winblue still winning

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

winblue still winning5th June 2009, 7:36 pm

Hello,
My vista has been affected by this winbluesoft virus. i tried using ur instructions of downloading mbam an removing it, at the end of search it showed two registry value files that were effected n i clicked on remove/fix it tab and after that i restarted my computer on my own mbam didnt prompt me to do it....but after i start again the problem still exists. What should be done now. Plz help me guys.

Waiting for ur reply.

Re: winblue still winning5th June 2009, 7:41 pm

Please download the current version of HijackThis from HERE

Double click and run the installer.
It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
After installing, you should get the user agreement, press accept and Hijack This will run.
Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
winblue still winning DXwU4

Re: winblue still winning5th June 2009, 7:47 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:02, on 05/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Users\Harpreet's\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\System32\setup2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Harpreet's\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [setup2.exe] C:\WINDOWS\System32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/AccountingPlayer.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.tvucricket.com/player/vjocx-en-black.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10668 bytes

Re: winblue still winning5th June 2009, 7:50 pm

Hello.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKCU\..\Run: [setup2.exe] C:\WINDOWS\System32\setup2.exe
Press "Fix Checked"
Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: winblue still winning5th June 2009, 8:11 pm

Malwarebytes' Anti-Malware 1.37
Database version: 2234
Windows 6.0.6001 Service Pack 1

05/06/2009 21:09:35
mbam-log-2009-06-05 (21-09-35).txt

Scan type: Quick Scan
Objects scanned: 78684
Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

there was no dis-infection found by mbam nor it demanded for a re-start.
Hope the problem is solved. I would also like to ask you bout your recommendation for a good antivirus.

Re: winblue still winning5th June 2009, 8:15 pm

Hello.
This infection drops a 100-200 files on your machine, that does nothing but waste space technically, I want to see if this infection is present on your machine.

Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2
Double click DDS.scr to run.
When complete, two logs will open. Save both of the report to your Desktop.
Copy and paste DDS.txt back here, I don't need to see attach.txt.

Re: winblue still winning5th June 2009, 8:33 pm

how to post dds.txt error shows too long to be posted any other option ??

Re: winblue still winning5th June 2009, 8:35 pm

Split it up into more than one post.

Re: winblue still winning5th June 2009, 8:36 pm

DDS (Ver_09-05-14.01) - NTFSx86
Run by Harpreet's at 21:23:24.16 on 05/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft

Windows Vista

Home Premium 6.0.6001.1.1252.44.1033.18.2814.1822 [GMT 1:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Users\Harpreet's\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\servicing\TrustedInstaller.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Harpreet's\Downloads\dds.scr

Re: winblue still winning5th June 2009, 8:42 pm

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PCSync2.exe" /NoDialog
uRun: [BitTorrent DNA] "c:\users\harpreet's\program files\dna\btdna.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 6\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
StartupFolder: c:\users\harpre~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.tvucricket.com/player/vjocx-en-black.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\harpre~1\appdata\roaming\mozilla\firefox\profiles\5izviq7s.default\
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\harpreet's\program files\dna\plugins\npbtdna.dll

============= SERVICES / DRIVERS ===============

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\hp\quickplay\000.fcl [2009-4-10 59376]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-12 361808]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104328]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-12 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S2 vvdsvc;VJVodClientServices;c:\windows\system32\svchost.exe -k vvdsvc [2008-1-21 21504]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]

Re: winblue still winning5th June 2009, 8:43 pm

=============== Created Last 30 ================

2009-06-05 17:53 --d----- c:\users\harpre~1\appdata\roaming\Malwarebytes
2009-06-05 17:53 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 17:53 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-05 17:53 --d----- c:\programdata\Malwarebytes
2009-06-05 17:53 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 17:53 --d----- c:\progra~2\Malwarebytes
2009-06-05 16:16 81,984 a------- c:\windows\system32\bdod.bin
2009-06-05 15:59 --d----- c:\users\harpre~1\appdata\roaming\BitDefender
2009-06-05 15:59 --d----- C:\Binaries
2009-06-05 15:58 --d----- c:\programdata\BitDefender
2009-06-05 15:58 --d----- c:\program files\BitDefender
2009-06-05 15:58 --d----- c:\progra~2\BitDefender
2009-06-05 15:10 --d----- c:\program files\Trend Micro
2009-06-05 15:04 --d----- c:\program files\SpywareBlaster
2009-06-05 14:20 18,348 a------- c:\windows\5zd5steal902.cpl
2009-06-05 12:51 --d----- c:\programdata\SITEguard
2009-06-05 12:51 --d----- c:\progra~2\SITEguard
2009-06-05 12:49 --d----- c:\program files\common files\iS3
2009-06-05 12:49 --d----- c:\programdata\STOPzilla!
2009-06-05 12:49 --d----- c:\progra~2\STOPzilla!
2009-06-05 07:38 6,424 a------- c:\windows\system32\5a15downlozd9r1352.bin
2009-06-05 03:32 --d----- c:\program files\AVG
2009-06-05 03:26 276,625,542 a------- c:\windows\MEMORY.DMP
2009-06-04 04:47 16,413 a------- c:\windows\965z05acktool62a.cpl
2009-06-03 02:45 15,329 a------- c:\windows\system32\f859ownzoader26995.exe
2009-06-02 12:13 --d----- c:\users\harpre~1\appdata\roaming\WildTangent
2009-05-25 21:15 6,771 a------- c:\windows\1b135ir339z.cpl
2009-05-25 02:10 7,185 a------- c:\windows\system32\16z15worm5295.dll
2009-05-24 23:00 5,436 a------- c:\windows\system32\22291hzc59ool530.cpl
2009-05-24 18:05 a-d----- c:\programdata\Temp
2009-05-23 23:58 5,621 a------- c:\windows\3d549hrzat17502.bin
2009-05-23 07:37 9,530 a------- c:\windows\system32\3z09threat27052.exe
2009-05-22 19:46 14,375 a------- c:\windows\system32\z9e8sp59se1665.dll
2009-05-22 05:16 10,179 a------- c:\windows\system32\79zdst5al9108.exe
2009-05-20 22:16 5,606 a------- c:\windows\zb939parse14305.exe
2009-05-20 04:54 15,030 a------- c:\windows\4691not-a9vzru55f.bin
2009-05-19 16:04 2,657 a------- c:\windows\system32\16a09py5zre522.exe
2009-05-17 17:56 8,441 a------- c:\windows\system32\6zads9e5l520.dll
2009-05-17 06:50 8,549 a------- c:\windows\15z5vi91719.ocx
2009-05-15 17:52 9,171 a------- c:\windows\29077not-a5zirus3e49.dll
2009-05-14 00:13 15,545 a------- c:\windows\system32\55665spyz19.dll
2009-05-13 07:02 16,180 a------- c:\windows\6zc5vir3193.exe
2009-05-12 02:37 12,364 a------- c:\windows\system32\94ddvi5z996.cpl
2009-05-10 22:38 2,978 a------- c:\windows\system32\11851zir95e5.cpl
2009-05-10 12:23 8,566 a------- c:\windows\4baat5i9f8z.ocx
2009-05-09 23:21 14,807 a------- c:\windows\962sp5rsz1341.bin
2009-05-09 19:38 --d----- c:\program files\VirtualDJ
2009-05-08 20:27 11,847 a------- c:\windows\system32\4zcd9ir5460.dll
2009-05-07 19:15 12,792 a------- c:\windows\43zd9hief523.cpl
2009-05-07 00:27 12,328 a------- c:\windows\790fbackdoor22z5.exe

==================== Find3M ====================

2009-06-05 16:00 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-05 16:00 86,016 a------- c:\windows\inf\infstor.dat
2009-06-05 16:00 51,200 a------- c:\windows\inf\infpub.dat
2009-06-05 14:20 17,675 a------- c:\windows\53468hacz9ool333.dll
2009-06-05 03:07 16,429 a------- c:\windows\2590not-a-zi95s5c2.bin
2009-06-05 03:06 28,314 a------- c:\programdata\nvModes.dat
2009-06-05 03:06 28,314 a------- c:\progra~2\nvModes.dat
2009-05-06 17:08 13,597 a------- c:\windows\system32\41z5thief4509.exe
2009-05-06 16:33 3,204 a------- c:\windows\9a8zvir8005.bin
2009-05-05 21:50 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-05 21:50 183,112 a------- c:\windows\system32\PnkBstrB.exe
2009-05-05 20:25 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-05-04 13:20 13,626 a------- c:\windows\31811h95ztool4e3.dll
2009-05-03 17:27 16,094 a------- c:\windows\system32\4z95threat17682.bin
2009-05-02 01:58 5,952 a------- c:\windows\205eth9ezt15416.exe
2009-04-26 04:37 3,001 a------- c:\windows\system32\3f92threatz9561.dll
2009-04-23 04:58 16,313 a------- c:\windows\22031v59zs66a.exe
2009-04-22 22:25 18,142 a------- c:\windows\935zspam9ot19d.exe
2009-04-21 12:31 12,253 a------- c:\windows\4a97zt9al1005.exe
2009-04-20 17:58 16,908 a------- c:\windows\system32\5952s9ealz595.dll
2009-04-20 06:31 18,035 a------- c:\windows\system32\1a975ackdooz1177.dll
2009-04-19 08:40 8,032 a------- c:\windows\3653sp9rse1z86.bin
2009-04-19 06:15 16,053 a------- c:\windows\system32\5fefthi9f1z03.bin
2009-04-18 11:19 8,450 a------- c:\windows\2z99steal2578.exe
2009-04-17 18:27 10,945 a------- c:\windows\1za5threat8913.dll
2009-04-12 20:49 10,997 a------- c:\windows\system32\6025thief129z9.dll
2009-04-09 05:28 6,040 a------- c:\windows\system32\z1525not-a-virus449.exe
2009-04-08 23:30 6,090 a------- c:\windows\system32\5900viz53.bin
2009-04-07 18:09 4,972 a------- c:\windows\system32\z6509ddware5500.bin
2009-03-31 17:53 56 a---h--- c:\programdata\ezsidmv.dat
2009-03-31 17:53 56 a---h--- c:\progra~2\ezsidmv.dat
2009-03-31 15:35 17,160 a------- c:\windows\help\oem\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 17:30 17,160 a------- c:\windows\help\oem\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-28 12:37 12,313 a------- c:\windows\56088spzmbo9528.dll
2009-03-28 10:37 7,953 a------- c:\windows\27246spam9oz5395.dll
2009-03-26 10:28 16,804 a------- c:\windows\7c99d5wnlzader552.exe
2009-03-25 19:53 16,645 a------- c:\windows\system32\6cd2v5r909z.exe
2009-03-23 13:21 32 a------- c:\programdata\ezsid.dat
2009-03-23 13:21 32 a------- c:\progra~2\ezsid.dat
2009-03-20 02:18 9,027 a------- c:\windows\system32\2z79hackto9l26d5.exe
2009-03-18 07:10 2,983 a------- c:\windows\system32\4c9zvi52299.dll
2009-03-18 05:43 6,344 a------- c:\windows\304z9ddw5re2525.exe
2009-03-17 04:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 04:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 04:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-14 10:26 15,368 a------- c:\windows\z843a5d9are813.bin
2009-03-13 11:52 17,936 a------- c:\windows\system32\5cz8backdoor31569.dll
2009-03-09 12:20 9,334 a------- c:\windows\z9274spambo57b3.bin
2009-03-09 06:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 12:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 12:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 12:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 12:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 12:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 12:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 12:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 12:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 12:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 12:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 12:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 12:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 12:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 12:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 12:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 12:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 12:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 12:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 11:40 11,603 a------- c:\windows\16560worm9z1.dll
2009-03-08 01:30 3,949 a------- c:\windows\system32\cd7z5ea91081.exe
2008-08-12 05:40 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:24:54.77 ===============

