WIN BLUE SOFT VICTIM

5 posters

WiredWX Hobby Weather Tools :: Archive :: Technical Support

Re: WIN BLUE SOFT VICTIM12th June 2009, 11:25 pm

Can you try running DDS now blocker.dll is gone?

http://www.geekpolice.net/virus-spyware-malware-removal-f11/win-blue-soft-victim-t10258.htm#66076

soorry I dont know how to ZIP13th June 2009, 1:16 am

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/6/2009 4:25:16 PM
System Uptime: 6/12/2009 7:13:45 PM (0 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VL
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 234.108 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&35F762C4&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&35F762C4&0
Service: i8042prt

==== System Restore Points ===================

RP109: 3/2/2009 10:07:38 AM - System Checkpoint
RP110: 3/3/2009 10:55:40 AM - System Checkpoint
RP111: 3/4/2009 11:55:40 AM - System Checkpoint
RP112: 3/5/2009 1:45:46 PM - System Checkpoint
RP113: 3/6/2009 1:55:40 PM - System Checkpoint
RP114: 3/7/2009 2:56:50 PM - System Checkpoint
RP115: 3/8/2009 3:55:40 PM - System Checkpoint
RP116: 3/9/2009 3:59:21 PM - System Checkpoint
RP117: 3/10/2009 4:07:48 PM - System Checkpoint
RP118: 3/11/2009 2:00:22 AM - Software Distribution Service 3.0
RP119: 3/12/2009 2:11:34 AM - System Checkpoint
RP120: 3/13/2009 3:11:34 AM - System Checkpoint
RP121: 3/14/2009 3:41:31 AM - System Checkpoint
RP122: 3/15/2009 5:41:24 AM - System Checkpoint
RP123: 3/16/2009 6:06:13 AM - System Checkpoint
RP124: 3/17/2009 6:42:09 AM - System Checkpoint
RP125: 3/18/2009 7:42:08 AM - System Checkpoint
RP126: 3/19/2009 6:34:57 PM - System Checkpoint
RP127: 3/20/2009 6:42:09 PM - System Checkpoint
RP128: 3/21/2009 3:00:20 AM - Software Distribution Service 3.0
RP129: 3/22/2009 3:57:33 AM - System Checkpoint
RP130: 3/23/2009 5:14:42 AM - System Checkpoint
RP131: 3/24/2009 5:57:30 AM - System Checkpoint
RP132: 3/25/2009 6:57:35 AM - System Checkpoint
RP133: 3/26/2009 7:26:40 AM - System Checkpoint
RP134: 3/27/2009 8:26:39 AM - System Checkpoint
RP135: 3/28/2009 8:59:37 AM - System Checkpoint
RP136: 3/29/2009 9:42:07 AM - System Checkpoint
RP137: 3/30/2009 10:42:08 AM - System Checkpoint
RP138: 3/30/2009 4:37:55 PM - Installed Windows Media Player 11
RP139: 3/30/2009 4:38:25 PM - Software Distribution Service 3.0
RP140: 3/31/2009 3:00:28 AM - Software Distribution Service 3.0
RP141: 4/1/2009 3:00:19 AM - Software Distribution Service 3.0
RP142: 4/1/2009 4:45:36 AM - Software Distribution Service 3.0
RP143: 4/2/2009 5:11:59 PM - Software Distribution Service 3.0
RP144: 4/2/2009 5:13:25 PM - Installed Windows XP WgaNotify.
RP145: 4/2/2009 5:26:26 PM - Software Distribution Service 3.0
RP146: 4/3/2009 3:00:24 AM - Software Distribution Service 3.0
RP147: 4/4/2009 7:17:28 AM - System Checkpoint
RP148: 4/5/2009 8:51:47 AM - System Checkpoint
RP149: 4/5/2009 6:21:27 PM - Installed Adobe Reader 9.1.
RP150: 4/6/2009 6:46:06 PM - System Checkpoint
RP151: 4/7/2009 7:46:00 PM - System Checkpoint
RP152: 4/8/2009 8:46:00 PM - System Checkpoint
RP153: 4/10/2009 9:13:00 AM - System Checkpoint
RP154: 4/10/2009 5:50:37 PM - Installed Microsoft .NET Framework 1.1
RP155: 4/13/2009 9:39:06 PM - System Checkpoint
RP156: 4/14/2009 3:00:30 AM - Software Distribution Service 3.0
RP157: 4/15/2009 3:00:31 AM - Software Distribution Service 3.0
RP158: 4/16/2009 3:19:13 AM - System Checkpoint
RP159: 4/17/2009 4:19:12 AM - System Checkpoint
RP160: 4/18/2009 4:22:30 AM - System Checkpoint
RP161: 4/19/2009 6:25:38 AM - System Checkpoint
RP162: 4/20/2009 7:22:27 AM - System Checkpoint
RP163: 4/21/2009 8:22:29 AM - System Checkpoint
RP164: 4/22/2009 9:22:30 AM - System Checkpoint
RP165: 4/23/2009 10:01:27 AM - System Checkpoint
RP166: 4/24/2009 11:01:25 AM - System Checkpoint
RP167: 4/25/2009 11:29:27 AM - System Checkpoint
RP168: 4/26/2009 12:02:30 PM - System Checkpoint
RP169: 4/27/2009 1:01:24 PM - System Checkpoint
RP170: 4/28/2009 2:01:22 PM - System Checkpoint
RP171: 4/29/2009 3:01:23 PM - System Checkpoint
RP172: 4/30/2009 4:01:22 PM - System Checkpoint
RP173: 5/1/2009 5:02:27 PM - System Checkpoint
RP174: 5/2/2009 12:18:05 AM - Restore Operation
RP175: 5/3/2009 12:23:53 AM - System Checkpoint
RP176: 5/4/2009 2:47:58 AM - System Checkpoint
RP177: 5/5/2009 5:28:13 PM - System Checkpoint
RP178: 5/6/2009 5:45:52 PM - System Checkpoint
RP179: 5/8/2009 4:02:46 PM - System Checkpoint
RP180: 5/9/2009 4:44:56 PM - System Checkpoint
RP181: 5/10/2009 5:44:56 PM - System Checkpoint
RP182: 5/11/2009 6:45:16 PM - System Checkpoint
RP183: 5/12/2009 7:44:57 PM - System Checkpoint
RP184: 5/13/2009 3:00:16 AM - Software Distribution Service 3.0
RP185: 5/14/2009 3:44:55 AM - System Checkpoint
RP186: 5/17/2009 12:55:58 PM - System Checkpoint
RP187: 5/18/2009 1:04:29 PM - System Checkpoint
RP188: 5/19/2009 2:28:35 PM - System Checkpoint
RP189: 5/20/2009 4:27:00 PM - System Checkpoint
RP190: 5/21/2009 4:43:20 PM - System Checkpoint
RP191: 5/22/2009 4:44:05 PM - Software Distribution Service 3.0
RP192: 5/23/2009 6:00:53 PM - System Checkpoint
RP193: 5/24/2009 6:51:14 PM - System Checkpoint
RP194: 5/25/2009 6:52:43 PM - System Checkpoint
RP195: 5/26/2009 7:19:48 PM - System Checkpoint
RP196: 5/27/2009 7:51:10 PM - System Checkpoint
RP197: 5/28/2009 8:51:13 PM - System Checkpoint
RP198: 5/29/2009 9:48:18 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AiO_Scan
ATI Display Driver (Omega 3.8.442)
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Personal Firewall
Combined Community Codec Pack 2008-09-21 16:18
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DVD Shrink 3.2
Free Download Manager 3.0
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
Intel(R) PRO Network Adapters and Drivers
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB954430)
MultiRes (remove only)
Nero 7 Ultra Edition
Nero Mega Plugin Pack
PartyPoker
PluginVideo
QFolder
Radeon Omega Drivers v4.8.442 Setup Files and Tools
RegCure 1.6.0.0
Scan
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sims2Pack Clean Installer
Spyware Terminator
SUPERAntiSpyware Free Edition
The Sims 2
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.2.1 final uninstall

==== Event Viewer Messages From Past Week ========

6/5/2009 9:38:22 PM, error: ati2mtag [45062] - CRT invalid display type
6/5/2009 11:47:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD atitray Fips i8042prt intelppm IPSec KmxAgent KmxFile KmxFw KmxStart MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip VET-FILT VET-REC VETEFILE VETMONNT
6/5/2009 11:47:42 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2009 11:47:42 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2009 11:47:42 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2009 11:47:42 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2009 11:46:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/5/2009 11:46:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/5/2009 11:46:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
6/12/2009 7:12:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

==== End Of File ===========================

Re: WIN BLUE SOFT VICTIM13th June 2009, 1:12 pm

Wrong log, that's attach.txt, I need to see DDS.txt

DDS.Txt13th June 2009, 1:51 pm

DDS (Ver_09-05-14.01) - NTFSx86
Run by Big Bad Jean at 9:47:47.68 on Sat 06/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.53 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Big Bad Jean\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [AtiPTA] atiptaxx.exe
dRun: [tempo-setup2.exe] c:\windows\system32\tempo-setup2.exe
uPolicies-system: NoDispBackgroundPage = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: NoDispBackgroundPage = 1 (0x1)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\VetRedir.dll
TCP: NameServer = 85.255.112.101,85.255.112.113
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bigbad~1\applic~1\mozilla\firefox\profiles\u5oyro29.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 atitray;atitray;c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [2009-1-19 17952]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-2-18 26376]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-2-18 21128]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-2-18 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-2-18 21512]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-2-18 32264]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-2-18 144960]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-2-18 242952]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-2-18 108368]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]

