:29 . 2008-12-06 16:54 -------- d-----w- c:\users\Jennifer\AppData\Roaming\BitTorrent
2009-05-25 04:58 . 2008-08-18 05:17 -------- d-----w- c:\users\Jennifer\AppData\Roaming\dvdcss
2009-05-13 12:42 . 2008-06-13 10:39 -------- d-----w- c:\programdata\Microsoft Help
2009-05-13 12:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-04-19 19:26 . 2009-04-19 19:26 -------- d-----w- c:\programdata\UIB
2009-04-14 09:56 . 2006-11-02 06:25 10 --sh--r- \config.sys
2009-04-11 15:16 . 2008-09-05 21:32 -------- d-----w- c:\program files\Sun
2009-04-11 08:50 . 2009-04-11 08:50 -------- d-----w- c:\users\Jennifer\AppData\Roaming\MaxiMenu-wizard.FDF52E4825EE6977D882DB325B1D78AE0E5DF3CF.1
2009-04-11 08:48 . 2009-04-11 08:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-11 08:47 . 2009-04-11 08:48 38208 ----a-w- c:\users\Jennifer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-04-10 01:50 . 2009-04-10 01:50 -------- d-----w- c:\program files\CDisplay
2009-03-24 23:33 . 2009-03-24 23:33 237264 ----a-w- c:\users\Jennifer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-03-17 03:38 . 2009-04-17 00:51 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 00:51 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-09 10:19 . 2008-12-15 02:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-04-01 15:52 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-01 15:53 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-01 15:53 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-01 15:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-01 15:52 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-01 15:52 132608 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-01 15:52 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-01 15:52 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-01 15:52 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-01 15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-01 15:53 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-01 15:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-01 15:53 66560 ----a-w- c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-01 15:52 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-01 15:53 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-01 15:53 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-01 15:52 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-01 15:53 156160 ----a-w- c:\windows\system32\msls31.dll
2008-05-08 22:00 . 2008-05-08 22:00 74 --sh--r- c:\windows\CT4CET.bin
2008-05-09 05:26 . 2008-05-09 05:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

descriptioninfected with winblue soft----stage after running combofix EmptyRe: infected with winblue soft----stage after running combofix

more_horiz
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 17:43 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 17:43 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"googletalk"="c:\users\Jennifer\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"BitTorrent DNA"="c:\users\Jennifer\Program Files\DNA\btdna.exe" [2008-12-18 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-09 96800]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-8 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-10-10 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 17:34 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6025C9DF-2A40-4BBD-9D82-35FE73B83083}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{A02F13E9-388D-44BF-8224-9BB8E048FA88}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{DAEF58AB-3E8D-4BCE-A2FD-9D0B332193E3}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{8576F54C-124E-40F0-9B5C-7A33528EAA47}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{F1E1C9BF-994D-4B22-9BC1-234A67F534E4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5ED5F912-3D8C-4E31-B291-0EA3E7168731}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AA1C157A-1B4D-49EA-9024-E5F969965FFE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{65568386-45B5-4D7E-A067-C3EA56D45600}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9AFD2BC9-EC2A-4BC4-968D-674946758A20}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{65874513-BCEF-4594-8B66-E18824EFE0FF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{42B82AF1-7784-4C05-BFF3-E9F84A1DB0BA}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{A94DF739-5DE2-4C6A-B793-BDA62443AA7E}c:\\program files\\java\\jre1.6.0_07\\bin\\java.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{15E14228-7529-4843-8601-066278EE1B62}c:\\program files\\java\\jre1.6.0_07\\bin\\java.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{120A4670-CA8C-4A4B-8688-490A12F77F8A}c:\\program files\\java\\jdk1.6.0_07\\bin\\java.exe"= UDP:c:\program files\java\jdk1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{6B0B09B0-66BC-4406-800D-A7682620EBAE}c:\\program files\\java\\jdk1.6.0_07\\bin\\java.exe"= TCP:c:\program files\java\jdk1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"{8D0D7F93-E1BC-4880-A90E-F67C7454620B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F4CE3D80-B895-4928-8DCF-0DF44631B977}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F2A222F7-CF0C-495D-A92D-6117690F4FFC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{12E660B1-03AF-4B3D-8F7D-1DE756917CE5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2DDF2B46-50ED-472B-BEAC-C2330ED368D5}"= UDP:c:\python25\python.exe:python
"{35EF3664-4FAF-47B2-9F6A-2B44992C1357}"= TCP:c:\python25\python.exe:python
"{4D4BB954-7ACE-44EE-A454-47362EC4C30A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{42781BA3-A662-434C-A993-B6904DE2BBC8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F2059D2A-1BA2-4D3F-BCC2-6642D5E5D46C}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{71591A39-64F9-4D93-ADD2-A8B1F810E707}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A4B83014-48CE-478E-B076-40C41CB1F62D}"= UDP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{3CBA0233-A85B-4145-8484-FF1E894E1AB4}"= TCP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{7B2198F3-CDCD-4752-B504-35F5E5378015}"= UDP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{03414F46-B5D4-4B1B-BBF3-21125206333A}"= TCP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{A47E619D-AC95-431D-B026-56A12A5241C3}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{428D0CB1-2DFC-44F0-A28F-501AAE915935}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{BEDAD5E9-101C-4561-84A2-7022D364A470}c:\\java\\jre6\\bin\\java.exe"= UDP:c:\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{4E02348E-EDB6-453A-BE0C-8F3C5B38ED69}c:\\java\\jre6\\bin\\java.exe"= TCP:c:\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{63E20E1F-54ED-4B87-A756-D4854A86FB99}c:\\java\\jdk1.6.0_12\\bin\\java.exe"= UDP:c:\java\jdk1.6.0_12\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{B5B658F5-2DE4-4241-BBD6-F75DA89AA802}c:\\java\\jdk1.6.0_12\\bin\\java.exe"= TCP:c:\java\jdk1.6.0_12\bin\java.exe:Java(TM) Platform SE binary
"{B2B2A6FE-BA05-4446-8BD8-04229CA2E6AB}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{17FB7C00-D6C0-4AC4-A80F-3C47B4D0C4D6}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{7CB6CCDA-4F68-40BA-9BF5-4DD157397545}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{A379A8F8-E200-4D21-909D-307D416F56E4}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