Re: winblue still winning5th June 2009, 8:50 pm

Hello.
Yep, there's the bunch of random files wasting your HD space. But worse than that, you also have another infection.
We have to go deeper.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV. (BitDefender)
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: winblue still winning5th June 2009, 9:34 pm

ComboFix 09-06-05.03 - Harpreet's 05/06/2009 22:04.1 - NTFSx86
Microsoft

Windows Vista

Home Premium 6.0.6001.1.1252.44.1033.18.2814.1745 [GMT 1:00]
Running from: c:\users\Harpreet's\Desktop\Combo-Fix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Windows Live\Messenger\msnmsgr.exe
c:\program files\Yahoo!\Messenger\YahooMessenger.exe
c:\windows\101985py6fz9.bin
c:\windows\10395acktozl2679.ocx
c:\windows\110609ot5a-viruz2fe.dll
c:\windows\1127spywarz995.dll
c:\windows\11d69az5door1291.exe
c:\windows\11z58w9rm22b5.dll
c:\windows\12206spamz9t5cb.dll
c:\windows\12217vi95s5z1.exe
c:\windows\12251vi5zs192.ocx
c:\windows\12429h5ckzool79e.dll
c:\windows\12455t9alz10.cpl
c:\windows\12831spamzot195.exe
c:\windows\12924v5rus65z.bin
c:\windows\1335sp5warez94.dll
c:\windows\134205pyz39.bin
c:\windows\13553wo9mz17.ocx
c:\windows\13578not-9-5iruz1de.exe
c:\windows\13908tr5j41az.ocx
c:\windows\141z5spambot2295.exe
c:\windows\14269z9rm64b5.ocx
c:\windows\1437spyza959.dll
c:\windows\14585hrez932620.bin
c:\windows\14z7down9oader2325.cpl
c:\windows\15121wz9m33c.ocx
c:\windows\151319zoj52c.dll
c:\windows\151fadd9aze3038.ocx
c:\windows\15322worm34z9.ocx
c:\windows\15453spy5z59.bin
c:\windows\154downlozder956.dll
c:\windows\15582trzj97c.ocx
c:\windows\155b9hrzat10172.exe
c:\windows\15996zpy29a.bin
c:\windows\15997troj5z4.dll
c:\windows\15z3backdoor9035.cpl
c:\windows\15z5vi91719.ocx
c:\windows\15z81s9y79f.ocx
c:\windows\16560worm9z1.dll
c:\windows\166699izus15f.cpl
c:\windows\16958spambot95z.bin
c:\windows\171065ack9ool4z1.bin
c:\windows\17109szy590.ocx
c:\windows\172099ackt5ol44az.exe
c:\windows\17993zackt5o910f.exe
c:\windows\1809woz55ad.ocx
c:\windows\18122vir5s3z9.exe
c:\windows\184165irus59ez.bin
c:\windows\189vi5uz144.exe
c:\windows\18fabackd95z982.dll
c:\windows\18z09r5j3fb.dll
c:\windows\19277s5yz9f.ocx
c:\windows\19298spamzot1845.exe
c:\windows\19346spa5boz578.cpl
c:\windows\19363trz915.ocx
c:\windows\19367t95j5za.bin
c:\windows\194545pamzot13f.dll
c:\windows\1995worm201z.exe
c:\windows\199athief1599z.cpl
c:\windows\19z3ha9kt5ol5e6.dll
c:\windows\19z725py11b.bin
c:\windows\1afbsz5rse32519.bin
c:\windows\1b135ir339z.cpl

Re: winblue still winning5th June 2009, 9:34 pm

c:\windows\1d25spyware9095z.bin
c:\windows\1e57add5are1z91.dll
c:\windows\1ffdow9loader1z635.dll
c:\windows\1z029tr95740.cpl
c:\windows\1z1s5eal19.exe
c:\windows\1z6755orm6219.bin
c:\windows\1z75downl9ade52849.cpl
c:\windows\1z834not5a-virus9ac.ocx
c:\windows\1za5threat8913.dll
c:\windows\1zbdspyw9re5549.dll
c:\windows\1zdes5eal592.bin
c:\windows\2039dow5load9z2608.dll
c:\windows\203cspyw5rez4019.dll
c:\windows\205eth9ezt15416.exe
c:\windows\20941sp97z5.ocx
c:\windows\20z05hac9to5l756.exe
c:\windows\21fcdownloa9ez5887.cpl
c:\windows\22031v59zs66a.exe
c:\windows\22061viruz5979.bin
c:\windows\220z35pamb9t17b.ocx
c:\windows\22523no9-a-vi5us60z.dll
c:\windows\22544nzt9a-virusad.dll
c:\windows\2259zspambot21b9.dll
c:\windows\22687hack9zo5689.cpl
c:\windows\22975worm5az9.ocx
c:\windows\23254hacz5ool599.exe
c:\windows\23459vir59z4a.ocx
c:\windows\23572not9z-vi5us427.ocx
c:\windows\2395hacktool52z.cpl
c:\windows\23b35ackzoor9033.cpl
c:\windows\2470vzr29495.dll
c:\windows\2479sp5zar92855.ocx
c:\windows\2485ba5kdoor9294z.cpl
c:\windows\24929n5t9z-virus4cb.exe
c:\windows\249549zrm7f4.ocx
c:\windows\24957not-9-v5rus666z.bin
c:\windows\249z3worm6295.cpl
c:\windows\25265not-a-viru92zd.bin
c:\windows\2562ztroj55b9.cpl
c:\windows\256ftzrea919443.dll
c:\windows\2590not-a-zi95s5c2.bin
c:\windows\2595tz5eat15420.exe
c:\windows\2599py26z.dll
c:\windows\26066wo95z83.cpl
c:\windows\26162noz-a-vir9s251.ocx
c:\windows\2616sp59sz279.bin
c:\windows\2619z95m5d2.dll
c:\windows\26759tz5954a.bin
c:\windows\27246spam9oz5395.dll
c:\windows\27350sp95bot4dz.bin
c:\windows\27523wzrm3cc9.cpl
c:\windows\275fvi9z071.bin
c:\windows\28352w9rm21z.dll
c:\windows\29077not-a5zirus3e49.dll
c:\windows\29099hackto5lz39.ocx
c:\windows\29202s5amb9z76c.bin
c:\windows\2950zorm60d.cpl
c:\windows\29525spambot2z4.bin
c:\windows\29552zp5198.exe
c:\windows\2956v9z5846.exe
c:\windows\29658zr5jc1.cpl
c:\windows\2980zackdoor2505.exe
c:\windows\2ade5parse200z9.bin
c:\windows\2d9dsp9rsz15.bin
c:\windows\2ez9downl5ader17509.ocx
c:\windows\2f53add9are27z95.bin
c:\windows\2f81backdoo512z9.ocx
c:\windows\2z582hac9tool55f.cpl
c:\windows\2z592troj6fe9.dll
c:\windows\2z99steal2578.exe
c:\windows\304z9ddw5re2525.exe
c:\windows\308fzackdoor599.cpl
c:\windows\30991not-a-virus59dz.dll
c:\windows\31335t5oj9c8z.exe
c:\windows\31431trz5469.cpl
c:\windows\31435pywa9e1648z.ocx
c:\windows\31529sp9mb5t3d9z.bin
c:\windows\31628zirus5589.ocx
c:\windows\31811h95ztool4e3.dll
c:\windows\31z93spy57.bin
c:\windows\31zct9reat15992.cpl
c:\windows\32503spam5z95c9.ocx
c:\windows\32bzad9wa5e2222.exe
c:\windows\32cdzo9nloade51069.bin
c:\windows\32z16not-5-v9rus674.exe
c:\windows\3398download5r176z.cpl
c:\windows\33e9bzc5door32319.bin
c:\windows\34b1add5arez739.exe
c:\windows\3506zpyware197.ocx
c:\windows\35194spambzt7c.dll
c:\windows\353zstea91500.bin
c:\windows\35c1virz8889.dll
c:\windows\3653sp9rse1z86.bin
c:\windows\36d9ir155z.dll
c:\windows\375daddwarz2495.exe
c:\windows\3856s5e9z1254.ocx
c:\windows\3898zorm5a.exe
c:\windows\393zvi52809.dll
c:\windows\3980addwar93z59.ocx
c:\windows\3c7est9alz95.exe
c:\windows\3d3z9i5237.ocx
c:\windows\3d549hrzat17502.bin
c:\windows\3e5fthr9z515721.ocx
c:\windows\3ef8d59nloader1138z.dll
c:\windows\3f2zspars5389.cpl
c:\windows\3f92spyw5ze2985.ocx
c:\windows\3fdbd9wnlozder509.ocx
c:\windows\3z91backdoor14755.exe
c:\windows\404fsparsz2975.dll
c:\windows\40bcaddw9re315z.exe
c:\windows\40zdv951750.dll
c:\windows\4194not-a-viru955bz.ocx
c:\windows\421d5hrea910168z.dll
c:\windows\4229addwaze11529.exe
c:\windows\43z3hackt5ol3be9.bin
c:\windows\43zd9hief523.cpl
c:\windows\44a5st9al2z16.dll
c:\windows\453zthi5f7569.dll
c:\windows\461as5ywa9e1z43.bin
c:\windows\4671no5-z-vir9s7ce.cpl
c:\windows\4691not-a9vzru55f.bin
c:\windows\486zs5am9ot4c6.exe
c:\windows\4959virus2dz.cpl
c:\windows\49dado9nloade5z54.exe
c:\windows\49e7addwa5e2399z.exe
c:\windows\4a95parse219z.ocx
c:\windows\4a97zt9al1005.exe
c:\windows\4b55downloade997z.exe
c:\windows\4baat5i9f8z.ocx
c:\windows\4d189aczd5or2585.exe
c:\windows\4de6thzeat536939.bin
c:\windows\4e3ca5dware29z0.exe
c:\windows\4f5eb5c9doorz810.ocx
c:\windows\4za5thief8949.bin
c:\windows\4zf0thie529889.bin
c:\windows\50391tr9jz64.cpl
c:\windows\5045notza-vir9s455.ocx
c:\windows\5050wor9z2.ocx
c:\windows\50527zpy609.ocx
c:\windows\5095zir95b9.exe
c:\windows\50z67spy1819.bin
c:\windows\512abackdoo91535z.ocx
c:\windows\515zt9reat4150.bin
c:\windows\519z5ir1307.cpl
c:\windows\523fd5wnzoader2159.bin
c:\windows\52995acktozl90e.exe
c:\windows\52e9steal259z.dll
c:\windows\52z6s9ambot179.dll
c:\windows\5315spa9sz1658.bin
c:\windows\53468hacz9ool333.dll
c:\windows\542dthr5at192z8.bin
c:\windows\54395virzs5c8.exe
c:\windows\5450tr9j7zd.ocx
c:\windows\5493szambot9a.exe
c:\windows\54b4addw9rez965.cpl
c:\windows\555z9r904.dll
c:\windows\5577zhreat5983.dll
c:\windows\5596threzt31693.bin
c:\windows\5598downloazer795.exe
c:\windows\55b9sp9rs51584z.ocx
c:\windows\55z2stea92783.exe
c:\windows\55z63h9cktoolb6.cpl
c:\windows\55z8bac9d5or712.bin
c:\windows\56088spzmbo9528.dll
c:\windows\56bdsze9l875.ocx
c:\windows\5764zpyware1299.exe
c:\windows\57699spambot7bz.dll
c:\windows\5784vi519z9.dll
c:\windows\57easpar5e90z8.exe
c:\windows\5832thie99z5.exe
c:\windows\586add9are3050z.cpl
c:\windows\589899pambotzbb.cpl
c:\windows\59022trojz00.ocx
c:\windows\59031not9a-virusz7c.cpl
c:\windows\59304virus5bz.bin
c:\windows\59379w9rz3.ocx
c:\windows\595e9teal19z4.bin
c:\windows\595zdownloader804.ocx
c:\windows\59769ot-a-virus5z4.exe
c:\windows\59c4vir15z.exe
c:\windows\59f4z5ief3084.ocx
c:\windows\5a4aszarse489.exe
c:\windows\5a92backdoo51z149.exe
c:\windows\5afdsteaz25295.bin
c:\windows\5b25vi9801z.ocx
c:\windows\5b52st5al918z.dll
c:\windows\5b5bzownlo9der1450.dll
c:\windows\5b5ct9rea5z203.bin
c:\windows\5b5f5zeal994.bin
c:\windows\5d41do9zloa5er2680.cpl
c:\windows\5e02sp9rse17z95.cpl
c:\windows\5e29backd5orz521.bin
c:\windows\5eb7d9znload5r1961.exe
c:\windows\5fd5sparse97z9.exe
c:\windows\5z1e5teal2599.bin
c:\windows\5z2359arse1270.bin
c:\windows\5zd5steal902.cpl
c:\windows\6006hz9kt5ol6e.ocx
c:\windows\655zspar5e2692.exe
c:\windows\675z9py350.cpl
c:\windows\6855bac9zoor153.cpl
c:\windows\6899s5ezl756.ocx
c:\windows\6959hackto5l3c2z.ocx
c:\windows\69785parsez749.ocx
c:\windows\6985virz499.dll
c:\windows\6990vizus559.ocx
c:\windows\69z5b9c5door2497.cpl
c:\windows\6b09vz51068.exe
c:\windows\6bf45h9eat31374z.dll