=============== Created Last 30 ================

2009-06-12 21:20 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-12 21:20 --d----- c:\docume~1\bigbad~1\applic~1\Spyware Terminator
2009-06-12 19:11 161,792 a------- c:\windows\SWREG.exe
2009-06-12 19:11 154,624 a------- c:\windows\PEV.exe
2009-06-12 19:11 98,816 a------- c:\windows\sed.exe
2009-06-12 19:11 --ds---- C:\Combo-Fix
2009-06-12 19:11 389,120 a------- c:\windows\system32\CF13664.exe
2009-06-12 19:06 116,623 a------- C:\MGlogs.zip
2009-06-12 18:30 --d----- C:\!KillBox
2009-06-12 18:27 1,066,176 a------- c:\windows\system32\MSCOMCTL.OCX
2009-06-12 16:40 6,315 a------- c:\windows\28534hacktooz1a29.cpl
2009-06-11 17:48 3,388 a------- c:\windows\4570spamb9t23z.cpl
2009-06-11 16:58 --d----- c:\docume~1\alluse~1\applic~1\RegCure
2009-06-11 12:23 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 12:23 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-11 12:23 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-11 12:23 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-11 12:14 6,512 a------- c:\windows\1686back5oor79z.exe
2009-06-10 22:44 4,214 a------- c:\windows\system32\5a129hzeat20081.dll
2009-06-09 16:50 --d----- c:\windows\pss
2009-06-07 18:46 6,339 a------- c:\windows\system32\3952not-a-viru5z46.exe
2009-06-07 15:10 --d----- C:\MGtools
2009-06-07 15:10 1,342,151 a------- C:\MGtools.exe
2009-06-07 12:59 451,655 a------- c:\temp\RootRepeal.zip
2009-06-07 09:18 --d-h--- c:\windows\system32\GroupPolicy
2009-06-07 08:55 --d----- c:\program files\Spyware Terminator
2009-06-07 08:55 --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-06-07 02:16 14,105 a------- c:\windows\29851hackt9ol6f3z.bin
2009-06-06 00:08 --d----- c:\program files\Trend Micro
2009-06-05 23:36 --d----- C:\_OTM
2009-06-05 22:37 10,614 a------- c:\windows\649atzrea525717.cpl
2009-06-04 17:57 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 17:57 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-04 17:57 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-04 17:57 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 00:51 8,658 a------- c:\windows\z6175sp9mbot5f7.ocx
2009-06-01 08:25 7,766 a------- c:\windows\system32\459zth9ef2036.cpl
2009-05-30 09:58 --d----- c:\program files\PluginVideo
2009-05-27 15:19 18,083 a------- c:\windows\system32\209789zrus5d1.cpl
2009-05-26 18:41 --dsh--- c:\documents and settings\big bad jean\PrivacIE
2009-05-26 16:32 4,870 a------- c:\windows\28beb9ck5oorz04.dll
2009-05-25 09:10 --dsh--- c:\documents and settings\big bad jean\IECompatCache
2009-05-25 06:03 3,183 a------- c:\windows\system32\18zfs9eal2553.cpl
2009-05-22 23:51 4,403 a------- c:\windows\39f4t5ief14z9.exe
2009-05-22 17:36 --dsh--- c:\documents and settings\big bad jean\IETldCache
2009-05-22 17:00 --d----- c:\windows\ie8updates
2009-05-22 17:00 102,400 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-22 16:58 -cd-h--- c:\windows\ie8
2009-05-20 15:11 10,999 a------- c:\windows\49435ownloader1199z.bin
2009-05-20 10:23 14,591 a------- c:\windows\b7dtzi952572.dll
2009-05-20 06:30 8,851 a------- c:\windows\system32\c2359arsz2453.cpl
2009-05-18 10:16 2,744 a------- c:\windows\21968not-a5viru97dz.cpl
2009-05-17 00:50 8,696 a------- c:\windows\system32\9d7db5ckdozr1815.dll

==================== Find3M ====================

2009-06-12 23:26 90,586 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-06-12 23:26 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-06-12 23:26 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-06-12 23:26 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-06-12 23:26 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-06-12 23:26 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-06-12 23:26 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-06-12 23:26 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-05-13 13:45 7,874 a------- c:\windows\system32\5z19ad9ware1405.exe
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 23:11 16,440 a------- c:\windows\system32\246edoznl95der1935.exe
2009-05-12 16:59 17,083 a------- c:\windows\system32\5z688spambot19.exe
2009-05-09 09:56 6,325 a------- c:\windows\system32\14643woz955a.dll
2009-05-08 09:42 10,026 a------- c:\windows\system32\68dcsp5zs92170.bin
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-05 21:34 8,937 a------- c:\windows\5e299oznloader2550.bin
2009-05-02 03:03 10,004 a------- c:\windows\system32\9598not-a-virus59az.bin
2009-05-01 09:16 3,380 a------- c:\windows\system32\z5235pambot690.bin
2009-04-27 04:12 14,585 a------- c:\windows\system32\6c875ownloa9er2163z.bin
2009-04-26 19:29 8,689 a------- c:\windows\5z735o9m14a.bin
2009-04-25 04:21 3,185 a------- c:\windows\system32\9372hacktzol62b5.exe
2009-04-22 15:06 10,138 a------- c:\windows\9z99troj55.bin
2009-04-18 10:41 12,174 a------- c:\windows\287fspyw5r91839z.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 23:05 5,049 a------- c:\windows\26859vizu91ab.bin
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-14 03:01 13,752 a------- c:\windows\6f99zpywar95235.bin
2009-04-11 10:20 18,076 a------- c:\windows\system32\23657s5ambot3ze9.dll
2009-04-10 20:06 2,913 a------- c:\windows\system32\3a61thizf9485.exe
2009-04-09 21:53 9,646 a------- c:\windows\2b64spywzr51690.dll
2009-04-09 15:48 17,943 a------- c:\windows\4b6adownload5r17z69.bin
2009-04-08 13:41 7,433 a------- c:\windows\system32\395fa5zware1113.exe
2009-04-05 13:19 14,676 a------- c:\windows\system32\15439not-z-5irus7bb.dll
2009-04-05 10:28 68,268 a------- c:\windows\hpoins05.dat
2009-04-02 17:19 4,128 a------- c:\windows\237995orm3d7z.dll
2009-04-01 09:27 13,971 a------- c:\windows\595zir2774.dll
2009-03-26 19:33 15,409 a------- c:\windows\852spars92z85.exe
2009-03-23 19:34 11,417 a------- c:\windows\system32\190465rojzb9.exe
2009-03-22 21:02 3,042 a------- c:\windows\e1bthreat901z75.exe
2009-03-22 16:10 11,988 a------- c:\windows\system32\2b89backz5or16089.exe
2009-03-22 02:22 3,148 a------- c:\windows\system32\29954spz3dc.exe
2009-03-20 19:26 9,436 a------- c:\windows\193365zamb9t421.dll
2009-03-20 17:20 11,412 a------- c:\windows\45abz9k5oor2647.bin
2009-03-17 14:56 13,822 a------- c:\windows\system32\39f5vir500z.exe
2009-03-16 11:37 7,956 a------- c:\windows\system32\5d95addware314z.bin
2009-03-16 09:41 8,446 a------- c:\windows\56159oznloader2148.bin
2004-12-07 13:13 3,578,547 a------- c:\program files\ManagedDX.CAB
2004-12-07 13:13 1,156,363 a------- c:\program files\BDANT.cab
2004-12-07 13:13 703,080 a------- c:\program files\BDA.cab
2004-12-07 13:13 479,432 a------- c:\program files\dxsetup.exe
2004-12-07 13:13 13,265,040 a----r-- c:\program files\dxnt.cab
2004-12-07 13:13 2,249,416 a------- c:\program files\dsetup32.dll
2004-12-07 13:13 69,832 a------- c:\program files\DSETUP.dll
2004-12-07 13:13 15,493,481 a------- c:\program files\DirectX.cab
2004-12-07 13:13 976,020 a------- c:\program files\BDAXP.cab
2004-12-07 12:47 20,717 a------- c:\program files\DirectX SDK EULA.txt