descriptioninfected with winblue soft----stage after running combofix EmptyRe: infected with winblue soft----stage after running combofix

more_horiz
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [08-05-2008 17:38 73728]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [09-05-2008 01:31 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [09-05-2008 01:31 7424]
S3 acfva;acfva;c:\windows\System32\drivers\ACFVA32.sys [09-05-2008 01:31 86656]
S3 dgcfltr;DGC Filter Driver;c:\windows\System32\drivers\ACFDCP32.sys [02-10-2008 09:31 28800]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [21-08-2008 22:52 31592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [03-06-2009 19:31 40160]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [09-05-2008 01:32 209408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648109016-2927722406-4171585430-1000.job
- c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 05:47]

2009-06-05 c:\windows\Tasks\User_Feed_Synchronization-{846C903F-7050-4808-B037-3BE14318C174}.job
- c:\windows\system32\msfeedssync.exe [2009-04-01 11:31]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\h6rpqrx9.default\
FF - plugin: c:\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Jennifer\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\Jennifer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Jennifer\Program Files\DNA\plugins\npbtdna.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 22:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000008785070484EEA4DE38 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2009-06-05 22:25
ComboFix-quarantined-files.txt 2009-06-05 02:25

Pre-Run: 165,955,612,672 bytes free
Post-Run: 167,245,066,240 bytes free

1017 --- E O F --- 2009-06-05 01:43

descriptioninfected with winblue soft----stage after running combofix EmptyRe: infected with winblue soft----stage after running combofix

more_horiz
thanks in advance

descriptioninfected with winblue soft----stage after running combofix EmptyRe: infected with winblue soft----stage after running combofix

more_horiz
Hello.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\11663za5kto9ld.bin

Folder::
c:\program files\WinBlueSoft Software
c:\users\Jennifer\AppData\Roaming\DNA
c:\users\Jennifer\AppData\Roaming\BitTorrent