Re: winblue still winning5th June 2009, 9:35 pm

c:\windows\6d1spy9are155z.cpl
c:\windows\6ddf5pywarz3915.exe
c:\windows\6e1backdoor295z.cpl
c:\windows\6z09worm256.bin
c:\windows\6z15vir9166.exe
c:\windows\6zc5vir3193.exe
c:\windows\6zccvi91517.dll
c:\windows\704add95ze767.ocx
c:\windows\7068vzru57d9.ocx
c:\windows\7159vz5us5be.dll
c:\windows\71a6sp59arz762.cpl
c:\windows\72129ddwarz1592.cpl
c:\windows\7371thzea925584.dll
c:\windows\74z5ste5l3298.dll
c:\windows\7593t9oj5zc.dll
c:\windows\759virz796.exe
c:\windows\75f25hzeat6199.dll
c:\windows\762fadzw95e2926.cpl
c:\windows\7662zownlo59er1557.exe
c:\windows\7775spy9z4.ocx
c:\windows\7818ste5l93z0.cpl
c:\windows\7874zr9524e.bin
c:\windows\78z6vir3529.bin
c:\windows\790fbackdoor22z5.exe
c:\windows\799azir3985.ocx
c:\windows\79d1thizf14559.cpl
c:\windows\7a529hzef2258.dll
c:\windows\7c7a95ywarz818.exe
c:\windows\7c92a5dwa9z2601.ocx
c:\windows\7c99d5wnlzader552.exe
c:\windows\7cfb5o9nloadzr1982.cpl
c:\windows\7d7czpa5se16069.cpl
c:\windows\7e259dzware437.cpl
c:\windows\7fb5back5o9r506z.bin
c:\windows\7z4c5ackdo9r579.ocx
c:\windows\7za9t5reat21589.ocx
c:\windows\8345spy7z9.exe
c:\windows\8501virus9bez.ocx
c:\windows\8647trz590a.cpl
c:\windows\8856spazb9t205.exe
c:\windows\901eazdware5525.cpl
c:\windows\90225pyzc3.dll
c:\windows\90528not-a-vi5zs6d3.ocx
c:\windows\90964sz566a.cpl
c:\windows\90f65pyware16z0.bin
c:\windows\910675ozm60c.ocx
c:\windows\91135hacktooz5405.cpl
c:\windows\9255steal282z.dll
c:\windows\92724not-a-virus35z.exe
c:\windows\9291troj755z.ocx
c:\windows\92z0w5rm5be.exe
c:\windows\935zspam9ot19d.exe
c:\windows\936z5irus7e5.exe
c:\windows\93744spamz5t2b0.ocx
c:\windows\93766spazbot255.exe
c:\windows\93d8downloade51829z.exe
c:\windows\93z6tr9538.ocx
c:\windows\9497h9zktool354.dll
c:\windows\95645pambot9c2z.ocx
c:\windows\95665iruz6ad.exe
c:\windows\959zroj739.bin
c:\windows\95cbzte5l959.dll
c:\windows\95e5sparsz423.cpl
c:\windows\962sp5rsz1341.bin
c:\windows\964zworm25c.dll
c:\windows\965z05acktool62a.cpl
c:\windows\9679spambot65z5.ocx
c:\windows\96b4backdozr2455.exe
c:\windows\9720szy5555.bin
c:\windows\97789ot-a-vi5usz4d.exe
c:\windows\97d2spzrse24485.dll
c:\windows\98351hazktool221.cpl
c:\windows\98745p9mbotz7d.bin
c:\windows\987szamb95500.bin
c:\windows\9960s5y682z.exe
c:\windows\99685zacktool2cb.cpl
c:\windows\9990trzj7925.ocx
c:\windows\99eaddwaze1959.bin
c:\windows\9a7zsteal850.cpl
c:\windows\9a8zvir8005.bin
c:\windows\9d75downloadez2256.dll
c:\windows\9e04threat3251z.dll
c:\windows\9f0ba9kdoor2z50.dll
c:\windows\a6zt9i5f1835.bin
c:\windows\a95spywar5z969.exe
c:\windows\b5avir2809z.cpl
c:\windows\b98th59zt22806.cpl
c:\windows\ceczparse5729.ocx
c:\windows\e2dztea9652.exe
c:\windows\e51downlzader26419.cpl
c:\windows\e59vzr2022.ocx
c:\windows\f51viz1290.bin
c:\windows\system32\10059virz9292.bin
c:\windows\system32\100989pazbot507.ocx
c:\windows\system32\1162ste5911z8.exe
c:\windows\system32\116thiefz9445.exe
c:\windows\system32\11851zir95e5.cpl
c:\windows\system32\1225ztr5j759.cpl
c:\windows\system32\12313zir9s35b.ocx
c:\windows\system32\126559irzs5e.exe
c:\windows\system32\1295viruz454.bin
c:\windows\system32\12e19ddwzre20145.ocx
c:\windows\system32\133339ackzo5l58b.dll
c:\windows\system32\1344zvirus35c9.ocx
c:\windows\system32\1386bac9d5or1128z.bin
c:\windows\system32\145265ozm91b.ocx
c:\windows\system32\14557spyz98.exe
c:\windows\system32\1497v5rz938.bin
c:\windows\system32\149819zoj258.ocx
c:\windows\system32\14994spambot6ze5.ocx
c:\windows\system32\15089zeal585.cpl
c:\windows\system32\1555vi9115z.ocx
c:\windows\system32\15575t9oj7dz.ocx
c:\windows\system32\155d9wnloadez2952.exe
c:\windows\system32\157z2vi9us210.bin
c:\windows\system32\15932trzj5c.ocx
c:\windows\system32\159dsteaz2997.exe
c:\windows\system32\15f3backdz9r2277.cpl
c:\windows\system32\15zdo9nloa5er471.exe
c:\windows\system32\1670zvir9s6db5.dll
c:\windows\system32\16a09py5zre522.exe
c:\windows\system32\16e9downlo5dez2665.dll
c:\windows\system32\16z15worm5295.dll
c:\windows\system32\1705ztr9j81.bin
c:\windows\system32\17105pa9bot5dz.dll
c:\windows\system32\1717sparz95973.bin
c:\windows\system32\1759zteal1068.dll
c:\windows\system32\17855spz66a9.exe
c:\windows\system32\18013no9-5-virus271z.dll
c:\windows\system32\18615v9ruz45f.cpl
c:\windows\system32\18959spz45.ocx
c:\windows\system32\19062spy765z.cpl
c:\windows\system32\191505roz929.exe
c:\windows\system32\19487troj1z65.dll
c:\windows\system32\19570szam5ot2ed.cpl
c:\windows\system32\195z5acktoole59.cpl
c:\windows\system32\19662not-a-v5zus3309.cpl
c:\windows\system32\19856spambot1z3.ocx
c:\windows\system32\19efbac5door159z.exe
c:\windows\system32\1a975ackdooz1177.dll
c:\windows\system32\1cd9downlozder951.bin
c:\windows\system32\1cf8thie5297z.ocx
c:\windows\system32\1ddestea59183z.cpl
c:\windows\system32\1e99tzief1015.cpl
c:\windows\system32\1f06s5ea9z412.dll
c:\windows\system32\1z05troj6599.exe
c:\windows\system32\1z190hackto95636.ocx
c:\windows\system32\1z24threa58939.cpl
c:\windows\system32\1z394vi95s284.cpl
c:\windows\system32\205e5azkdoo93259.cpl
c:\windows\system32\20754worm7z9.ocx
c:\windows\system32\212z09ro53d3.ocx
c:\windows\system32\21519virus7za.exe
c:\windows\system32\21551sp934dz.dll
c:\windows\system32\21564wo5mz92.exe
c:\windows\system32\21989zi5us585.bin
c:\windows\system32\21f5s9arsz2559.cpl
c:\windows\system32\22291hzc59ool530.cpl
c:\windows\system32\22559s9yz33.cpl
c:\windows\system32\22935wor940z5.dll
c:\windows\system32\22ac9pyware2235z.exe
c:\windows\system32\23221not-a-z5r9s2c4.bin
c:\windows\system32\23515not-a95irzs645.dll
c:\windows\system32\237979rojz675.bin
c:\windows\system32\23991sp9485z.cpl
c:\windows\system32\24165zor577f9.bin
c:\windows\system32\24197not-azviru5722.bin
c:\windows\system32\2425ha9ktzol75e.dll
c:\windows\system32\24655tzoj69c5.ocx
c:\windows\system32\246edownlozd5r1739.bin
c:\windows\system32\24759notza-virus7e19.exe
c:\windows\system32\25112n9t-a-virus665z.bin
c:\windows\system32\25208virz53239.dll
c:\windows\system32\255995orz7aa.dll
c:\windows\system32\25957not-a9vizus5e9.bin
c:\windows\system32\25z49spambot75e9.ocx
c:\windows\system32\260zdownloader95575.bin
c:\windows\system32\26311spazbot6975.cpl
c:\windows\system32\26ebs9z5se1356.dll
c:\windows\system32\27099zpy605.ocx
c:\windows\system32\27182not9a-virus49z5.bin
c:\windows\system32\275f5hreatz7099.dll
c:\windows\system32\28194tr9z465.cpl
c:\windows\system32\282689acktooz15f.ocx
c:\windows\system32\28551wo9m3cz5.cpl
c:\windows\system32\2879059rz36d.ocx
c:\windows\system32\29120not-a-9i5usz59.bin
c:\windows\system32\294225irus5zf.cpl
c:\windows\system32\295z5h5cktool198.dll
c:\windows\system32\2964559oj6dz.cpl
c:\windows\system32\29e19hrzat59707.cpl
c:\windows\system32\29rzj580.exe
c:\windows\system32\29z4thief5987.exe
c:\windows\system32\29z99troj505.ocx
c:\windows\system32\2c69vzr1845.cpl
c:\windows\system32\2ca6s9ezl5235.bin
c:\windows\system32\2e93adzware5384.cpl
c:\windows\system32\2ea8spy5zre943.ocx
c:\windows\system32\2f45backdo9r7z7.bin
c:\windows\system32\2f5eaddwar9247z.exe
c:\windows\system32\2fd9thzeat21355.ocx
c:\windows\system32\2z236tro973e5.cpl
c:\windows\system32\2z28spars5965.bin
c:\windows\system32\2z79hackto9l26d5.exe