============= FINISH: 9:49:02.10 ===============

Re: WIN BLUE SOFT VICTIM13th June 2009, 2:01 pm

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV. (CA)
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

saying the message is too big13th June 2009, 11:48 pm

ComboFix 09-06-12.04 - Big Bad Jean 06/13/2009 12:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.217 [GMT -4:00]
Running from: c:\documents and settings\Big Bad Jean\Desktop\Combo-Fix.exe
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10945zroj505.exe
c:\windows\11195vi9uz220.cpl
c:\windows\12042hacz5ool93.ocx
c:\windows\12523w9r539z.cpl
c:\windows\1258backzoo9124.bin
c:\windows\12937not-a-virzs4d5.dll
c:\windows\12za5ir1998.ocx
c:\windows\13195hizf1759.exe
c:\windows\141bthief1z915.cpl
c:\windows\14822n5z-a-viru922b.exe
c:\windows\1489downloade5z58.exe
c:\windows\14944zirus33b5.dll
c:\windows\149539zy6db5.dll
c:\windows\15595hac9zool328.cpl
c:\windows\15698s5amz9t5c4.dll
c:\windows\15913hackzo9l10.exe
c:\windows\15fdaddwa9ez1955.dll
c:\windows\15z67sp9454.bin
c:\windows\1624notza-virus4539.cpl
c:\windows\1673695zmbot5b2.exe
c:\windows\1686back5oor79z.exe
c:\windows\169z2hacktool695.ocx
c:\windows\17065vir9szf5.cpl
c:\windows\17501spambot569z.cpl
c:\windows\17572h9cktzolc65.exe
c:\windows\175985irus79z.bin
c:\windows\176fbac5dozr9.exe
c:\windows\17z109r5j2f3.cpl
c:\windows\1809s5arsz1067.ocx
c:\windows\18693szambo5458.cpl
c:\windows\18812h9ckt5olz22.cpl
c:\windows\18czd9wnloader65.bin
c:\windows\18e2t9ze51282.cpl
c:\windows\18z31hac9to5l41e.cpl
c:\windows\18zc95arse350.dll
c:\windows\1932addw5re31z4.bin
c:\windows\193365zamb9t421.dll
c:\windows\195zspy55a.ocx
c:\windows\19z05worma6.exe
c:\windows\1a85zparse3095.bin
c:\windows\1azdbac9door2558.exe
c:\windows\1b22b5ckz9or169.bin
c:\windows\1b35zhrea98855.ocx
c:\windows\1d80spywaze18859.bin
c:\windows\1e155hiefz99.exe
c:\windows\1z146t9oj556.exe
c:\windows\1z405virus5719.bin
c:\windows\1zbc5hreat91143.cpl
c:\windows\20084not-az95rus583.bin
c:\windows\2049spa5ze2598.cpl
c:\windows\204z5pambotde9.cpl
c:\windows\2057not-z59irus40a.cpl
c:\windows\20605trojcz9.dll
c:\windows\21317w5rm29z.ocx
c:\windows\21392sz9mbo57b9.bin
c:\windows\21569not-9-viruz5f4.bin
c:\windows\21968not-a5viru97dz.cpl
c:\windows\2259hacktz5lea.bin
c:\windows\2291z9or574b.ocx
c:\windows\22z14wo5979b.bin
c:\windows\23249ackdzor2935.ocx
c:\windows\23490spa5zotd1.exe
c:\windows\237995orm3d7z.dll
c:\windows\23z41spambot597.exe
c:\windows\245105izus98.ocx
c:\windows\24869not-a-vzru59d.ocx
c:\windows\25357hzck9ool4d4.bin
c:\windows\25592zirus165.ocx
c:\windows\25826zac9tool5e7.ocx
c:\windows\25910spy2z9.ocx
c:\windows\25922wzr97ee.exe
c:\windows\25a6sza5se13189.ocx
c:\windows\25b7za9kdoor3076.cpl
c:\windows\25c5spz9are816.dll
c:\windows\25f9dozn5oader1415.dll
c:\windows\25z65ha95tool334.ocx
c:\windows\2656zvi9us5f.ocx
c:\windows\26773vizu5239.ocx
c:\windows\26859vizu91ab.bin
c:\windows\26882szy559.cpl
c:\windows\270559wnzoader2660.dll
c:\windows\27695vir9z92.exe
c:\windows\27822trojz059.dll
c:\windows\279709zt-a-viru53ec.ocx
c:\windows\28032vi5zs7b39.dll
c:\windows\281275pamzot29a.cpl
c:\windows\284959zrus564.dll
c:\windows\28534hacktooz1a29.cpl
c:\windows\28555not-a9v5ruz71.cpl
c:\windows\287fspyw5r91839z.dll
c:\windows\28beb9ck5oorz04.dll
c:\windows\28z0spyw59e1032.dll
c:\windows\290asparse215z.ocx
c:\windows\290z5ief9375.bin
c:\windows\29160spambotz75.dll
c:\windows\29250h9cktool1ze.dll
c:\windows\292ddow5zoader2477.exe
c:\windows\29580szy191.dll
c:\windows\29655ir14z1.ocx
c:\windows\297fthrez54517.bin
c:\windows\29813notza-virus530.bin
c:\windows\29851hackt9ol6f3z.bin
c:\windows\29953troz237.cpl
c:\windows\29a8zh5eat17961.bin
c:\windows\29e9spyw5re20z4.bin
c:\windows\2a81spar5ez1349.exe
c:\windows\2affa9dwzre2105.dll
c:\windows\2b07thzea94854.cpl
c:\windows\2b64spywzr51690.dll
c:\windows\2b6zadd9a5e1265.bin
c:\windows\2c9bthrezt10654.exe
c:\windows\2d6z5hi9f807.cpl
c:\windows\2d8zaddwar59032.ocx
c:\windows\2e99baczdoor351.ocx
c:\windows\2fe9spyw5rz2423.ocx
c:\windows\2z513w9rm1f0.exe
c:\windows\2ze4vi927635.cpl
c:\windows\30269tr9zf5.bin
c:\windows\30313viruz945.exe
c:\windows\30815vi5zs694.dll
c:\windows\30888hazkto95758.cpl
c:\windows\30925z9y341.cpl
c:\windows\30936s5y2z9.cpl
c:\windows\30945worm5z4.dll
c:\windows\30949zrus35e.dll
c:\windows\30999szy5a5.ocx
c:\windows\31152virus593z.ocx
c:\windows\31997not-a-zirus1599.bin
c:\windows\31z959py4c45.ocx
c:\windows\323235rzj491.ocx
c:\windows\32z57ha5kto9l6b6.ocx
c:\windows\3397h9ckto5z70b.exe
c:\windows\369zthie52279.dll
c:\windows\398thizf5172.bin
c:\windows\3992zte5l503.exe
c:\windows\39dadzwnlo5der461.bin
c:\windows\39f4t5ief14z9.exe
c:\windows\3a35sz9rse69.bin
c:\windows\3a9cthreat399z85.cpl
c:\windows\3d7esza5se3179.dll
c:\windows\3e2dth5eat1z290.ocx
c:\windows\3f4bdown5ozder5459.cpl
c:\windows\3z4ast5al159.cpl
c:\windows\3z531sp9mbotbd.ocx
c:\windows\3z54s9ywar53261.ocx
c:\windows\3z799spyda5.bin
c:\windows\3zab5o9nloader487.exe
c:\windows\3zc5spars9107.dll
c:\windows\405zsteal9655.bin
c:\windows\40e0zpyw9re10555.ocx
c:\windows\4119spa9bo5z45.dll
c:\windows\41f9tz5ef1389.exe
c:\windows\4324threz97075.exe
c:\windows\4349t5oj7z9.bin
c:\windows\4382not9z5virus18e.exe
c:\windows\45579zr5sff.exe
c:\windows\4557spy64z9.exe
c:\windows\4570spamb9t23z.cpl
c:\windows\45abz9k5oor2647.bin
c:\windows\45d2spar9ez096.dll
c:\windows\4697not-z-v5rus7bb.ocx
c:\windows\4717b9c5door1698z.exe
c:\windows\47519tealz723.ocx
c:\windows\4909vir3z65.bin
c:\windows\490fadd5aze2244.ocx
c:\windows\4916spyware9z56.cpl
c:\windows\49435ownloader1199z.bin
c:\windows\4955zhi9f2499.ocx
c:\windows\4994spyw5ze1624.bin
c:\windows\4998zddware7465.bin
c:\windows\4b6adownload5r17z69.bin
c:\windows\4c92threat275z7.cpl
c:\windows\4e71spy9arez1425.ocx
c:\windows\4ff5addwar91z02.cpl
c:\windows\4z04spa95e2829.bin
c:\windows\4z30addwa9e2556.ocx
c:\windows\503zw9rm2d5.bin
c:\windows\518szeal2439.cpl
c:\windows\51z3spy9dd5.dll
c:\windows\52c4spy5a9e2536z.exe
c:\windows\53918spyz49.ocx
c:\windows\539downloadez1558.dll
c:\windows\53zfspywar91754.bin
c:\windows\5444zddwa9e1198.ocx
c:\windows\545179orm2z5.ocx