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
infected with winblue soft----stage after running combofix Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

descriptioninfected with winblue soft----stage after running combofix EmptyRe: infected with winblue soft----stage after running combofix

more_horiz
Hi Belahzur,
my log now is:-

ComboFix 09-06-05.07 - Jennifer 06-06-2009 1:50.2 - NTFSx86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.91.1033.18.3069.1918 [GMT -4:00]
Running from: c:\users\Jennifer\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Jennifer\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\11663za5kto9ld.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinBlueSoft Software
c:\program files\WinBlueSoft Software\WinBlueSoft\main_config.xml
c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
c:\users\Jennifer\AppData\Roaming\BitTorrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\((CHRISTIAN MUSIC)PT) I Can Only Imagine - Ultimate Power Anthems Of The Christian Faith.1.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\((CHRISTIAN MUSIC)PT) I Can Only Imagine - Ultimate Power Anthems Of The Christian Faith.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\((CHRISTIAN MUSIC)PT) Newsboys - Go.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\((CHRISTIAN MUSIC)PT) Wow Hits 2007.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\(Audio Book) Arthur Golden - Memoirs of a Geisha (Unabridged).torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\(TMS) A History of Ancient Greece by Eric H. Cline.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\[DJ ICEMOON] 045 [HOUSE ELECTRO] 07.DEZ.08 [SE].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\[DJ ICEMOON] 070 [HOUSE DANCE TRIBAL GHETTO ELECTRO] 25.MAR.09 [SE].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\[Video Tutorial] Learn to play songs by ear never need sheet music again No prior knowledge needed..torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\03-27-09 Hip Hop Singles Djleak.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\100 Great 90's Commercial Dance and Techno Tunes.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\100 Greatest TV Themes.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\100 Years Of Cinema Music.1.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\100 Years Of Cinema Music.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\101 Trance Anthems 2008 6 CD.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\16 Children's Classics and Award Winners.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\2000-2006 Trance Singles (204 Tracks).torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\4 in a Field - Stand-up Comedy from the Glastonbury Festival - BBC Radio - cheops.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\8 Mile.avi.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\80's Movie Hits.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\A Briefer History of Time (Stephen Hawking) [NF].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\A Short History of Nearly Everything (Bill Bryson).torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\A Walk To Remember.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\albums.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\AmazingGrace.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Amity Shlaes.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Andrew Taylor - A Plum in Your Mouth.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Arabian Moods Instrumental.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Asian Hip-Hop+Dance Remixes R&B-Bhangra 2000-2009-XPLOSiON.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Atlas Shrugged.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Attacking Anxiety and Depression [Midwest Center for Stress and Anxiety].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Audio Books - Ten Minute Deep Relaxation.mp3.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Barack Obama - Dreams from my father.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Bee Movie[2007]DvDrip[Eng]-FXG.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Best Of March 09 - DG-Lito!.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Beyond Positive Thinking.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Bible, New Testament, The Gospels; Matthew, Mark, Luke, John [h33t][spooner].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Brian Tracy - Accelerated Learning Techniques.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Brian Tracy - Focal Point.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Brian Tracy - Make a Million.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Brian Tracy - Psychology of Achievement & Success.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\building a website with flash.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\C.S. Lewis - Mere Christianity.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Cafe Del Shtef - The Best.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Catch.Me.If.You.Can[ENG][DVDRip].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\CD1.Instrumental Music Best world s hits.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Charles Darwin - A Life.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Charles Darwin - The Origin of Species.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Charles Dickens - David Copperfield.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Charles Dickens - Three Short Stories.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Chris Taylor - Take Me Anywhere [2008].torrent

descriptioninfected with winblue soft----stage after running combofix EmptyRe: infected with winblue soft----stage after running combofix