Re: winblue still winning5th June 2009, 9:35 pm

c:\windows\system32\30121hack9o5l2ez.exe
c:\windows\system32\309589rzj533.ocx
c:\windows\system32\30e5dzwnload9r3008.cpl
c:\windows\system32\30z69sp539f.ocx
c:\windows\system32\31228hackzool7529.exe
c:\windows\system32\314z1worm9a5.bin
c:\windows\system32\32280szambot9c5.ocx
c:\windows\system32\32308noz-a9viru5237.dll
c:\windows\system32\32549troj7zc.exe
c:\windows\system32\32738zr594f9.bin
c:\windows\system32\32f2s5eal274z9.exe
c:\windows\system32\3320sz57ef9.ocx
c:\windows\system32\33a8z5yware2942.bin
c:\windows\system32\33e9threa5z1995.exe
c:\windows\system32\3455w59m289z.exe
c:\windows\system32\35048ziru9717.ocx
c:\windows\system32\352thiefz915.cpl
c:\windows\system32\3530spambot5zf9.dll
c:\windows\system32\3555steaz1923.cpl
c:\windows\system32\356zt9ief9.exe
c:\windows\system32\3599zddware5139.bin
c:\windows\system32\35z5h9cktoo51.ocx
c:\windows\system32\3759downzoader859.cpl
c:\windows\system32\379fsteal5z5.ocx
c:\windows\system32\390985roz455.exe
c:\windows\system32\390zd5wnloader2295.bin
c:\windows\system32\3923thizf5641.dll
c:\windows\system32\3925not-azvir5s5f4.cpl
c:\windows\system32\394sp5rsez740.dll
c:\windows\system32\3953spyware259z.dll
c:\windows\system32\395bthrz9t31181.exe
c:\windows\system32\39745w5rz521.cpl
c:\windows\system32\39853spamboz57e5.ocx
c:\windows\system32\3deaspywar5z549.ocx
c:\windows\system32\3ebeste9l17z65.bin
c:\windows\system32\3f92threatz9561.dll
c:\windows\system32\3z09threat27052.exe
c:\windows\system32\3z25steal1952.cpl
c:\windows\system32\3z2backdoo5989.ocx
c:\windows\system32\3z399tro925f.dll
c:\windows\system32\400spam9oz35e.cpl
c:\windows\system32\404b9parse1z55.ocx
c:\windows\system32\41z5thief4509.exe
c:\windows\system32\4207zot9a-5irus5ae.cpl
c:\windows\system32\4242spazbo920c5.ocx
c:\windows\system32\42c1add9arz1245.cpl
c:\windows\system32\4526s9zware85.ocx
c:\windows\system32\454cbackdoorz094.dll
c:\windows\system32\455zthief29649.exe
c:\windows\system32\497espy5arez222.cpl
c:\windows\system32\49azd9wnloade5313.ocx
c:\windows\system32\4a8fb9czdoor505.exe
c:\windows\system32\4b25t5rzat29744.cpl
c:\windows\system32\4bb0spa5ze23149.exe
c:\windows\system32\4c18vir54z79.cpl
c:\windows\system32\4c65zt9al1589.cpl
c:\windows\system32\4c9zvi52299.dll
c:\windows\system32\4ca9baczdoo5283.cpl
c:\windows\system32\4cdasteal35z9.cpl
c:\windows\system32\4cf9virz564.exe
c:\windows\system32\4ed5zackdoor3938.cpl
c:\windows\system32\4z95threat17682.bin
c:\windows\system32\4zcd9ir5460.dll
c:\windows\system32\5078troj9dz.exe
c:\windows\system32\5142spam95t5z5.cpl
c:\windows\system32\51599ownloader195z.exe
c:\windows\system32\5199vzrus795.dll
c:\windows\system32\51de9ackdoor29z7.cpl
c:\windows\system32\51e9bzck9oor5317.dll
c:\windows\system32\51fzhief17549.dll
c:\windows\system32\52b4adz9are5794.cpl
c:\windows\system32\52dbb9ckdoor3z085.bin
c:\windows\system32\530zadd9are2935.bin
c:\windows\system32\5323trzj1559.exe
c:\windows\system32\535zst95l1684.exe
c:\windows\system32\53e99hreat7942z.cpl
c:\windows\system32\5426baczdo592906.ocx
c:\windows\system32\54659azkdoor249.dll
c:\windows\system32\5539vzr17715.cpl
c:\windows\system32\555zw9rm3cf.cpl
c:\windows\system32\55665spyz19.dll
c:\windows\system32\5589spazbot54.cpl
c:\windows\system32\55959pywarz2725.dll
c:\windows\system32\5595vir2z14.ocx
c:\windows\system32\55975zroj459.bin
c:\windows\system32\559ackdoorz072.cpl
c:\windows\system32\5649virzs2395.ocx
c:\windows\system32\5669w5rz2969.exe
c:\windows\system32\5694downzoader28295.ocx
c:\windows\system32\56z98troj304.exe
c:\windows\system32\5700dow5l9azer2956.dll
c:\windows\system32\57bdstzal97895.bin
c:\windows\system32\584addw59e15z7.ocx
c:\windows\system32\58814w9zm10c.dll
c:\windows\system32\58e6v9r1z425.ocx
c:\windows\system32\5900viz53.bin
c:\windows\system32\591289ormz10.exe
c:\windows\system32\5941threat288z5.cpl
c:\windows\system32\5945sparse1z50.dll
c:\windows\system32\5952s9ealz595.dll
c:\windows\system32\59bdstezl19909.cpl
c:\windows\system32\59z5troj597.dll
c:\windows\system32\5a15downlozd9r1352.bin
c:\windows\system32\5az95ir3952.dll
c:\windows\system32\5b5faddware2983z.ocx
c:\windows\system32\5c0ds9zal38.ocx
c:\windows\system32\5c3adown9oazer2653.cpl
c:\windows\system32\5c49th9ef895z.dll
c:\windows\system32\5c86spa9s5z136.exe
c:\windows\system32\5cazsparse9163.ocx
c:\windows\system32\5cz8backdoor31569.dll
c:\windows\system32\5daa9te5l197z.bin
c:\windows\system32\5ddza9dware1965.bin
c:\windows\system32\5dfespars93z275.exe
c:\windows\system32\5e96addwaze1598.cpl
c:\windows\system32\5f7azhief559.cpl
c:\windows\system32\5f9cthrza98950.cpl
c:\windows\system32\5fd6addwzre14925.ocx
c:\windows\system32\5fefthi9f1z03.bin
c:\windows\system32\5z25vir8049.ocx
c:\windows\system32\5z4949py58b.dll
c:\windows\system32\5z55spy3595.dll
c:\windows\system32\5z59spars51865.exe
c:\windows\system32\5z61virus9e5.cpl
c:\windows\system32\5z8este951545.exe
c:\windows\system32\5za5th9ef1877.exe
c:\windows\system32\6025thief129z9.dll
c:\windows\system32\612dbzckdoor5092.bin
c:\windows\system32\617b5h9eatz2758.ocx
c:\windows\system32\61aebackdo59104z.cpl
c:\windows\system32\63fb95arse6z2.dll
c:\windows\system32\6490spamzot65a9.ocx
c:\windows\system32\6592spywaze3535.ocx
c:\windows\system32\65d39ackdoorz614.ocx
c:\windows\system32\6605s5arse911z.bin
c:\windows\system32\679zvir5s651.dll
c:\windows\system32\682btzr9at32375.ocx
c:\windows\system32\6852th9zat26570.exe
c:\windows\system32\685bdoz9loa5er913.cpl
c:\windows\system32\687759ywarz2387.bin
c:\windows\system32\6923viz1225.dll
c:\windows\system32\6926spywar53035z.dll
c:\windows\system32\6949th9e574z.bin
c:\windows\system32\6959not-azvirus48a.bin
c:\windows\system32\6972szarse2251.exe
c:\windows\system32\6b6fbac95ooz2199.exe
c:\windows\system32\6cd2v5r909z.exe
c:\windows\system32\6czthre9t24065.ocx
c:\windows\system32\6d5dszars53209.cpl
c:\windows\system32\6f5zt5ief2095.dll
c:\windows\system32\6fa6th5ez9442.ocx
c:\windows\system32\6z1fdownloade92925.dll
c:\windows\system32\6z89addw9re24075.ocx
c:\windows\system32\6zads9e5l520.dll
c:\windows\system32\7009spy5arz9564.cpl
c:\windows\system32\729fzteal586.ocx
c:\windows\system32\72z5threat39683.dll
c:\windows\system32\7394azdware805.ocx
c:\windows\system32\74b7s5ywar9172z.cpl
c:\windows\system32\759aviz22969.bin
c:\windows\system32\76a3dow5load9r1z13.dll
c:\windows\system32\7712sze59637.exe
c:\windows\system32\78zaspy5are3902.bin
c:\windows\system32\793zviru54db.dll
c:\windows\system32\7949wor57z.bin
c:\windows\system32\79zdst5al9108.exe
c:\windows\system32\7b55s9zal2711.bin
c:\windows\system32\7f17backdoz521079.cpl
c:\windows\system32\7f7fste9l1z55.cpl
c:\windows\system32\7fz3steal25395.bin
c:\windows\system32\8109spa9bot596z.exe
c:\windows\system32\82129pyz5c.bin
c:\windows\system32\8509sp995z.ocx
c:\windows\system32\85fadzware9242.ocx
c:\windows\system32\87z5iru97ed.cpl
c:\windows\system32\87z9sp9mb5t51b.bin
c:\windows\system32\9025tzo9195.ocx
c:\windows\system32\90808vizus598.ocx
c:\windows\system32\9251vi9zs4d5.exe
c:\windows\system32\925astealz609.cpl
c:\windows\system32\9299not-a-virus1z45.ocx
c:\windows\system32\92d6za5kdoor823.bin
c:\windows\system32\93athief1057z.bin
c:\windows\system32\94ddvi5z996.cpl
c:\windows\system32\9514spambo59zf.ocx
c:\windows\system32\9547backdoorz942.ocx
c:\windows\system32\9593wozm3d95.ocx
c:\windows\system32\9595trz9272.dll
c:\windows\system32\9598bacz5oor1023.bin
c:\windows\system32\95ddz5reat5555.dll
c:\windows\system32\95fspywaze687.ocx
c:\windows\system32\96085azktool98.cpl
c:\windows\system32\96436spyzde5.dll
c:\windows\system32\9655zteal659.ocx
c:\windows\system32\965zvi5us920.exe
c:\windows\system32\96b7zhreat5267.ocx
c:\windows\system32\9729zroj9885.cpl
c:\windows\system32\9770b5ckdoorz902.ocx
c:\windows\system32\98cf5parse23z1.ocx
c:\windows\system32\9e5spyw9re1587z.bin
c:\windows\system32\9fbaddwa9e53z.bin
c:\windows\system32\9z9spars52714.ocx
c:\windows\system32\9zf5vir1405.exe
c:\windows\system32\a84addzare1925.exe
c:\windows\system32\bzb5ddware789.cpl
c:\windows\system32\c0esp5r9e97z.cpl
c:\windows\system32\cd7z5ea91081.exe
c:\windows\system32\czs5ywar9235.exe
c:\windows\system32\d175ddzare1297.dll
c:\windows\system32\d49vir9z5.cpl
c:\windows\system32\dc5viz28579.exe