c:\windows\54fbthrezt10990.exe
c:\windows\5512vzru9370.exe
c:\windows\553a9ir3z7.dll
c:\windows\55497spambozfd.ocx
c:\windows\559esparse5994z.exe
c:\windows\55c0thzeat25495.dll
c:\windows\55cdba9kdzor2523.cpl
c:\windows\55czs5eal9027.dll
c:\windows\56159oznloader2148.bin
c:\windows\564fbac5do9r3194z.ocx
c:\windows\5735add5a9ez138.ocx
c:\windows\575zroj29a.dll
c:\windows\59217spy4zb.dll
c:\windows\595zir2774.dll
c:\windows\596cs9yware53z.ocx
c:\windows\597ezi52774.dll
c:\windows\5984haczto5l391.dll
c:\windows\5999zteal1176.bin
c:\windows\59z5thief900.exe
c:\windows\59z85troj5fc.exe
c:\windows\5a5bthiez18189.bin
c:\windows\5a9asp5ware1602z.ocx
c:\windows\5b59baczdoo9804.exe
c:\windows\5b8zvir15519.bin
c:\windows\5b9edownloader5358z.bin
c:\windows\5c14spywzre1591.dll
c:\windows\5c66thizf1489.exe
c:\windows\5cc0ba9kzoor5923.dll
c:\windows\5cfb5z9al3145.bin
c:\windows\5d7cspa5se30z9.cpl
c:\windows\5e299oznloader2550.bin
c:\windows\5e5bthiz91322.ocx
c:\windows\5e5zvir1998.bin
c:\windows\5fdddownl9adez1965.dll
c:\windows\5z24hacktool4995.ocx
c:\windows\5z3cthie91890.bin
c:\windows\5z735o9m14a.bin
c:\windows\5z989troj5559.exe
c:\windows\5zaaspy9are652.bin
c:\windows\5zd2spy59re2843.exe
c:\windows\5ze5steal965.bin
c:\windows\5zff9hie51204.dll
c:\windows\6026a9dw5rz2527.cpl
c:\windows\6126thief1597z.exe
c:\windows\615fbackz9or1257.cpl
c:\windows\619zs5arse25759.dll
c:\windows\61z9vir2955.exe
c:\windows\63195o9z157.bin
c:\windows\632bst5alz849.dll
c:\windows\645zparse2239.bin
c:\windows\649atzrea525717.cpl
c:\windows\6594virus65z.bin
c:\windows\6596steal997z.exe
c:\windows\6615wor5b9z.cpl
c:\windows\6997spyw5rez603.bin
c:\windows\69985roz599.cpl
c:\windows\69c3tzr5at200069.ocx
c:\windows\6a48threa92z5975.exe
c:\windows\6aa0t5ie95z9.cpl
c:\windows\6azcsp5w9re921.cpl
c:\windows\6bc7back5o9r1z45.dll
c:\windows\6ce99ow5loaderz191.exe
c:\windows\6d469ackdoor574z.ocx
c:\windows\6d8ca9dwarz2553.exe
c:\windows\6e8ca9dwar523z0.ocx
c:\windows\6f99zpywar95235.bin
c:\windows\6fc5sp9r5z2194.exe
c:\windows\7038noz-a-v5ru92b9.exe
c:\windows\709b5parse18z1.exe
c:\windows\7352zroj995.bin
c:\windows\7532zot-a-9irusf6.ocx
c:\windows\75zdback5oor9729.ocx
c:\windows\781fsza9se3151.ocx
c:\windows\7902zac5door1455.cpl
c:\windows\7949sparz9805.cpl
c:\windows\799zthie9657.ocx
c:\windows\79b5steal29z7.cpl
c:\windows\7b0t9zef2577.ocx
c:\windows\7b95spywa5e255z.dll
c:\windows\7bcddow5loade9z160.bin
c:\windows\7fc3b9c5door1587z.dll
c:\windows\7z47virus695.bin
c:\windows\7z52v5r18289.dll
c:\windows\7z5evir1790.bin
c:\windows\7zb5sp9rse2300.cpl
c:\windows\7zd6spa59e2726.cpl
c:\windows\852spars92z85.exe
c:\windows\85419pamzot1b1.bin
c:\windows\855vzr23259.ocx
c:\windows\902dbackdo5r1334z.ocx
c:\windows\90zspy5are1735.ocx
c:\windows\911dozn9oader10995.exe
c:\windows\91305trojz9.ocx
c:\windows\9158spywar52z67.bin
c:\windows\92182wozm415.bin
c:\windows\9252adz5are941.exe
c:\windows\9294vi5us6z9.cpl
c:\windows\92b5downloaderz30.bin
c:\windows\9305h9cktozl366.cpl
c:\windows\9330s5yzare2670.ocx
c:\windows\9351viz5165.cpl
c:\windows\93847hz5ktool740.bin
c:\windows\94143virus508z.ocx
c:\windows\9417spywarz544.bin
c:\windows\9442th5ef2711z.bin
c:\windows\951375py570z.bin
c:\windows\95277worm3e2z.cpl
c:\windows\9595vir9z1c0.cpl
c:\windows\96973not-a-vir5s117z.ocx
c:\windows\97176zirus595.ocx
c:\windows\9751trojz95.ocx
c:\windows\97zasparse357.exe
c:\windows\982cth5ef3z2.cpl
c:\windows\9923s5y9z5.ocx
c:\windows\99324no5-a-virus25z.exe
c:\windows\993z1sp5mbot538.ocx
c:\windows\9945spa59zt7cc.bin
c:\windows\9953spamboz4285.dll
c:\windows\9e7th5ezt111299.exe
c:\windows\9f965tzal2944.dll
c:\windows\9z05hack5ool9c9.bin
c:\windows\9z959py3d0.ocx
c:\windows\9z99troj55.bin
c:\windows\b7dtzi952572.dll
c:\windows\be19ddware1559z.exe
c:\windows\d38zt59l2411.cpl
c:\windows\e1bthreat901z75.exe
c:\windows\fz95pyware1051.ocx
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\10369zpambot25c.ocx
c:\windows\system32\10437not-9-v5rzs748.bin
c:\windows\system32\10e5vi9850z.ocx
c:\windows\system32\11195n5t-a-zirus719.exe
c:\windows\system32\1141595rzs760.bin
c:\windows\system32\11795zpy68.bin
c:\windows\system32\1179znot-a5virus4b7.exe
c:\windows\system32\12019not-a9virzs1b5.exe
c:\windows\system32\12228not-9-v5rusz9c.exe
c:\windows\system32\1236downz9ader3549.ocx
c:\windows\system32\1245stezl9261.exe
c:\windows\system32\12561h9cktoz5ac.dll
c:\windows\system32\12953zirus9b0.ocx
c:\windows\system32\129bst5zl489.cpl
c:\windows\system32\12z3wo5m7639.bin
c:\windows\system32\13075wo9m2z.bin
c:\windows\system32\13367s9amb5t54fz.ocx
c:\windows\system32\135819ot-azviru557b.cpl
c:\windows\system32\13z26tr591fe.cpl
c:\windows\system32\14263s5926z.dll
c:\windows\system32\14325spy92z.ocx
c:\windows\system32\14643woz955a.dll
c:\windows\system32\14755no9-a-vi5uzb5.dll
c:\windows\system32\1483zhi953157.exe
c:\windows\system32\1496thzef5819.dll
c:\windows\system32\149ebackdoorz9635.dll
c:\windows\system32\1530zwor5390.bin
c:\windows\system32\1540znot-a-vi59s5c1.dll
c:\windows\system32\154259acktzol580.dll
c:\windows\system32\15439not-z-5irus7bb.dll
c:\windows\system32\15691not-a-viru51fz.bin
c:\windows\system32\15937spy32cz.dll
c:\windows\system32\1595vir2699z.cpl
c:\windows\system32\15zfthie922135.exe
c:\windows\system32\16981spzmbot57b5.cpl
c:\windows\system32\173dsp5wzre289.dll
c:\windows\system32\17888zpy595.cpl
c:\windows\system32\17892worz952.ocx
c:\windows\system32\17b1thi9z5071.dll
c:\windows\system32\17b9downloader5572z.ocx
c:\windows\system32\18119sp95z6.bin
c:\windows\system32\18354n5t-z-vi9us1d8.bin
c:\windows\system32\1857sparz92384.cpl
c:\windows\system32\18854wor95zf.exe
c:\windows\system32\18915zpydd.bin
c:\windows\system32\18918hackt5ol7a5z.bin
c:\windows\system32\18a9vir258z.dll
c:\windows\system32\18zfs9eal2553.cpl
c:\windows\system32\18zspy905.bin
c:\windows\system32\190465rojzb9.exe
c:\windows\system32\190z5virus15b.dll
c:\windows\system32\19197vir5s399z.cpl
c:\windows\system32\19409not-a-viru512az.ocx
c:\windows\system32\19492wzr51aa9.ocx
c:\windows\system32\19493spydz5.exe
c:\windows\system32\19807zo5mda.dll
c:\windows\system32\1985threat29991z.ocx
c:\windows\system32\198825orm7za9.bin