more_horiz
c:\users\Jennifer\AppData\Roaming\BitTorrent\Chris Tomlin - 3 Albums.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Christmas Collection.1.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Christmas Collection.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Classic Christmas Movie & Animation MegaPack [ENG] AVI.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Clubland Xtreme Hardcore 5.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Dalai Lama-How to See Yourself as You Really Are.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Dance Pe Chance (Rab Ne Bana Di Jodi).torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Days of Thunder(1990DvDrip).AVI.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\dht.dat
c:\users\Jennifer\AppData\Roaming\BitTorrent\dht.dat.old
c:\users\Jennifer\AppData\Roaming\BitTorrent\Disney Greatest Love Songs (2008) - Zz.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Disney Movies Complete Collection and Pixar Classic Movies some Extra Movies.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\DJ Maxim - Energy.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\DJ NASTY EFX - Bashment Blends 2008.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Dostana ~ 2008 ~1 CD Rip ~ Xvid ~ AC3 [Team DNR].avi.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Finding.Nemo[2003]DvDrip[Eng]-CIA.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Hancock 2008.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Heartbeat-Greatest Love Songs - 2cds.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Hindi1.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\James Bond Quantum of Solace TS XviD Full English Audio_Sync Fixed v2 - Lynks.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Jim Reeves - 12 Songs Of Christmas.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Jim Reeves - A Christmas Star.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Jim Reeves - Don't Let me Cross Over.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Jim Reeves & Patsy Cline - Greatest Hits.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Keith Green.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Love actually (2003) [English]-MrLore.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\MADAGASCAR -ESCAPE 2 AFRICA@KIDZCORNER DVDRIP[ENG].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\MADAGASCAR 2.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Marco Polo - The Travels of Marco Polo (trans. by Thomas Wright) [3849] - yEnc Marco Polo - The Travels of Marco Polo (trans. by Thomas Wright).torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Mere Christianity - C. S. Lewis.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\MereChristianitybyCSLewis.pdf.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Michael Card.1.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Michael Card.2.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Michael Card.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Mr And Mrs Smith 2005 Xvid DVDRip [Eng] Multi Subs.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Naser Cheshmazar - Barane Eshgh (Rain of love).torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\New Folder.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\resume.dat
c:\users\Jennifer\AppData\Roaming\BitTorrent\resume.dat.old
c:\users\Jennifer\AppData\Roaming\BitTorrent\RnB Love Songs 2009 - Various(split tracks+covers).torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\rss.dat
c:\users\Jennifer\AppData\Roaming\BitTorrent\rss.dat.old
c:\users\Jennifer\AppData\Roaming\BitTorrent\Scripture songs.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\settings.dat
c:\users\Jennifer\AppData\Roaming\BitTorrent\settings.dat.old
c:\users\Jennifer\AppData\Roaming\BitTorrent\Speed Racer[2008]DvDrip[Eng]-FXG.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\SPIRIT[STALLION OF THE CIMARRON[DVDRIP][ENG]-kidscorner&J.T.R.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Spy Game Collector's Edition 2001 DvDrip[Eng]-greenbud1969.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Taare Zameen Par[2007]DvDrip[Hindi].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Terminator - Salvation [2009] [Eng] DvDrip.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\The All Time greatest Love Songs.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\The Basketball Diaries.avi.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\The Departed.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\The Passion of the Christ.avi.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\The Shawshank Redemption[1994]DvDrip[Eng]-FXG.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\The ultimate electro house set Bhaskar422 kicks ass.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Tim McGraw~Greatest Hits 3 (Mp3) (320Kbps) [owez77] [h33t].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\top 40.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Toy Story [DVDRip][1995][Eng][BugBunny].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Toy Story 2 [DVDRip][1999][Eng][BugBunny].torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\tuoitresoidong.com_V.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Twilight.[2008.English].TS.HQ.DivX-LTT.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\VA- Christmas Jukebox 2008.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\VA-Disney_Box_Office_Hits-2008-C4.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\VA-Hip_Hop_The_2009_Collection-2CD-2009-LiR.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\VA-X_Mas_Trance_Attack_2008-(DADXMAS002)-WEB-2008-wAx.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\WALT DISNEYS-PETER PAN 2 DISC [SPECIAL EDITION][DVDRIP][ENG]-kidzcorner.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\WALT DISNEYS ALADDIN [MUSICAL MASTERPIECE EDITION][FULL][DVDRIP][ENG]-kidzcorner.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\WALT DISNEYS DUMBO[special edition][dvdrip][eng] -kidzcorner.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\WALT DISNEYS LADY AND THE TRAMP[DVDRIP][ENG]-kidzcorner.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\WALT DISNEYS PINNOCHIO[DVDRIP][ENG]-kidzcorner.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\WALT DISNEYS SNOWHITE AND THE 7 DWARFS[DVDRIP][ENG]-kidzcorner.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\WALT DISNEYS[GREATEST HITS][3 CD BOX SET][320K]-kidzcorner.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Walt.Disney.Pack1.by.hiphop.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Walt.Disney.Pack4.by.hiphop.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Westlife - Back Home [2007][CD+SkidVid_XviD+Cov]192Kbps.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\What's.Eating.Gilbert.Grape[1993]DVDrip-PsyCoSys.torrent
c:\users\Jennifer\AppData\Roaming\BitTorrent\Wimbledon.torrent
c:\users\Jennifer\AppData\Roaming\DNA
c:\users\Jennifer\AppData\Roaming\DNA\dht.dat
c:\users\Jennifer\AppData\Roaming\DNA\dht.dat.old
c:\users\Jennifer\AppData\Roaming\DNA\dna.lng
c:\users\Jennifer\AppData\Roaming\DNA\resume.dat
c:\users\Jennifer\AppData\Roaming\DNA\resume.dat.old
c:\users\Jennifer\AppData\Roaming\DNA\rss.dat