Re: winblue still winning5th June 2009, 9:36 pm

c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
c:\windows\system32\Drivers\sptd.sys
c:\windows\system32\f41dow9zoader32235.ocx
c:\windows\system32\f76st5al2869z.exe
c:\windows\system32\f859ownzoader26995.exe
c:\windows\system32\ff9spa9sz2570.dll
c:\windows\system32\setup2.exe
c:\windows\system32\z1069virus453.bin
c:\windows\system32\z1525not-a-virus449.exe
c:\windows\system32\z1909tea52773.cpl
c:\windows\system32\z219bac5do9r1962.ocx
c:\windows\system32\z2645hacktool92.exe
c:\windows\system32\z3525spy9f5.bin
c:\windows\system32\z3575spa9bot323.cpl
c:\windows\system32\z3911spy859.exe
c:\windows\system32\z45bsparse5966.exe
c:\windows\system32\z558tr9jda.dll
c:\windows\system32\z5884spy19.ocx
c:\windows\system32\z597s9e5l1747.exe
c:\windows\system32\z6509ddware5500.bin
c:\windows\system32\z699t5oj38.ocx
c:\windows\system32\z7587hacktoo9651.exe
c:\windows\system32\z779spywar52335.cpl
c:\windows\system32\z929h5cktool95.bin
c:\windows\system32\z92cthie5145.exe
c:\windows\system32\z94fthreat4415.cpl
c:\windows\system32\z9535hief837.ocx
c:\windows\system32\z9e8sp59se1665.dll
c:\windows\z02155o9m25f.exe
c:\windows\z08485orm9c7.exe
c:\windows\z251ha9k5ool406.cpl
c:\windows\z34a95dware415.cpl
c:\windows\z4c29hief5450.bin
c:\windows\z4c39hie52969.dll
c:\windows\z505thief393.cpl
c:\windows\z5130spy39e.ocx
c:\windows\z516wo9m54b.exe
c:\windows\z5380hacktool559.ocx
c:\windows\z5906tro91d5.cpl
c:\windows\z59629py796.cpl
c:\windows\z610not-a-vi9us435.exe
c:\windows\z7e19parse516.ocx
c:\windows\z843a5d9are813.bin
c:\windows\z9274spambo57b3.bin
c:\windows\z9451spambot71b.cpl
c:\windows\z98b5pyware639.dll
c:\windows\z9abaddwar53012.ocx
c:\windows\z9f7vir16405.bin
c:\windows\zb63s9e5l3047.dll
c:\windows\zb939parse14305.exe
D:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.

2009-06-05 21:23 . 2009-06-05 21:23 -------- d-sh--w- \$RECYCLE.BIN
2009-06-05 21:21 . 2009-06-05 21:23 -------- d-----w- c:\users\Harpreet's\AppData\Local\temp
2009-06-05 21:21 . 2009-06-05 21:21 -------- d-----w- C:\temp
2009-06-05 21:21 . 2009-06-05 21:21 -------- d-----w- \temp
2009-06-05 21:02 . 2009-06-05 21:24 -------- d-s---w- \Combo-Fix
2009-06-05 21:01 . 2009-06-05 21:02 -------- d-----w- \Qoobox
2009-06-05 16:53 . 2009-06-05 16:53 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\Malwarebytes
2009-06-05 16:53 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 16:53 . 2009-06-05 16:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 16:53 . 2009-06-05 16:53 -------- d-----w- c:\programdata\Malwarebytes
2009-06-05 16:53 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 15:16 . 2009-06-05 21:21 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-05 14:59 . 2009-06-05 14:59 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\BitDefender
2009-06-05 14:59 . 2009-06-05 14:59 -------- d-----w- C:\Binaries
2009-06-05 14:59 . 2009-06-05 14:59 -------- d-----w- \Binaries
2009-06-05 14:58 . 2009-06-05 15:03 -------- d-----w- c:\programdata\BitDefender
2009-06-05 14:58 . 2009-06-05 14:58 -------- d-----w- c:\program files\BitDefender
2009-06-05 14:10 . 2009-06-05 14:10 -------- d-----w- c:\program files\Trend Micro
2009-06-05 14:04 . 2009-06-05 17:01 -------- d-----w- c:\program files\SpywareBlaster
2009-06-05 13:47 . 2009-06-05 21:22 2951069696 --sha-w- \hiberfil.sys
2009-06-05 13:19 . 2009-06-05 15:03 -------- d-sh--w- \Config.Msi
2009-06-05 11:51 . 2009-06-05 12:02 -------- d-----w- c:\programdata\SITEguard
2009-06-05 11:49 . 2009-06-05 11:49 -------- d-----w- c:\program files\Common Files\iS3
2009-06-05 11:49 . 2009-06-05 13:19 -------- d-----w- c:\programdata\STOPzilla!
2009-06-05 02:32 . 2009-06-05 02:32 -------- d-----w- c:\program files\AVG
2009-06-02 11:13 . 2009-06-02 11:13 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\WildTangent
2009-05-24 17:05 . 2009-05-26 02:33 36864 ----a-w- c:\programdata\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2009-05-24 12:23 . 2009-05-30 13:27 -------- d-----w- c:\users\Harpreet's\AppData\Local\NFS Underground 2
2009-05-09 18:38 . 2009-05-09 18:38 -------- d-----w- c:\program files\VirtualDJ