part 213th June 2009, 11:49 pm

c:\windows\system32\1azbsp5r9e1002.ocx
c:\windows\system32\1b2ddowzloader5912.ocx
c:\windows\system32\1b945ackdoor580z.cpl
c:\windows\system32\1bz45ackdoor609.cpl
c:\windows\system32\1c0b5py9are2952z.cpl
c:\windows\system32\1c9zback5oor894.bin
c:\windows\system32\1d5athief829z.dll
c:\windows\system32\1decsp5ware192z.ocx
c:\windows\system32\1e5cvi9146z.bin
c:\windows\system32\1e76zte95302.ocx
c:\windows\system32\1e80spy95ze1457.ocx
c:\windows\system32\1e88doznloader2095.cpl
c:\windows\system32\1e995zwnloader984.cpl
c:\windows\system32\1fbddownlzader5919.exe
c:\windows\system32\1z15downloade95903.bin
c:\windows\system32\1z201hacktool5795.cpl
c:\windows\system32\1z295hackto9l6e6.dll
c:\windows\system32\1z559virus2e5.ocx
c:\windows\system32\1z677hack9oo5261.bin
c:\windows\system32\20265n5z-a-9irus70.dll
c:\windows\system32\20557zorm5f59.exe
c:\windows\system32\20592s9z2755.ocx
c:\windows\system32\206abazkdo5r1739.bin
c:\windows\system32\20790t5oj1ze.cpl
c:\windows\system32\209789zrus5d1.cpl
c:\windows\system32\219e5hiez3075.cpl
c:\windows\system32\222no5-azvi9us495.bin
c:\windows\system32\222zr5j9a.dll
c:\windows\system32\226985ormzb0.cpl
c:\windows\system32\22905zpy359.ocx
c:\windows\system32\22995tr5jz66.dll
c:\windows\system32\22996worm25bz.bin
c:\windows\system32\229d5zeal1041.ocx
c:\windows\system32\22bcth9ez555.exe
c:\windows\system32\23496not9a-zir5s3de.ocx
c:\windows\system32\23657s5ambot3ze9.dll
c:\windows\system32\23966spa9bot35z.ocx
c:\windows\system32\2420vi514z59.ocx
c:\windows\system32\24554zot5a-vir9s267.dll
c:\windows\system32\24619wormz95.exe
c:\windows\system32\246edoznl95der1935.exe
c:\windows\system32\2503zvirus3895.cpl
c:\windows\system32\250559ot-a-virzs329.ocx
c:\windows\system32\2510n9t-a-virus2z6.ocx
c:\windows\system32\25315ha9ktool649z.bin
c:\windows\system32\2583addwzre23549.dll
c:\windows\system32\259475ot-a-z9rus655.ocx
c:\windows\system32\2597zt59j7a6.cpl
c:\windows\system32\25987spambot50z.cpl
c:\windows\system32\2599wozm6d5.ocx
c:\windows\system32\25z4h9cktool6145.ocx
c:\windows\system32\25z75hackt9ol575.bin
c:\windows\system32\26488z9t-5-virus428.dll
c:\windows\system32\26496trojz755.bin
c:\windows\system32\266509ot-a-vizus1bb.cpl
c:\windows\system32\274845ot9z-virus7c7.dll
c:\windows\system32\2779zsp95ea.bin
c:\windows\system32\27e39teaz1575.exe
c:\windows\system32\28249zpy795.cpl
c:\windows\system32\2899zs5y5ff.ocx
c:\windows\system32\28e9spywa5e2z91.exe
c:\windows\system32\29152wo9m25z.cpl
c:\windows\system32\29545worz921.cpl
c:\windows\system32\29553szy7259.dll
c:\windows\system32\297559irus22dz.exe
c:\windows\system32\29785orm7z9.cpl
c:\windows\system32\29954spz3dc.exe
c:\windows\system32\2b6fdown5oadzr9191.ocx
c:\windows\system32\2b89backz5or16089.exe
c:\windows\system32\2c59zownloader1216.dll
c:\windows\system32\2da2zownl5ader1679.ocx
c:\windows\system32\2f54backd5zr9969.ocx
c:\windows\system32\2f68ad5wzre2946.bin
c:\windows\system32\2f959ir2756z.cpl
c:\windows\system32\2f97backdoz916325.exe
c:\windows\system32\2z1a5ddware9045.cpl
c:\windows\system32\2z35459oj5c2.bin
c:\windows\system32\3039zvi5us9f7.ocx
c:\windows\system32\30657viruz983.bin
c:\windows\system32\30695not-5-zirus5c.dll
c:\windows\system32\30729not-a-viru57ez.exe
c:\windows\system32\308z759rus149.ocx
c:\windows\system32\30916not-a-v5ruz677.bin
c:\windows\system32\30z5thief2359.cpl
c:\windows\system32\30z95teal767.bin
c:\windows\system32\3114ztroj5965.ocx
c:\windows\system32\3119v5z2359.dll
c:\windows\system32\31396zirus975.cpl
c:\windows\system32\3185zworm908.exe
c:\windows\system32\31924virzs5f9.cpl
c:\windows\system32\31925not-9-zirus7b3.dll
c:\windows\system32\3193z5ot-a-virus4b3.exe
c:\windows\system32\32194worz95e5.dll
c:\windows\system32\32259spambot43z.exe
c:\windows\system32\325z3worm9b4.cpl
c:\windows\system32\33z8thr59t1476.exe
c:\windows\system32\3559zroj3aa9.ocx
c:\windows\system32\372zthr5at29985.cpl
c:\windows\system32\3759zhie93069.dll
c:\windows\system32\381fspywzre5958.exe
c:\windows\system32\3909not5a9viruz524.dll
c:\windows\system32\39189s5z45f.exe
c:\windows\system32\392ethi5f936z.exe
c:\windows\system32\393e5pywa9e2267z.ocx
c:\windows\system32\3952not-a-viru5z46.exe
c:\windows\system32\395aviz342.dll
c:\windows\system32\395fa5zware1113.exe
c:\windows\system32\39d2spyw9re1z675.exe
c:\windows\system32\39f5vir500z.exe
c:\windows\system32\3a61thizf9485.exe
c:\windows\system32\3ae15tzal139.exe
c:\windows\system32\3b579tezl1953.ocx
c:\windows\system32\3bbfad5ware2z259.cpl
c:\windows\system32\3cz8thre5t82369.exe
c:\windows\system32\3d0cs5yz9re274.cpl
c:\windows\system32\3d9zba9kdoor225.dll
c:\windows\system32\3z77wor96ab5.exe
c:\windows\system32\3z84vir92965.bin
c:\windows\system32\3z89thi9f5473.exe
c:\windows\system32\40425ownl9adez2681.exe
c:\windows\system32\40e8dzwnlo5der59.exe
c:\windows\system32\40fat5reat17559z.dll
c:\windows\system32\40zb5ddwar91326.cpl
c:\windows\system32\4155threaz187859.exe
c:\windows\system32\4179vir3z57.ocx
c:\windows\system32\42fcthr5at9408z.exe
c:\windows\system32\43d9thzef2359.ocx
c:\windows\system32\4509stzal1532.ocx
c:\windows\system32\4556t9rza511172.bin
c:\windows\system32\4594stea52z70.ocx
c:\windows\system32\4597zpambot8a.cpl
c:\windows\system32\459zth9ef2036.cpl
c:\windows\system32\467fs5y9aze1425.dll
c:\windows\system32\4703wor5z91.ocx
c:\windows\system32\475c9ownloaderz04.cpl
c:\windows\system32\479bzparse2576.cpl
c:\windows\system32\491aspzware9549.bin
c:\windows\system32\493bstezl5475.ocx
c:\windows\system32\4955spyw9re8z6.cpl
c:\windows\system32\4959sparse2z07.bin
c:\windows\system32\49ddzackd9or1561.bin
c:\windows\system32\4b52zhief2359.cpl
c:\windows\system32\4cc9ste5l857z.cpl
c:\windows\system32\4cf5th9eaz13591.ocx
c:\windows\system32\4e1f9ir52z1.ocx
c:\windows\system32\4edat5rea9155z0.dll
c:\windows\system32\4ef5ste95z272.exe
c:\windows\system32\4f9ezparse1558.dll
c:\windows\system32\4z1bthr9at8365.exe
c:\windows\system32\4z52threat28849.dll
c:\windows\system32\5069zroj243.cpl
c:\windows\system32\507309zrus7b2.cpl
c:\windows\system32\511cdown9oazer3127.dll
c:\windows\system32\51f9zpywa9e1847.dll
c:\windows\system32\5253thief2z49.ocx
c:\windows\system32\5291bzckdoor2123.bin
c:\windows\system32\53329virus9fz.cpl
c:\windows\system32\5439t9rzat181375.bin
c:\windows\system32\549fdownloaderz7495.cpl
c:\windows\system32\54a5viz11049.ocx
c:\windows\system32\54z1b9ckdoor2568.cpl
c:\windows\system32\54z5backd9or1570.ocx
c:\windows\system32\5509troj5c1z.bin
c:\windows\system32\55315i9us48z.ocx
c:\windows\system32\5551not-9zvirus559.ocx
c:\windows\system32\555bsparse2z09.ocx
c:\windows\system32\55609worm61cz.cpl
c:\windows\system32\55779zrus65f.exe
c:\windows\system32\558cth9ef5z9.exe
c:\windows\system32\55dc9hie5z194.exe
c:\windows\system32\56z9hac9t5ol582.exe
c:\windows\system32\5731thre9t9030z.ocx
c:\windows\system32\57899wor947z.cpl
c:\windows\system32\585799py53z.exe
c:\windows\system32\58708not-a-zirus9d8.ocx
c:\windows\system32\589z5ac9tool2e7.dll
c:\windows\system32\590avir18z39.exe
c:\windows\system32\59463not-a-viruz938.exe
c:\windows\system32\59601h9cktzol45c.exe
c:\windows\system32\5970vir19z1.exe
c:\windows\system32\5991wzrm5955.bin
c:\windows\system32\599bsteal549z.ocx
c:\windows\system32\59c7spazse9335.dll
c:\windows\system32\59d1spars51199z.ocx
c:\windows\system32\5a129hzeat20081.dll
c:\windows\system32\5bccba9kdozr1673.bin
c:\windows\system32\5c3es9arz51477.exe
c:\windows\system32\5c7cstea5z569.exe
c:\windows\system32\5c95thr9at916z.bin
c:\windows\system32\5czab9c5door775.cpl
c:\windows\system32\5d89zh5eat16888.exe
c:\windows\system32\5d95addware314z.bin
c:\windows\system32\5est9al1510z.dll
c:\windows\system32\5z19ad9ware1405.exe
c:\windows\system32\5z688spambot19.exe
c:\windows\system32\5zf3sparse2908.cpl
c:\windows\system32\62z7vir54309.ocx
c:\windows\system32\640fspa5se9763z.exe