descriptioninfected with winblue soft----stage after running combofix EmptyRe: infected with winblue soft----stage after running combofix

more_horiz
c:\users\Jennifer\AppData\Roaming\DNA\rss.dat.old
c:\users\Jennifer\AppData\Roaming\DNA\settings.dat
c:\users\Jennifer\AppData\Roaming\DNA\settings.dat.old
c:\windows\11663za5kto9ld.bin

.
((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
.

2009-06-06 06:00 . 2009-06-06 06:00 -------- d-----w- C:\temp
2009-06-06 06:00 . 2009-06-06 06:00 -------- d-----w- \temp
2009-06-06 05:48 . 2009-06-06 06:00 -------- d-s---w- \Combo-Fix
2009-06-05 01:48 . 2009-06-06 05:50 -------- d-----w- \Qoobox
2009-06-05 01:39 . 2009-06-05 01:40 -------- d-----w- C:\MGtools
2009-06-05 01:39 . 2009-06-05 01:40 -------- d-----w- \MGtools
2009-06-05 01:09 . 2009-06-06 02:40 3219193856 --sha-w- \hiberfil.sys
2009-06-04 21:31 . 2009-06-04 21:31 -------- d-----w- c:\program files\Trend Micro
2009-06-03 23:31 . 2009-06-03 23:31 -------- d-----w- c:\users\Jennifer\AppData\Roaming\Malwarebytes
2009-06-03 23:31 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 23:31 . 2009-06-03 23:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 23:31 . 2009-06-03 23:31 -------- d-----w- c:\programdata\Malwarebytes
2009-06-03 23:31 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-23 13:52 . 2009-05-23 13:52 319488 ----a-w- c:\users\Jennifer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 02:40 . 2008-11-09 18:11 42524 ----a-w- c:\programdata\nvModes.dat
2009-06-06 02:40 . 2009-06-05 01:09 3219193856 --sha-w- \hiberfil.sys
2009-06-06 02:40 . 2008-05-09 05:03 3533000704 --sha-w- \pagefile.sys
2009-06-05 22:10 . 2008-05-08 21:39 2484 ----a-w- c:\windows\bthservsdp.dat
2009-06-05 01:12 . 2008-12-05 16:32 -------- d-----w- c:\program files\DNA
2009-06-04 21:02 . 2009-04-09 00:41 1356 ----a-w- c:\users\Jennifer\AppData\Local\d3d9caps.dat
2009-06-03 01:39 . 2008-05-08 22:24 -------- d-----w- c:\programdata\NVIDIA
2009-05-25 04:58 . 2008-08-18 05:17 -------- d-----w- c:\users\Jennifer\AppData\Roaming\dvdcss
2009-05-13 12:42 . 2008-06-13 10:39 -------- d-----w- c:\programdata\Microsoft Help
2009-05-13 12:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-04-19 19:26 . 2009-04-19 19:26 -------- d-----w- c:\programdata\UIB
2009-04-14 09:56 . 2006-11-02 06:25 10 --sh--r- \config.sys
2009-04-11 15:16 . 2008-09-05 21:32 -------- d-----w- c:\program files\Sun
2009-04-11 08:50 . 2009-04-11 08:50 -------- d-----w- c:\users\Jennifer\AppData\Roaming\MaxiMenu-wizard.FDF52E4825EE6977D882DB325B1D78AE0E5DF3CF.1
2009-04-11 08:48 . 2009-04-11 08:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-11 08:47 . 2009-04-11 08:48 38208 ----a-w- c:\users\Jennifer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-04-10 01:50 . 2009-04-10 01:50 -------- d-----w- c:\program files\CDisplay
2009-03-24 23:33 . 2009-03-24 23:33 237264 ----a-w- c:\users\Jennifer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-03-17 03:38 . 2009-04-17 00:51 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 00:51 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-09 10:19 . 2008-12-15 02:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-04-01 15:52 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-01 15:53 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-01 15:53 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-01 15:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-01 15:52 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-01 15:52 132608 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-01 15:52 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-01 15:52 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-01 15:52 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-01 15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-01 15:53 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-01 15:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-01 15:53 66560 ----a-w- c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-01 15:52 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-01 15:53 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-01 15:53 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-01 15:52 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-01 15:53 156160 ----a-w- c:\windows\system32\msls31.dll
2008-05-08 22:00 . 2008-05-08 22:00 74 --sh--r- c:\windows\CT4CET.bin
2008-05-09 05:26 . 2008-05-09 05:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