Re: winblue still winning5th June 2009, 9:36 pm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 21:23 . 2009-04-04 18:04 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\DNA
2009-06-05 21:22 . 2009-06-05 13:47 2951069696 --sha-w- \hiberfil.sys
2009-06-05 21:22 . 2009-03-23 17:08 3264942080 --sha-w- \pagefile.sys
2009-06-05 21:21 . 2008-08-12 05:49 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-05 19:17 . 2009-03-23 12:20 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\Skype
2009-06-05 17:35 . 2009-03-23 10:53 107320 ----a-w- c:\users\Harpreet's\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-05 17:09 . 2009-03-23 17:32 -------- d-----w- c:\programdata\NVIDIA
2009-06-05 16:24 . 2009-03-23 12:21 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\skypePM
2009-06-05 15:01 . 2009-04-04 18:04 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\BitTorrent
2009-06-05 14:58 . 2009-04-08 19:50 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-05 02:45 . 2009-04-08 19:59 8268 ----a-w- c:\users\Harpreet's\AppData\Local\d3d9caps.dat
2009-06-05 02:06 . 2009-03-24 11:34 28314 ----a-w- c:\programdata\nvModes.dat
2009-06-02 11:14 . 2008-08-12 06:44 -------- d-----w- c:\programdata\WildTangent
2009-05-26 02:34 . 2008-08-12 07:44 -------- d-----w- c:\program files\CyberLink
2009-05-24 09:39 . 2009-03-23 12:45 -------- d-----w- c:\program files\Yahoo!
2009-05-14 08:18 . 2008-08-12 07:38 -------- d-----w- c:\programdata\Microsoft Help
2009-05-14 08:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 18:37 . 2009-04-08 10:59 -------- d-----w- c:\programdata\WinZip
2009-05-08 00:48 . 2008-08-12 06:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-06 12:38 . 2009-05-01 00:59 -------- d-----w- c:\program files\Participatory Culture Foundation
2009-05-05 20:50 . 2009-05-05 19:25 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-05 20:50 . 2009-05-05 19:25 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-05 19:25 . 2009-05-05 19:26 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-05 19:23 . 2009-05-05 19:23 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\Leadertech
2009-05-05 19:02 . 2009-05-05 19:02 -------- d-----w- c:\program files\PowerISO
2009-05-01 01:15 . 2009-05-01 01:15 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\PCF-VLC
2009-05-01 01:01 . 2009-05-01 01:01 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\Participatory Culture Foundation
2009-04-26 16:25 . 2009-04-26 16:25 -------- d-----w- c:\programdata\SRS Labs
2009-04-26 16:15 . 2009-04-26 16:15 -------- d-----w- c:\programdata\DFX
2009-04-26 16:15 . 2009-04-26 16:15 -------- d-----w- c:\program files\Common Files\DFX
2009-04-19 03:38 . 2009-04-19 03:04 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\Magic Academy
2009-04-18 11:28 . 2009-04-18 11:28 -------- d-----w- c:\programdata\TVU Networks
2009-04-18 10:59 . 2009-04-18 10:59 -------- d-----w- c:\program files\SopCast
2009-04-17 20:30 . 2009-04-17 20:30 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\Capcom
2009-04-17 15:58 . 2009-05-01 01:24 954368 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-17 15:58 . 2009-05-01 01:24 103424 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-17 15:58 . 2009-05-01 01:24 344064 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-17 15:58 . 2009-05-01 01:24 1161626 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-17 15:58 . 2009-05-01 01:24 65536 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-17 15:58 . 2009-05-01 01:24 4579328 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-04-17 15:58 . 2009-05-01 01:24 71652 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-17 15:58 . 2009-05-01 01:24 4534272 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-17 15:58 . 2009-05-01 01:24 131868 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-11 09:47 . 2009-04-11 09:47 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\HP
2009-04-11 09:47 . 2009-04-06 01:07 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\CyberLink
2009-04-11 09:47 . 2009-03-23 17:31 -------- d-----w- c:\programdata\CyberLink
2009-04-11 09:47 . 2009-04-11 09:47 -------- d-----w- c:\programdata\HP
2009-04-10 20:29 . 2008-08-12 06:31 -------- d-----w- c:\program files\HP
2009-04-10 19:50 . 2008-08-12 05:57 -------- d-----w- c:\program files\Hewlett-Packard
2009-04-10 01:33 . 2009-04-10 01:32 -------- d-----w- c:\program files\DivX
2009-04-10 01:33 . 2009-04-10 01:33 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-04-10 01:32 . 2009-04-10 01:32 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-04-08 23:06 . 2009-04-08 23:06 -------- d-----w- c:\program files\Alwil Software
2009-04-08 19:32 . 2006-11-02 10:23 74 ----a-w- \AUTOEXEC.BAT
2009-04-08 19:13 . 2009-03-31 10:46 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\LimeWire
2009-04-03 20:46 . 2009-04-03 20:46 8192 ----a-w- c:\programdata\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-03 20:46 . 2009-04-03 20:46 61440 ----a-w- c:\programdata\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-03 20:46 . 2009-04-03 20:46 10240 ----a-w- c:\programdata\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-02 08:39 . 2009-04-02 08:39 0 --sha-r- \MSDOS.SYS
2009-04-02 08:39 . 2009-04-02 08:39 0 --sha-r- \IO.SYS
2009-03-31 16:53 . 2009-03-31 16:53 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-03-31 14:35 . 2009-05-15 19:50 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 16:30 . 2009-05-15 19:50 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-29 11:20 . 2009-03-29 11:20 79367 ----a-w- c:\users\Harpreet's\AppData\Roaming\Google\Google Talk\uninstall.exe
2009-03-27 12:13 . 2009-03-27 12:13 61440 ----a-r- c:\users\Harpreet's\AppData\Roaming\Microsoft\Installer\{E9459BCF-0982-498B-ABA7-26C34323493F}\pncico.exe.C76E2E86_AE54_4AF5_997C_63EBB83C7651.exe
2009-03-27 12:13 . 2009-03-27 12:13 61440 ----a-r- c:\users\Harpreet's\AppData\Roaming\Microsoft\Installer\{E9459BCF-0982-498B-ABA7-26C34323493F}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
2009-03-27 12:13 . 2009-03-27 12:13 61440 ----a-r- c:\users\Harpreet's\AppData\Roaming\Microsoft\Installer\{E9459BCF-0982-498B-ABA7-26C34323493F}\ARPICON.exe
2009-03-27 12:13 . 2009-03-27 12:13 49152 ----a-r- c:\users\Harpreet's\AppData\Roaming\Microsoft\Installer\{E9459BCF-0982-498B-ABA7-26C34323493F}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
2009-03-26 10:11 . 2009-04-18 11:28 2082104 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-03-26 07:00 . 2009-03-26 07:00 64000 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
2009-03-25 23:49 . 2009-03-25 23:49 15739760 ----a-w- c:\users\Harpreet's\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller1x0\airinstaller1x0.exe
2009-03-23 12:21 . 2009-03-23 12:21 32 ----a-w- c:\programdata\ezsid.dat
2009-03-17 03:38 . 2009-04-15 23:16 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 23:16 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-09 05:19 . 2009-03-23 12:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-05-06 12:12 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-06 12:12 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-06 12:12 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-06 12:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-06 12:12 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-06 12:12 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-06 12:12 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-06 12:12 132608 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-06 12:12 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-06 12:12 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-06 12:12 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-06 12:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-06 12:12 66560 ----a-w- c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-06 12:12 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-06 12:12 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-06 12:12 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-06 12:12 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-06 12:12 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-05 17:08 . 2009-06-05 15:18 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-12 04:34 . 2008-08-12 04:34 8192 --sha-w- c:\windows\Users\Default\NTUSER.DA

Re: winblue still winning5th June 2009, 9:37 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"BitTorrent DNA"="c:\users\Harpreet's\Program Files\DNA\btdna.exe" [2009-04-04 321344]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-08 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]

c:\users\Harpreet's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-51972698-1156634774-305212446-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{04D5CE91-E7FB-426E-AFA3-66B196D373B7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{83291A5F-EE5D-403D-8506-C1BC40BA08BA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E9E9DC9-FFBB-4979-BF6E-BBB7702391BB}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A3454029-92CB-43C3-9722-C7986B4F3829}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B35D19C0-8FC2-4BEC-94A0-08FA6A2C5CE3}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{01122BEC-6892-4764-BCD6-07D86F5FAC6A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EF42F36B-0A1B-4EBA-AC44-74E9381C0F7D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{FFD81729-FD03-470D-914E-231FA6747FA0}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{21E465C8-84AA-4295-94B4-693D7F3AFB10}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{F4EE2CDC-F25E-453B-811C-C9A60E36AE20}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{ED4B4FCB-066F-47C3-BF54-17AF22F52DF6}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9B4D1080-DD18-4AE2-A7FD-A3E4AFCF9809}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{87180173-89CD-430D-A566-B2F415B3A558}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{FB323F44-A441-4DD0-BAFF-74D992B47B03}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{F0A62D71-6C7D-40A5-A63E-E22DD1C68F57}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{F82DD24F-782E-4A6D-9E2D-D9A64707EA8B}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{30EB9300-9994-41C6-BB49-A855C045FD91}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{822A94AE-4560-419B-8512-2513F9960ABD}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{D4583A7D-7BDD-4B8A-B429-250468250D62}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{31F543BC-FB66-44E1-BD90-87A7FAE0EA22}c:\\users\\harpreet's\\program files\\dna\\btdna.exe"= UDP:c:\users\harpreet's\program files\dna\btdna.exe:btdna.exe
"UDP Query User{9FF43C0E-501C-4D91-847E-569609113B65}c:\\users\\harpreet's\\program files\\dna\\btdna.exe"= TCP:c:\users\harpreet's\program files\dna\btdna.exe:btdna.exe
"TCP Query User{45F2A631-DF87-43FC-99CD-44A4F0C779FB}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"UDP Query User{16F31AA3-9061-423B-B3A8-34703E6BE86C}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"{ACA5AA82-1126-4917-B556-ACE52D5C1519}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{C0C4D76E-0088-4F6F-A807-EC7D302272C3}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{C7F04BFA-5097-4A64-ABA6-1F0418575C72}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{D86C6D32-FBFA-4921-A79F-43C8D4334B5E}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{545D0DA1-7413-4FEE-ABD8-7B8A5815744E}"= UDP:c:\program files\Capcom\MotoGP 08 Demo\MotoGP 08\Launcher.exe:MotoGP 08
"{D3CFE172-BCBC-40BE-A717-CFBFCB57B396}"= TCP:c:\program files\Capcom\MotoGP 08 Demo\MotoGP 08\Launcher.exe:MotoGP 08
"TCP Query User{D37C3505-9D93-4883-9E84-86B837165764}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2EA23F4E-41D6-4A37-8049-A823FE12FC86}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{0EC6D3FE-B351-4BED-A0A9-92178961CF7E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EADAD85C-1DF4-4EA9-B82F-DD13744ED5D1}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{EA7B987F-62E3-4A35-B7D9-CAA7566A0DB3}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{B1E0622F-E9B6-4386-933A-FE18DE21650E}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader

Re: winblue still winning5th June 2009, 9:37 pm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [10/04/2009 21:30 59376]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 18:16 82696]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:23 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [12/08/2008 09:04 361808]
R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [18/09/2008 12:09 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [12/02/2009 16:52 104328]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [12/08/2008 07:41 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [09/05/2008 20:17 43040]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 19:16 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
vvdsvc REG_MULTI_SZ vvdsvc
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
FF - ProfilePath - c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Harpreet's\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 22:23
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5824)
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\PnkBstrB.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Completion time: 2009-06-05 22:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-05 21:31

Pre-Run: 90,826,387,456 bytes free
Post-Run: 90,715,090,944 bytes free

1080 --- E O F --- 2009-06-05 02:00

Re: winblue still winning5th June 2009, 9:40 pm

after the combo has finished it has changed my wallpaper to black but part of my previous wallpaper is still seen in the desktop toolbar....is it fine ? and what next to do ?