part313th June 2009, 11:50 pm

c:\windows\system32\6529threat256z9.bin
c:\windows\system32\6540thie9z187.cpl
c:\windows\system32\656ds9zal1228.exe
c:\windows\system32\658estzal2997.ocx
c:\windows\system32\6599vi5usza9.ocx
c:\windows\system32\65dz9parse186.exe
c:\windows\system32\65zcste9l1508.exe
c:\windows\system32\6694tro9552z.bin
c:\windows\system32\68dcsp5zs92170.bin
c:\windows\system32\6911tro9651z.bin
c:\windows\system32\6992w5rz173.ocx
c:\windows\system32\69z3th5ef872.ocx
c:\windows\system32\6a15add9arez265.ocx
c:\windows\system32\6ac6z9a5se2264.cpl
c:\windows\system32\6b84spy9arez589.bin
c:\windows\system32\6c875ownloa9er2163z.bin
c:\windows\system32\6dcdt9iefz5005.cpl
c:\windows\system32\6e559ownloadzr1912.ocx
c:\windows\system32\6z115teal699.ocx
c:\windows\system32\6ze5v9r12365.cpl
c:\windows\system32\6ze7a5dwar91259.exe
c:\windows\system32\6zeaspar591525.bin
c:\windows\system32\7051zroj97.bin
c:\windows\system32\709not-a-vi9uz5ad.exe
c:\windows\system32\710zs9yware22425.cpl
c:\windows\system32\735fvirz9555.exe
c:\windows\system32\73zdspyw5re795.dll
c:\windows\system32\75d1s9arse21z5.cpl
c:\windows\system32\76z0n95-a-virus451.dll
c:\windows\system32\7728sze5l1977.cpl
c:\windows\system32\772e5ddwzr9358.bin
c:\windows\system32\77e5ste9z21775.bin
c:\windows\system32\77e9thze51111.dll
c:\windows\system32\785zspyware9175.cpl
c:\windows\system32\791bdownloaderz542.bin
c:\windows\system32\79zfdownlo9der14035.cpl
c:\windows\system32\7b15zackdoo9474.ocx
c:\windows\system32\7b97thr5at1974z.dll
c:\windows\system32\7ba9tzie5702.dll
c:\windows\system32\7d31b5c9zoor2767.bin
c:\windows\system32\7z5dthie92665.ocx
c:\windows\system32\7z85vir3901.cpl
c:\windows\system32\8076ha9ktooz510.cpl
c:\windows\system32\8242z9r5s720.dll
c:\windows\system32\8291vzr594dc.ocx
c:\windows\system32\85szeal1759.cpl
c:\windows\system32\8829troz365.dll
c:\windows\system32\8995hack5oolz8d.ocx
c:\windows\system32\902995acktool34z.cpl
c:\windows\system32\9116zspy556.bin
c:\windows\system32\91468spamb5t363z.ocx
c:\windows\system32\91815trzj116.bin
c:\windows\system32\92165hackzool743.cpl
c:\windows\system32\92451worm7z1.bin
c:\windows\system32\92513not-a5vzrus3ce.bin
c:\windows\system32\9263vzrus95c.cpl
c:\windows\system32\92965o9m4z4.exe
c:\windows\system32\9304hackzoo573d.cpl
c:\windows\system32\9372hacktzol62b5.exe
c:\windows\system32\93z65spy4bb5.bin
c:\windows\system32\957zr5j6c.ocx
c:\windows\system32\9598not-a-virus59az.bin
c:\windows\system32\95zbvir1874.exe
c:\windows\system32\962th9eatz8855.bin
c:\windows\system32\9637z5roj54b.ocx
c:\windows\system32\9759hreat31235z.bin
c:\windows\system32\9812s5eal2581z.cpl
c:\windows\system32\9835szambot395.bin
c:\windows\system32\98zaddwar53982.cpl
c:\windows\system32\993ev5r81z.cpl
c:\windows\system32\99a4downloz5er996.bin
c:\windows\system32\99zvir5813.exe
c:\windows\system32\9c8bspy5arez492.bin
c:\windows\system32\9d7db5ckdozr1815.dll
c:\windows\system32\9ec5azkdoor2176.bin
c:\windows\system32\9f7baz5door2040.exe
c:\windows\system32\9z9not-a-viru5921.bin
c:\windows\system32\a05s9arsz1504.bin
c:\windows\system32\bz9spy5are3069.bin
c:\windows\system32\c0caddwar5z699.dll
c:\windows\system32\c2359arsz2453.cpl
c:\windows\system32\cb8sze591232.ocx
c:\windows\system32\d55spzrse3192.exe
c:\windows\system32\df5downl95der1z44.ocx
c:\windows\system32\z1023not-a-viru53b89.exe
c:\windows\system32\z15cv9r1297.bin
c:\windows\system32\z16759oj15f.dll
c:\windows\system32\z1ef9d5ware1739.ocx
c:\windows\system32\z359hief1742.bin
c:\windows\system32\z408troj59e.bin
c:\windows\system32\z4bf59eal2092.ocx
c:\windows\system32\z50419roj692.exe
c:\windows\system32\z5235pambot690.bin
c:\windows\system32\z544vir21109.cpl
c:\windows\system32\z551steal1197.ocx
c:\windows\system32\z559backdoor1319.exe
c:\windows\system32\z55csteal1229.ocx
c:\windows\system32\z59th5ef911.cpl
c:\windows\system32\z610thief27295.dll
c:\windows\system32\z669downl5ader3215.exe
c:\windows\system32\z6a5spyware1391.bin
c:\windows\system32\z945spyware2616.ocx
c:\windows\system32\z9579s9y523.cpl
c:\windows\system32\z9a35hrea932429.dll
c:\windows\system32\z9fedownlo5der2270.exe
c:\windows\system32\zadeba5kdoor1749.ocx
c:\windows\system32\zb3as9ar5e459.dll
c:\windows\system32\zc01backdoor559.bin
c:\windows\system32\zc9bt9re5t15089.bin
c:\windows\system32\zfe7steal22195.exe
c:\windows\z0285wo9m46b.dll
c:\windows\z19th9ea514978.exe
c:\windows\z273steal95165.bin
c:\windows\z3015hack59ol45f.ocx
c:\windows\z3522not-a-v9rus5d.dll
c:\windows\z43509roj558.exe
c:\windows\z474s5ambot329.ocx
c:\windows\z568worm49a9.cpl
c:\windows\z5c6s9arse593.exe
c:\windows\z615v9rus55d.bin
c:\windows\z6175sp9mbot5f7.ocx
c:\windows\z786sp9rse5558.exe
c:\windows\z85troj59f5.exe
c:\windows\z91threat27599.exe
c:\windows\z9455o9-a-virus77.dll
c:\windows\z950v9ru55f4.bin
c:\windows\z9598worm6ad.bin
c:\windows\z99955roj94.dll
c:\windows\zdd5b9ckdoo51514.exe
.
---- Previous Run -------
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS

((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-11-03 17:59 . 2009-11-03 17:59 8824 ----a-w- c:\windows\zd5aspyware69.bin
2009-09-26 11:46 . 2009-09-26 11:46 16745 ----a-w- c:\windows\580959tza-virus2.exe
2009-06-13 01:20 . 2009-06-13 01:20 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-06-13 01:20 . 2009-06-13 01:20 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-06-13 01:20 . 2009-06-13 01:20 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-13 01:20 . 2009-06-13 01:21 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Spyware Terminator
2009-06-12 23:09 . 2009-06-12 23:09 -------- d-----w- C:\rsit
2009-06-12 23:06 . 2009-06-12 23:10 116623 ----a-w- C:\MGlogs.zip
2009-06-12 22:30 . 2009-06-12 22:30 -------- d-----w- C:\!KillBox
2009-06-11 20:58 . 2009-06-11 20:58 -------- d-----w- c:\program files\RegCure
2009-06-11 20:58 . 2009-06-11 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-06-11 16:23 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 16:23 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 16:23 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 16:23 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-07 19:10 . 2009-06-12 23:10 -------- d-----w- C:\MGtools
2009-06-07 19:10 . 2009-06-07 19:10 1342151 ----a-w- C:\MGtools.exe
2009-06-07 16:59 . 2009-06-07 16:59 451655 ----a-w- c:\temp\RootRepeal.zip
2009-06-07 13:18 . 2009-06-07 13:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-07 12:55 . 2009-06-13 03:23 -------- d-----w- c:\program files\Spyware Terminator
2009-06-07 12:55 . 2009-06-13 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-06 04:08 . 2009-06-07 13:00 -------- d-----w- c:\program files\Trend Micro
2009-06-06 03:36 . 2009-06-06 03:36 -------- d-----w- C:\_OTM
2009-06-04 21:57 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 21:57 . 2009-06-04 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-04 21:57 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 21:57 . 2009-06-12 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 23:16 . 2009-06-02 23:16 361472 ----a-w- c:\windows\system32\tempo-setup2.exe
2009-05-30 14:23 . 2009-05-30 14:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-30 14:01 . 2009-05-30 14:01 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-05-30 13:58 . 2009-05-30 13:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-05-30 13:58 . 2009-05-30 13:58 -------- d-----w- c:\program files\PluginVideo
2009-05-26 22:41 . 2009-05-26 22:41 -------- d-sh--w- c:\documents and settings\Big Bad Jean\PrivacIE
2009-05-25 13:10 . 2009-05-25 13:10 -------- d-sh--w- c:\documents and settings\Big Bad Jean\IECompatCache
2009-05-24 16:02 . 2009-05-24 16:02 53248 ----a-w- c:\documents and settings\Zee\Application Data\Thinstall\Microsoft Office Enterprise 2007\4000006800002h\HPZSTC12.exe
2009-05-24 15:32 . 2009-05-24 15:32 53248 ----a-w- c:\documents and settings\Zee\Application Data\Thinstall\Microsoft Office Enterprise 2007\400000600002h\ctfmon.exe
2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\documents and settings\Zee\Application Data\Thinstall
2009-05-24 15:31 . 2009-05-24 15:31 -------- d-sh--w- c:\documents and settings\Zee\IETldCache
2009-05-22 21:36 . 2009-05-22 21:36 -------- d-sh--w- c:\documents and settings\Big Bad Jean\IETldCache
2009-05-22 21:00 . 2009-06-12 22:27 -------- d-----w- c:\windows\ie8updates
2009-05-22 21:00 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-22 20:58 . 2009-05-22 20:59 -------- dc-h--w- c:\windows\ie8
2009-05-22 20:48 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