descriptioninfected with winblue soft----stage after running combofix EmptyRe: infected with winblue soft----stage after running combofix

more_horiz
((((((((((((((((((((((((((((( SnapShot@2009-06-05_02.20.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-08 22:22 . 2009-06-05 01:18 58860 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-08 22:22 . 2009-06-06 02:42 58860 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-06 02:42 83830 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-23 04:52 . 2009-06-05 01:18 14626 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2648109016-2927722406-4171585430-1000_UserData.bin
+ 2008-05-23 04:52 . 2009-06-06 02:42 14626 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2648109016-2927722406-4171585430-1000_UserData.bin
- 2009-02-25 00:02 . 2009-06-02 22:53 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
+ 2009-02-25 00:02 . 2009-06-05 21:49 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
- 2008-05-22 13:33 . 2009-06-05 01:18 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-22 13:33 . 2009-06-06 02:40 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-25 00:02 . 2009-06-05 21:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
- 2009-02-25 00:02 . 2009-06-02 22:53 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2008-05-22 13:33 . 2009-06-06 02:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-22 13:33 . 2009-06-05 01:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-25 00:02 . 2009-06-05 21:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
- 2009-02-25 00:02 . 2009-06-02 22:53 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
- 2008-05-22 13:33 . 2009-06-05 01:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-22 13:33 . 2009-06-06 02:40 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-05 01:16 . 2009-06-05 01:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-06 02:40 . 2009-06-06 02:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-05 01:16 . 2009-06-05 01:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-06 02:40 . 2009-06-06 02:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-06-06 02:45 603282 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-05 01:21 603282 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-05 01:21 106696 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-06 02:45 106696 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:22 . 2009-06-05 03:24 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-06-05 01:43 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 17:43 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 17:43 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"googletalk"="c:\users\Jennifer\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"BitTorrent DNA"="c:\users\Jennifer\Program Files\DNA\btdna.exe" [2008-12-18 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-19 227840]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-09 96800]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-8 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-10-10 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 17:34 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6025C9DF-2A40-4BBD-9D82-35FE73B83083}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{A02F13E9-388D-44BF-8224-9BB8E048FA88}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{DAEF58AB-3E8D-4BCE-A2FD-9D0B332193E3}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{8576F54C-124E-40F0-9B5C-7A33528EAA47}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{F1E1C9BF-994D-4B22-9BC1-234A67F534E4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5ED5F912-3D8C-4E31-B291-0EA3E7168731}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AA1C157A-1B4D-49EA-9024-E5F969965FFE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{65568386-45B5-4D7E-A067-C3EA56D45600}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9AFD2BC9-EC2A-4BC4-968D-674946758A20}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{65874513-BCEF-4594-8B66-E18824EFE0FF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{42B82AF1-7784-4C05-BFF3-E9F84A1DB0BA}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{A94DF739-5DE2-4C6A-B793-BDA62443AA7E}c:\\program files\\java\\jre1.6.0_07\\bin\\java.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{15E14228-7529-4843-8601-066278EE1B62}c:\\program files\\java\\jre1.6.0_07\\bin\\java.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{120A4670-CA8C-4A4B-8688-490A12F77F8A}c:\\program files\\java\\jdk1.6.0_07\\bin\\java.exe"= UDP:c:\program files\java\jdk1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{6B0B09B0-66BC-4406-800D-A7682620EBAE}c:\\program files\\java\\jdk1.6.0_07\\bin\\java.exe"= TCP:c:\program files\java\jdk1.6.0_07\bin\java.exe:Java(TM) Platform SE binary
"{8D0D7F93-E1BC-4880-A90E-F67C7454620B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F4CE3D80-B895-4928-8DCF-0DF44631B977}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F2A222F7-CF0C-495D-A92D-6117690F4FFC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{12E660B1-03AF-4B3D-8F7D-1DE756917CE5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