Re: winblue still winning5th June 2009, 10:20 pm

Hello.

Now open a new notepad file.
Input this into the notepad file:

Driver::
ezSharedSvc

Folder::
c:\users\Harpreet's\Program Files\DNA
c:\program files\limewire
c:\program files\DNA
c:\program files\bittorrent

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{FB323F44-A441-4DD0-BAFF-74D992B47B03}c:\\program files\\limewire\\limewire.exe"=-
"UDP Query User{F0A62D71-6C7D-40A5-A63E-E22DD1C68F57}c:\\program files\\limewire\\limewire.exe"=-
"{F82DD24F-782E-4A6D-9E2D-D9A64707EA8B}"=-
"{30EB9300-9994-41C6-BB49-A855C045FD91}"=-
"TCP Query User{822A94AE-4560-419B-8512-2513F9960ABD}c:\\program files\\bittorrent\\bittorrent.exe"=-
"UDP Query User{D4583A7D-7BDD-4B8A-B429-250468250D62}c:\\program files\\bittorrent\\bittorrent.exe"=-
"TCP Query User{31F543BC-FB66-44E1-BD90-87A7FAE0EA22}c:\\users\\harpreet's\\program files\\dna\\btdna.exe"=-
"UDP Query User{9FF43C0E-501C-4D91-847E-569609113B65}c:\\users\\harpreet's\\program files\\dna\\btdna.exe"=-

NetSvc::
ezSharedSvc

DDS::
uStart Page = about:blank

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
winblue still winning Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Re: winblue still winning5th June 2009, 11:49 pm

ComboFix 09-06-05.03 - Harpreet's 06/06/2009 0:28.2 - NTFSx86
Microsoft

Windows Vista

Home Premium 6.0.6001.1.1252.44.1033.18.2814.1755 [GMT 1:00]
Running from: c:\users\Harpreet's\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Harpreet's\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\bittorrent
c:\program files\bittorrent\bittorrent.exe
c:\program files\bittorrent\BitTorrentIE.2.dll
c:\program files\bittorrent\OpenCandy\OCSetupHlp.dll
c:\program files\bittorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\users\Harpreet's\Program Files\DNA
c:\users\Harpreet's\Program Files\DNA\btdna.exe
c:\users\Harpreet's\Program Files\DNA\chrome.manifest
c:\users\Harpreet's\Program Files\DNA\DNAcpl.cpl
c:\users\Harpreet's\Program Files\DNA\install.rdf
c:\users\Harpreet's\Program Files\DNA\plugins\npbtdna.dll
c:\users\Harpreet's\Program Files\DNA\plugins\npbtdna.ico

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ezSharedSvc

((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.

2009-06-05 23:40 . 2009-06-05 23:40 -------- d-sh--w- \$RECYCLE.BIN
2009-06-05 23:37 . 2009-06-05 23:40 -------- d-----w- c:\users\Harpreet's\AppData\Local\temp
2009-06-05 23:37 . 2009-06-05 23:37 -------- d-----w- C:\temp
2009-06-05 23:37 . 2009-06-05 23:37 -------- d-----w- \temp
2009-06-05 23:26 . 2009-06-05 23:40 -------- d-s---w- \Combo-Fix
2009-06-05 21:01 . 2009-06-05 23:28 -------- d-----w- \Qoobox
2009-06-05 16:53 . 2009-06-05 16:53 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\Malwarebytes
2009-06-05 16:53 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 16:53 . 2009-06-05 16:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 16:53 . 2009-06-05 16:53 -------- d-----w- c:\programdata\Malwarebytes
2009-06-05 16:53 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 15:16 . 2009-06-05 23:38 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-05 14:59 . 2009-06-05 14:59 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\BitDefender
2009-06-05 14:59 . 2009-06-05 14:59 -------- d-----w- C:\Binaries
2009-06-05 14:59 . 2009-06-05 14:59 -------- d-----w- \Binaries
2009-06-05 14:58 . 2009-06-05 15:03 -------- d-----w- c:\programdata\BitDefender
2009-06-05 14:58 . 2009-06-05 14:58 -------- d-----w- c:\program files\BitDefender
2009-06-05 14:10 . 2009-06-05 14:10 -------- d-----w- c:\program files\Trend Micro
2009-06-05 14:04 . 2009-06-05 17:01 -------- d-----w- c:\program files\SpywareBlaster
2009-06-05 13:47 . 2009-06-05 23:39 2951073792 --sha-w- \hiberfil.sys
2009-06-05 13:19 . 2009-06-05 15:03 -------- d-sh--w- \Config.Msi
2009-06-05 11:51 . 2009-06-05 12:02 -------- d-----w- c:\programdata\SITEguard
2009-06-05 11:49 . 2009-06-05 11:49 -------- d-----w- c:\program files\Common Files\iS3
2009-06-05 11:49 . 2009-06-05 13:19 -------- d-----w- c:\programdata\STOPzilla!
2009-06-05 02:32 . 2009-06-05 02:32 -------- d-----w- c:\program files\AVG
2009-06-02 11:13 . 2009-06-02 11:13 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\WildTangent
2009-05-24 17:05 . 2009-05-26 02:33 36864 ----a-w- c:\programdata\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2009-05-24 12:23 . 2009-05-30 13:27 -------- d-----w- c:\users\Harpreet's\AppData\Local\NFS Underground 2
2009-05-09 18:38 . 2009-05-09 18:38 -------- d-----w- c:\program files\VirtualDJ

Re: winblue still winning5th June 2009, 11:50 pm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 23:39 . 2009-06-05 13:47 2951073792 --sha-w- \hiberfil.sys
2009-06-05 23:39 . 2009-03-23 17:08 3264942080 --sha-w- \pagefile.sys
2009-06-05 23:38 . 2008-08-12 05:49 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-05 23:20 . 2009-04-04 18:04 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\DNA
2009-06-05 22:11 . 2009-03-24 11:34 28314 ----a-w- c:\programdata\nvModes.dat
2009-06-05 19:17 . 2009-03-23 12:20 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\Skype
2009-06-05 17:35 . 2009-03-23 10:53 107320 ----a-w- c:\users\Harpreet's\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-05 17:09 . 2009-03-23 17:32 -------- d-----w- c:\programdata\NVIDIA
2009-06-05 16:24 . 2009-03-23 12:21 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\skypePM
2009-06-05 15:01 . 2009-04-04 18:04 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\BitTorrent
2009-06-05 14:58 . 2009-04-08 19:50 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-05 02:45 . 2009-04-08 19:59 8268 ----a-w- c:\users\Harpreet's\AppData\Local\d3d9caps.dat
2009-06-02 11:14 . 2008-08-12 06:44 -------- d-----w- c:\programdata\WildTangent
2009-05-26 02:34 . 2008-08-12 07:44 -------- d-----w- c:\program files\CyberLink
2009-05-24 09:39 . 2009-03-23 12:45 -------- d-----w- c:\program files\Yahoo!
2009-05-14 08:18 . 2008-08-12 07:38 -------- d-----w- c:\programdata\Microsoft Help
2009-05-14 08:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 18:37 . 2009-04-08 10:59 -------- d-----w- c:\programdata\WinZip
2009-05-08 00:48 . 2008-08-12 06:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-06 12:38 . 2009-05-01 00:59 -------- d-----w- c:\program files\Participatory Culture Foundation
2009-05-05 20:50 . 2009-05-05 19:25 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-05 20:50 . 2009-05-05 19:25 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-05 19:25 . 2009-05-05 19:26 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-05 19:23 . 2009-05-05 19:23 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\Leadertech
2009-05-05 19:02 . 2009-05-05 19:02 -------- d-----w- c:\program files\PowerISO
2009-05-01 01:15 . 2009-05-01 01:15 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\PCF-VLC
2009-05-01 01:01 . 2009-05-01 01:01 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\Participatory Culture Foundation
2009-04-26 16:25 . 2009-04-26 16:25 -------- d-----w- c:\programdata\SRS Labs
2009-04-26 16:15 . 2009-04-26 16:15 -------- d-----w- c:\programdata\DFX
2009-04-26 16:15 . 2009-04-26 16:15 -------- d-----w- c:\program files\Common Files\DFX
2009-04-19 03:38 . 2009-04-19 03:04 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\Magic Academy
2009-04-18 11:28 . 2009-04-18 11:28 -------- d-----w- c:\programdata\TVU Networks
2009-04-18 10:59 . 2009-04-18 10:59 -------- d-----w- c:\program files\SopCast
2009-04-17 20:30 . 2009-04-17 20:30 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\Capcom
2009-04-17 15:58 . 2009-05-01 01:24 954368 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-17 15:58 . 2009-05-01 01:24 103424 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-17 15:58 . 2009-05-01 01:24 344064 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-17 15:58 . 2009-05-01 01:24 1161626 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-17 15:58 . 2009-05-01 01:24 65536 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-17 15:58 . 2009-05-01 01:24 4579328 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-04-17 15:58 . 2009-05-01 01:24 71652 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-17 15:58 . 2009-05-01 01:24 4534272 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-17 15:58 . 2009-05-01 01:24 131868 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-11 09:47 . 2009-04-11 09:47 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\HP
2009-04-11 09:47 . 2009-04-06 01:07 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\CyberLink
2009-04-11 09:47 . 2009-03-23 17:31 -------- d-----w- c:\programdata\CyberLink
2009-04-11 09:47 . 2009-04-11 09:47 -------- d-----w- c:\programdata\HP
2009-04-10 20:29 . 2008-08-12 06:31 -------- d-----w- c:\program files\HP
2009-04-10 19:50 . 2008-08-12 05:57 -------- d-----w- c:\program files\Hewlett-Packard
2009-04-10 01:33 . 2009-04-10 01:32 -------- d-----w- c:\program files\DivX
2009-04-10 01:33 . 2009-04-10 01:33 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-04-10 01:32 . 2009-04-10 01:32 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-04-08 23:06 . 2009-04-08 23:06 -------- d-----w- c:\program files\Alwil Software
2009-04-08 19:32 . 2006-11-02 10:23 74 ----a-w- \AUTOEXEC.BAT
2009-04-08 19:13 . 2009-03-31 10:46 -------- d-----w- c:\users\Harpreet's\AppData\Roaming\LimeWire
2009-04-03 20:46 . 2009-04-03 20:46 8192 ----a-w- c:\programdata\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-03 20:46 . 2009-04-03 20:46 61440 ----a-w- c:\programdata\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-03 20:46 . 2009-04-03 20:46 10240 ----a-w- c:\programdata\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-02 08:39 . 2009-04-02 08:39 0 --sha-r- \MSDOS.SYS
2009-04-02 08:39 . 2009-04-02 08:39 0 --sha-r- \IO.SYS
2009-03-31 16:53 . 2009-03-31 16:53 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-03-31 14:35 . 2009-05-15 19:50 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 16:30 . 2009-05-15 19:50 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-29 11:20 . 2009-03-29 11:20 79367 ----a-w- c:\users\Harpreet's\AppData\Roaming\Google\Google Talk\uninstall.exe
2009-03-27 12:13 . 2009-03-27 12:13 61440 ----a-r- c:\users\Harpreet's\AppData\Roaming\Microsoft\Installer\{E9459BCF-0982-498B-ABA7-26C34323493F}\pncico.exe.C76E2E86_AE54_4AF5_997C_63EBB83C7651.exe
2009-03-27 12:13 . 2009-03-27 12:13 61440 ----a-r- c:\users\Harpreet's\AppData\Roaming\Microsoft\Installer\{E9459BCF-0982-498B-ABA7-26C34323493F}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
2009-03-27 12:13 . 2009-03-27 12:13 61440 ----a-r- c:\users\Harpreet's\AppData\Roaming\Microsoft\Installer\{E9459BCF-0982-498B-ABA7-26C34323493F}\ARPICON.exe
2009-03-27 12:13 . 2009-03-27 12:13 49152 ----a-r- c:\users\Harpreet's\AppData\Roaming\Microsoft\Installer\{E9459BCF-0982-498B-ABA7-26C34323493F}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
2009-03-26 10:11 . 2009-04-18 11:28 2082104 ----a-w- c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-03-26 07:00 . 2009-03-26 07:00 64000 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
2009-03-25 23:49 . 2009-03-25 23:49 15739760 ----a-w- c:\users\Harpreet's\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller1x0\airinstaller1x0.exe
2009-03-23 12:21 . 2009-03-23 12:21 32 ----a-w- c:\programdata\ezsid.dat
2009-03-17 03:38 . 2009-04-15 23:16 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 23:16 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-09 05:19 . 2009-03-23 12:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-05-06 12:12 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-06 12:12 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-06 12:12 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-06 12:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-06 12:12 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-06 12:12 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-06 12:12 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-06 12:12 132608 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-06 12:12 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-06 12:12 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-06 12:12 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-06 12:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-06 12:12 66560 ----a-w- c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-06 12:12 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-06 12:12 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-06 12:12 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-06 12:12 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-06 12:12 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-05 17:08 . 2009-06-05 15:18 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-12 04:34 . 2008-08-12 04:34 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

Re: winblue still winning5th June 2009, 11:50 pm

((((((((((((((((((((((((((((( SnapShot@2009-06-05_21.24.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2009-06-05 23:41 87804 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-23 10:47 . 2009-06-05 23:41 11606 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-51972698-1156634774-305212446-1000_UserData.bin
- 2009-03-24 11:47 . 2009-06-05 15:16 8438 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-03-24 11:47 . 2009-06-05 23:38 8438 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-06-05 23:39 . 2009-06-05 23:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-05 21:22 . 2009-06-05 21:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-05 23:39 . 2009-06-05 23:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-05 21:22 . 2009-06-05 21:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-24 10:34 . 2009-06-05 23:21 341820 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-08 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]

c:\users\Harpreet's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-51972698-1156634774-305212446-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{04D5CE91-E7FB-426E-AFA3-66B196D373B7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{83291A5F-EE5D-403D-8506-C1BC40BA08BA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E9E9DC9-FFBB-4979-BF6E-BBB7702391BB}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A3454029-92CB-43C3-9722-C7986B4F3829}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B35D19C0-8FC2-4BEC-94A0-08FA6A2C5CE3}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{01122BEC-6892-4764-BCD6-07D86F5FAC6A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EF42F36B-0A1B-4EBA-AC44-74E9381C0F7D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{FFD81729-FD03-470D-914E-231FA6747FA0}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{21E465C8-84AA-4295-94B4-693D7F3AFB10}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{F4EE2CDC-F25E-453B-811C-C9A60E36AE20}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{ED4B4FCB-066F-47C3-BF54-17AF22F52DF6}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9B4D1080-DD18-4AE2-A7FD-A3E4AFCF9809}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{87180173-89CD-430D-A566-B2F415B3A558}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{45F2A631-DF87-43FC-99CD-44A4F0C779FB}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"UDP Query User{16F31AA3-9061-423B-B3A8-34703E6BE86C}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"{ACA5AA82-1126-4917-B556-ACE52D5C1519}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{C0C4D76E-0088-4F6F-A807-EC7D302272C3}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{C7F04BFA-5097-4A64-ABA6-1F0418575C72}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{D86C6D32-FBFA-4921-A79F-43C8D4334B5E}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{545D0DA1-7413-4FEE-ABD8-7B8A5815744E}"= UDP:c:\program files\Capcom\MotoGP 08 Demo\MotoGP 08\Launcher.exe:MotoGP 08
"{D3CFE172-BCBC-40BE-A717-CFBFCB57B396}"= TCP:c:\program files\Capcom\MotoGP 08 Demo\MotoGP 08\Launcher.exe:MotoGP 08
"TCP Query User{D37C3505-9D93-4883-9E84-86B837165764}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2EA23F4E-41D6-4A37-8049-A823FE12FC86}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{0EC6D3FE-B351-4BED-A0A9-92178961CF7E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EADAD85C-1DF4-4EA9-B82F-DD13744ED5D1}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{EA7B987F-62E3-4A35-B7D9-CAA7566A0DB3}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{B1E0622F-E9B6-4386-933A-FE18DE21650E}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [10/04/2009 21:30 59376]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 18:16 82696]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [12/08/2008 09:04 361808]
R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [18/09/2008 12:09 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [12/02/2009 16:52 104328]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [12/08/2008 07:41 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [09/05/2008 20:17 43040]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 19:16 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
vvdsvc REG_MULTI_SZ vvdsvc
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
FF - ProfilePath - c:\users\Harpreet's\AppData\Roaming\Mozilla\Firefox\Profiles\5izviq7s.default\
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 00:40
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2140)
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\PnkBstrB.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Completion time: 2009-06-05 0:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-05 23:47
ComboFix2.txt 2009-06-05 21:31

Pre-Run: 90,784,034,816 bytes free
Post-Run: 90,314,366,976 bytes free

353 --- E O F --- 2009-06-05 02:00

Re: winblue still winning5th June 2009, 11:58 pm

still got something more to do... bloody winbluesoft virus seems to be more harmful to humans than computers.... Open Grin

Re: winblue still winning6th June 2009, 12:02 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

Re: winblue still winning6th June 2009, 12:20 am

Malwarebytes' Anti-Malware 1.37
Database version: 2234
Windows 6.0.6001 Service Pack 1

06/06/2009 01:20:32
mbam-log-2009-06-06 (01-20-32).txt

Scan type: Quick Scan
Objects scanned: 76962
Time elapsed: 12 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: winblue still winning6th June 2009, 12:25 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

winblue still winning CF_Cleanup

This will also reset your restore points.

How is the machine running now?

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

Re: winblue still winning6th June 2009, 12:33 am

Thank god it got over... Well buddy the machine is running smooth as butter thanks for your great support. myself as my machine both feel refreshed !!!

Thanks a lot !!

Re: winblue still winning6th June 2009, 12:35 am

Glad we could help

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

winblue still winning

descriptionwinblue still winning5th June 2009, 7:36 pm

descriptionRe: winblue still winning5th June 2009, 7:41 pm

descriptionRe: winblue still winning5th June 2009, 7:47 pm

descriptionRe: winblue still winning5th June 2009, 7:50 pm

descriptionRe: winblue still winning5th June 2009, 8:11 pm

descriptionRe: winblue still winning5th June 2009, 8:15 pm

descriptionRe: winblue still winning5th June 2009, 8:33 pm

descriptionRe: winblue still winning5th June 2009, 8:35 pm

descriptionRe: winblue still winning5th June 2009, 8:36 pm

descriptionRe: winblue still winning5th June 2009, 8:42 pm

descriptionRe: winblue still winning5th June 2009, 8:43 pm

descriptionRe: winblue still winning5th June 2009, 8:50 pm

descriptionRe: winblue still winning5th June 2009, 9:34 pm

descriptionRe: winblue still winning5th June 2009, 9:34 pm

descriptionRe: winblue still winning5th June 2009, 9:35 pm

descriptionRe: winblue still winning5th June 2009, 9:35 pm

descriptionRe: winblue still winning5th June 2009, 9:36 pm

descriptionRe: winblue still winning5th June 2009, 9:36 pm

descriptionRe: winblue still winning5th June 2009, 9:37 pm

descriptionRe: winblue still winning5th June 2009, 9:37 pm

descriptionRe: winblue still winning5th June 2009, 9:40 pm

descriptionRe: winblue still winning5th June 2009, 10:20 pm

descriptionRe: winblue still winning5th June 2009, 11:49 pm

descriptionRe: winblue still winning5th June 2009, 11:50 pm

descriptionRe: winblue still winning5th June 2009, 11:50 pm

descriptionRe: winblue still winning5th June 2009, 11:58 pm

descriptionRe: winblue still winning6th June 2009, 12:02 am

descriptionRe: winblue still winning6th June 2009, 12:20 am

descriptionRe: winblue still winning6th June 2009, 12:25 am

descriptionRe: winblue still winning6th June 2009, 12:33 am

descriptionRe: winblue still winning6th June 2009, 12:35 am

descriptionRe: winblue still winning