pt 413th June 2009, 11:52 pm

.
2009-06-13 16:27 . 2009-04-01 08:45 117760 ----a-w- c:\documents and settings\Big Bad Jean\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-13 16:23 . 2009-02-19 21:44 90586 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-06-13 16:23 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-06-02 23:18 . 2009-02-17 21:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-02 23:17 . 2009-02-15 23:46 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Free Download Manager
2009-05-27 20:03 . 2009-04-10 21:52 -------- d-----w- c:\program files\Sims2Pack Clean Installer
2009-05-13 05:15 . 2009-02-17 04:07 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2009-02-17 04:07 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 21:53 . 2009-02-16 21:57 -------- d-----w- c:\program files\PartyGaming
2009-04-24 20:44 . 2009-04-24 20:44 -------- d-----w- c:\program files\Coupons
2009-04-24 01:37 . 2009-04-24 01:37 53248 ----a-w- c:\documents and settings\Big Bad Jean\Application Data\Thinstall\Microsoft Office Enterprise 2007\4000006800002h\HPZSTC12.exe
2009-04-24 01:35 . 2009-04-24 01:35 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Thinstall
2009-04-22 21:05 . 2009-04-22 21:05 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\U3
2009-04-17 12:26 . 2009-02-17 04:07 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2009-02-17 04:07 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 20:44 . 2009-04-14 20:44 135 ----a-w- c:\documents and settings\Big Bad Jean\Local Settings\Application Data\fusioncache.dat
2009-04-10 22:15 . 2009-04-10 22:15 126 ----a-w- c:\documents and settings\Zee\Local Settings\Application Data\fusioncache.dat
2009-04-05 14:28 . 2009-04-05 14:23 68268 ----a-w- c:\windows\hpoins05.dat
2004-12-07 17:13 . 2004-12-07 17:13 703080 ----a-w- c:\program files\BDA.cab
2004-12-07 17:13 . 2004-12-07 17:13 3578547 ----a-w- c:\program files\ManagedDX.CAB
2004-12-07 17:13 . 2004-12-07 17:13 1156363 ----a-w- c:\program files\BDANT.cab
2004-12-07 17:13 . 2004-12-07 17:13 479432 ----a-w- c:\program files\dxsetup.exe
2004-12-07 17:13 . 2004-12-07 17:13 69832 ----a-w- c:\program files\DSETUP.dll
2004-12-07 17:13 . 2004-12-07 17:13 2249416 ----a-w- c:\program files\dsetup32.dll
2004-12-07 17:13 . 2004-12-07 17:13 13265040 ----a-r- c:\program files\dxnt.cab
2004-12-07 17:13 . 2004-12-07 17:13 976020 ----a-w- c:\program files\BDAXP.cab
2004-12-07 17:13 . 2004-12-07 17:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-12-07 16:47 . 2004-12-07 16:47 20717 ----a-w- c:\program files\DirectX SDK EULA.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"tempo-setup2.exe"="c:\windows\system32\tempo-setup2.exe" [2009-06-02 361472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 18:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 8:08 PM 93712]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [1/19/2009 3:25 PM 17952]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 8:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 8:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 8:08 PM 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 2:50 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 8:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 8:08 PM 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 11:24 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 11:24 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 8:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 8:08 PM 88816]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 10:10 PM 189704]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\windows\Tasks\CAAntiSpywareScan_Daily as Big Bad Jean at 4 15 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

2009-06-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-13 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 13:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(128)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(480)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
Completion time: 2009-06-13 13:07
ComboFix-quarantined-files.txt 2009-06-13 17:07

Pre-Run: 256,961,261,568 bytes free
Post-Run: 257,119,682,560 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
895 --- E O F --- 2009-06-12 22:27

Re: WIN BLUE SOFT VICTIM14th June 2009, 12:11 am

Hello.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\zd5aspyware69.bin
c:\windows\580959tza-virus2.exe
C:\MGlogs.zip
C:\MGtools.exe
c:\temp\RootRepeal.zip
c:\windows\system32\tempo-setup2.exe

Folder::
c:\program files\Coupons
C:\rsit
C:\!KillBox
C:\MGtools
C:\_OTM

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"tempo-setup2.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
WIN BLUE SOFT VICTIM - Page 2 Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

WIN BLUE SOFT FIX B_S_WARNING FOR DELETING BLOCKER_DLL_FILE14th June 2009, 4:32 am

I have win blue soft with the following symptoms on XP:

-cannot open programs
-safe mode does identical stuff to regualar mode
-cannot open task manager
-attomatic shut down in 5 min because the pointer drags itself to the start menu and logs off

I came across this so called help file but WARNING! I deleted the blocker.dll and my computer will no longer turn on. It just starts for about 2 seconds and the no power, no nothing. Reading this blog I am wondering if its a pile of junk and blocker.dll is important. I was starting to trying to get rid on the winbluesoft by deleting the 0whatev23.dll in the windows but why does it have to come to this. Im assuming that the hackers are posting the help files. With this broken computer, I wonder the next stages for this computer. How would you go about resetting the computer when it does not do anything. Just disaster. Please comment if you think not.

NM BLOCKER_DLL MIGHT BE THE ISSUE14th June 2009, 4:41 am

I had a frustrating 2 weeks of trying to fix this bug called winbluesoft. These instructions could be correct therefore ignore my previous message. Thanks

COMPUTER FIXED14th June 2009, 5:42 am

Honestly, these simple steps work:

1. Get rid of blocker.dll in windows32 folder by using software killbox
2. Run Combo-Fix

THANKS SO MUCH. I want to kiss you

Good Morning !! For some reason This did not want to work !! Took all night to f14th June 2009, 12:12 pm

ComboFix 09-06-13.09 - Big Bad Jean 06/14/2009 7:46.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.160 [GMT -4:00]
Running from: c:\documents and settings\Big Bad Jean\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Big Bad Jean\Desktop\CFScript.txt,.txt
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

FILE ::
"C:\MGlogs.zip"
"C:\MGtools.exe"
"c:\temp\RootRepeal.zip"
"c:\windows\580959tza-virus2.exe"
"c:\windows\system32\tempo-setup2.exe"
"c:\windows\zd5aspyware69.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\!KillBox
C:\_OTM
C:\MGtools
c:\program files\Coupons
C:\rsit
c:\!killbox\blocker.dll( 1)
c:\!killbox\blocker.dll( 2)
c:\!killbox\Logs\kb.log
c:\_otm\MovedFiles\06052009_233606.log
c:\_otm\MovedFiles\06052009_233606.res
C:\MGlogs.zip
C:\MGtools.exe
c:\mgtools\analyse.exe
c:\mgtools\chodefix.bat
c:\mgtools\config.reg
c:\mgtools\DisableUAC.reg
c:\mgtools\EnableUAC.reg
c:\mgtools\ffdata.txt
c:\mgtools\filelog.txt
c:\mgtools\FindOVL.bat
c:\mgtools\FixBagle.bat
c:\mgtools\fixBagle.reg
c:\mgtools\FixCF.bat
c:\mgtools\fixCF.reg
c:\mgtools\fixChode.reg
c:\mgtools\FixFA.bat
c:\mgtools\fixFA.reg
c:\mgtools\GetDetails.exe
c:\mgtools\GetLogs.Bat
c:\mgtools\GetRunKey.bat
c:\mgtools\GetUnKey.txt
c:\mgtools\GetUnKeys.bat
c:\mgtools\grep.exe
c:\mgtools\GRK64.bat
c:\mgtools\hide.reg
c:\mgtools\hijackthis.log
c:\mgtools\history.txt
c:\mgtools\HTAfind.bat
c:\mgtools\IEFIX.reg
c:\mgtools\locate.com
c:\mgtools\ltime.exe
c:\mgtools\newfiles.txt
c:\mgtools\procdll.txt
c:\mgtools\Process.exe
c:\mgtools\ProcessDll.exe
c:\mgtools\Regfix.bat
c:\mgtools\runkeys.txt
c:\mgtools\sed.exe
c:\mgtools\ShowNew.bat
c:\mgtools\SN64.bat
c:\mgtools\swreg.exe
c:\mgtools\swwhoami.exe
c:\mgtools\sysinfo.txt
c:\mgtools\sysrest.txt
c:\mgtools\unhide.reg
c:\mgtools\UserInfo.bat
c:\mgtools\UserInfo.txt
c:\mgtools\vfind.exe
c:\mgtools\VunFind.bat
c:\mgtools\winfiles.txt
c:\mgtools\zip.exe
c:\program files\Coupons\Coupons.com.url
c:\program files\Coupons\uninstall.exe
c:\program files\Coupons\Uninstall\IRIMG1.JPG
c:\program files\Coupons\Uninstall\IRIMG2.JPG
c:\program files\Coupons\Uninstall\IRIMG3.JPG
c:\program files\Coupons\Uninstall\IRIMG4.JPG
c:\program files\Coupons\Uninstall\IRIMG5.JPG
c:\program files\Coupons\Uninstall\IRIMG6.JPG
c:\program files\Coupons\Uninstall\IRIMG7.JPG
c:\program files\Coupons\Uninstall\IRIMG8.JPG
c:\program files\Coupons\Uninstall\uninstall.dat
c:\program files\Coupons\Uninstall\uninstall.xml
c:\rsit\info.txt
c:\rsit\log.txt
c:\temp\RootRepeal.zip
c:\windows\580959tza-virus2.exe
c:\windows\system32\tempo-setup2.exe
c:\windows\zd5aspyware69.bin

.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.

2009-06-13 01:20 . 2009-06-13 01:20 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-06-13 01:20 . 2009-06-13 01:20 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-06-13 01:20 . 2009-06-13 01:20 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-13 01:20 . 2009-06-13 01:21 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Spyware Terminator
2009-06-11 20:58 . 2009-06-14 00:40 -------- d-----w- c:\program files\RegCure
2009-06-11 20:58 . 2009-06-11 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-06-11 16:23 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 16:23 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 16:23 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 16:23 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-07 13:18 . 2009-06-07 13:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-07 12:55 . 2009-06-13 03:23 -------- d-----w- c:\program files\Spyware Terminator
2009-06-07 12:55 . 2009-06-13 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-06 04:08 . 2009-06-07 13:00 -------- d-----w- c:\program files\Trend Micro
2009-06-04 21:57 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 21:57 . 2009-06-04 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-04 21:57 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 21:57 . 2009-06-12 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-30 14:23 . 2009-05-30 14:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-30 14:01 . 2009-05-30 14:01 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-05-30 13:58 . 2009-05-30 13:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-05-30 13:58 . 2009-06-14 02:15 -------- d-----w- c:\program files\PluginVideo
2009-05-26 22:41 . 2009-05-26 22:41 -------- d-sh--w- c:\documents and settings\Big Bad Jean\PrivacIE
2009-05-25 13:10 . 2009-05-25 13:10 -------- d-sh--w- c:\documents and settings\Big Bad Jean\IECompatCache
2009-05-24 16:02 . 2009-05-24 16:02 53248 ----a-w- c:\documents and settings\Zee\Application Data\Thinstall\Microsoft Office Enterprise 2007\4000006800002h\HPZSTC12.exe
2009-05-24 15:32 . 2009-05-24 15:32 53248 ----a-w- c:\documents and settings\Zee\Application Data\Thinstall\Microsoft Office Enterprise 2007\400000600002h\ctfmon.exe
2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\documents and settings\Zee\Application Data\Thinstall
2009-05-24 15:31 . 2009-05-24 15:31 -------- d-sh--w- c:\documents and settings\Zee\IETldCache
2009-05-22 21:36 . 2009-05-22 21:36 -------- d-sh--w- c:\documents and settings\Big Bad Jean\IETldCache
2009-05-22 21:00 . 2009-06-12 22:27 -------- d-----w- c:\windows\ie8updates
2009-05-22 21:00 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-22 20:58 . 2009-05-22 20:59 -------- dc-h--w- c:\windows\ie8
2009-05-22 20:48 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 12:04 . 2009-04-01 08:45 117760 ----a-w- c:\documents and settings\Big Bad Jean\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-06-14 11:58 . 2009-02-19 21:44 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-06-14 11:58 . 2009-02-19 21:44 212734 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-06-14 02:58 . 2009-02-15 23:46 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Free Download Manager
2009-06-02 23:18 . 2009-02-17 21:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-27 20:03 . 2009-04-10 21:52 -------- d-----w- c:\program files\Sims2Pack Clean Installer
2009-05-13 05:15 . 2009-02-17 04:07 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2009-02-17 04:07 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 21:53 . 2009-02-16 21:57 -------- d-----w- c:\program files\PartyGaming
2009-04-24 01:37 . 2009-04-24 01:37 53248 ----a-w- c:\documents and settings\Big Bad Jean\Application Data\Thinstall\Microsoft Office Enterprise 2007\4000006800002h\HPZSTC12.exe
2009-04-24 01:35 . 2009-04-24 01:35 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\Thinstall
2009-04-22 21:05 . 2009-04-22 21:05 -------- d-----w- c:\documents and settings\Big Bad Jean\Application Data\U3
2009-04-17 12:26 . 2009-02-17 04:07 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2009-02-17 04:07 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 20:44 . 2009-04-14 20:44 135 ----a-w- c:\documents and settings\Big Bad Jean\Local Settings\Application Data\fusioncache.dat
2009-04-10 22:15 . 2009-04-10 22:15 126 ----a-w- c:\documents and settings\Zee\Local Settings\Application Data\fusioncache.dat
2009-04-05 14:28 . 2009-04-05 14:23 68268 ----a-w- c:\windows\hpoins05.dat
2004-12-07 17:13 . 2004-12-07 17:13 703080 ----a-w- c:\program files\BDA.cab
2004-12-07 17:13 . 2004-12-07 17:13 3578547 ----a-w- c:\program files\ManagedDX.CAB
2004-12-07 17:13 . 2004-12-07 17:13 1156363 ----a-w- c:\program files\BDANT.cab
2004-12-07 17:13 . 2004-12-07 17:13 479432 ----a-w- c:\program files\dxsetup.exe
2004-12-07 17:13 . 2004-12-07 17:13 69832 ----a-w- c:\program files\DSETUP.dll
2004-12-07 17:13 . 2004-12-07 17:13 2249416 ----a-w- c:\program files\dsetup32.dll
2004-12-07 17:13 . 2004-12-07 17:13 13265040 ----a-r- c:\program files\dxnt.cab
2004-12-07 17:13 . 2004-12-07 17:13 976020 ----a-w- c:\program files\BDAXP.cab
2004-12-07 17:13 . 2004-12-07 17:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-12-07 16:47 . 2004-12-07 16:47 20717 ----a-w- c:\program files\DirectX SDK EULA.txt

Pt 214th June 2009, 12:12 pm

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-02-18 177392]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-02-18 259312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-02-18 173296]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-02-18 1193200]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 18:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinBlueSoft

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 8:08 PM 93712]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [1/19/2009 3:25 PM 17952]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 8:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 8:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 8:08 PM 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 2:50 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 8:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 8:08 PM 66576]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 8:08 PM 88816]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 11:24 AM 1010192]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 11:24 AM 801296]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 8:10 PM 281104]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 10:10 PM 189704]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\windows\Tasks\CAAntiSpywareScan_Daily as Big Bad Jean at 4 15 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

2009-06-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-14 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 08:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,7c,96,c8,79,ac,87,44,bc,f1,1f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,7c,96,c8,79,ac,87,44,bc,f1,1f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1660)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(1900)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(3416)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\windows\system32\CF21395.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-14 8:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-14 12:07
ComboFix2.txt 2009-06-13 17:07

Pre-Run: 256,687,218,688 bytes free
Post-Run: 256,668,573,696 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
308 --- E O F --- 2009-06-12 22:27

WIN BLUE SOFT VICTIM

descriptionRe: WIN BLUE SOFT VICTIM12th June 2009, 11:25 pm

descriptionsoorry I dont know how to ZIP13th June 2009, 1:16 am

descriptionRe: WIN BLUE SOFT VICTIM13th June 2009, 1:12 pm

descriptionDDS.Txt13th June 2009, 1:51 pm

descriptionRe: WIN BLUE SOFT VICTIM13th June 2009, 2:01 pm

descriptionsaying the message is too big13th June 2009, 11:48 pm

descriptionpart 213th June 2009, 11:49 pm

descriptionpart313th June 2009, 11:50 pm

descriptionpt 413th June 2009, 11:52 pm

descriptionRe: WIN BLUE SOFT VICTIM14th June 2009, 12:11 am

descriptionWIN BLUE SOFT FIX B_S_WARNING FOR DELETING BLOCKER_DLL_FILE14th June 2009, 4:32 am

descriptionNM BLOCKER_DLL MIGHT BE THE ISSUE14th June 2009, 4:41 am

descriptionCOMPUTER FIXED14th June 2009, 5:42 am

descriptionGood Morning !! For some reason This did not want to work !! Took all night to f14th June 2009, 12:12 pm

descriptionPt 214th June 2009, 12:12 pm

descriptionRe: WIN BLUE SOFT VICTIM