descriptioninfected with winblue soft----stage after running combofix EmptyRe: infected with winblue soft----stage after running combofix

more_horiz
"{2DDF2B46-50ED-472B-BEAC-C2330ED368D5}"= UDP:c:\python25\python.exe:python
"{35EF3664-4FAF-47B2-9F6A-2B44992C1357}"= TCP:c:\python25\python.exe:python
"{4D4BB954-7ACE-44EE-A454-47362EC4C30A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{42781BA3-A662-434C-A993-B6904DE2BBC8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F2059D2A-1BA2-4D3F-BCC2-6642D5E5D46C}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{71591A39-64F9-4D93-ADD2-A8B1F810E707}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A4B83014-48CE-478E-B076-40C41CB1F62D}"= UDP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{3CBA0233-A85B-4145-8484-FF1E894E1AB4}"= TCP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{7B2198F3-CDCD-4752-B504-35F5E5378015}"= UDP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{03414F46-B5D4-4B1B-BBF3-21125206333A}"= TCP:c:\users\Jennifer\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{A47E619D-AC95-431D-B026-56A12A5241C3}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{428D0CB1-2DFC-44F0-A28F-501AAE915935}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{BEDAD5E9-101C-4561-84A2-7022D364A470}c:\\java\\jre6\\bin\\java.exe"= UDP:c:\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{4E02348E-EDB6-453A-BE0C-8F3C5B38ED69}c:\\java\\jre6\\bin\\java.exe"= TCP:c:\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{63E20E1F-54ED-4B87-A756-D4854A86FB99}c:\\java\\jdk1.6.0_12\\bin\\java.exe"= UDP:c:\java\jdk1.6.0_12\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{B5B658F5-2DE4-4241-BBD6-F75DA89AA802}c:\\java\\jdk1.6.0_12\\bin\\java.exe"= TCP:c:\java\jdk1.6.0_12\bin\java.exe:Java(TM) Platform SE binary
"{B2B2A6FE-BA05-4446-8BD8-04229CA2E6AB}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{17FB7C00-D6C0-4AC4-A80F-3C47B4D0C4D6}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{7CB6CCDA-4F68-40BA-9BF5-4DD157397545}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{A379A8F8-E200-4D21-909D-307D416F56E4}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [08-05-2008 17:38 73728]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [09-05-2008 01:31 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [09-05-2008 01:31 7424]
S3 acfva;acfva;c:\windows\System32\drivers\ACFVA32.sys [09-05-2008 01:31 86656]
S3 dgcfltr;DGC Filter Driver;c:\windows\System32\drivers\ACFDCP32.sys [02-10-2008 09:31 28800]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [21-08-2008 22:52 31592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [03-06-2009 19:31 40160]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [09-05-2008 01:32 209408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2648109016-2927722406-4171585430-1000.job
- c:\users\Jennifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 05:47]

2009-06-06 c:\windows\Tasks\User_Feed_Synchronization-{846C903F-7050-4808-B037-3BE14318C174}.job
- c:\windows\system32\msfeedssync.exe [2009-04-01 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\h6rpqrx9.default\
FF - plugin: c:\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Jennifer\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\Jennifer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Jennifer\Program Files\DNA\plugins\npbtdna.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 02:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2009-06-06 2:03
ComboFix-quarantined-files.txt 2009-06-06 06:03
ComboFix2.txt 2009-06-05 02:25

Pre-Run: 167,540,502,528 bytes free
Post-Run: 167,434,240,000 bytes free

445 --- E O F --- 2009-06-05 01:43

descriptioninfected with winblue soft----stage after running combofix EmptyRe: infected with winblue soft----stage after running combofix

more_horiz
thx so much for ur help....

descriptioninfected with winblue soft----stage after running combofix EmptyRe: infected with winblue soft----stage after running combofix

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum