WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Infected by Winblue Soft

3 posters

descriptionInfected by Winblue Soft EmptyInfected by Winblue Soft21st May 2009, 11:10 am

more_horiz
heya,

I have tried downloading malware removal software but nothing seems to be working. I have run hijack This and came up with the following:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:47 PM, on 21/05/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\config\systemprofile\Desktop\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
C:\Windows\system32\config\systemprofile\Desktop\HiJack(GP)This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=71&bd=PRESARIO&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbox.digsby.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 790151 helper - {22186AA4-E2A6-45E8-BF4F-5C103C0458B0} - C:\Windows\system32\790151\790151.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {67956585-9B5C-4E2B-ABE1-A01BF3046EE1} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\Windows\system32\796525\796525.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [sysldtray] C:\Windows\ld08.exe
O4 - HKLM\..\Run: [pp] C:\Windows\pp08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EasyMessage] C:\Program Files\Easy Message\em2.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Windows\system32\config\systemprofile\Desktop\uTorrent.exe"
O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [uTorrent] "C:\Windows\system32\config\systemprofile\Desktop\uTorrent.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [uTorrent] "C:\Windows\system32\config\systemprofile\Desktop\uTorrent.exe" (User 'Default user')
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/WebfettiInitialSetup1.0.1.0.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{39B9288A-9C8F-45CA-9BFA-65ED3D3CF105}: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6E557D2-3EA9-4747-9265-89001AB6F199}: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{39B9288A-9C8F-45CA-9BFA-65ED3D3CF105}: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CS2\Services\Tcpip\..\{39B9288A-9C8F-45CA-9BFA-65ED3D3CF105}: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.168,85.255.112.146
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: websrvx - Unknown owner - C:\Program Files\websrvx\websrvx.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9093 bytes




I am not very savvy with the computer so any help that you can give would be appreciated. Also one of my mates said that the last time he had a virus and he had gotten rid of it he had someone help him with what antivirus software to use, the set up of firewalls, anti spyware etc. Most of that makes no sense to me so any help would be appreciated!!

descriptionInfected by Winblue Soft EmptyRe: Infected by Winblue Soft21st May 2009, 3:44 pm

more_horiz
Hello.

In case you lose internet access during this fix, if so, this should repair it.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Next,

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
    O2 - BHO: 790151 helper - {22186AA4-E2A6-45E8-BF4F-5C103C0458B0} - C:\Windows\system32\790151\790151.dll
    O2 - BHO: (no name) - {67956585-9B5C-4E2B-ABE1-A01BF3046EE1} - (no file)
    O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\Windows\system32\796525\796525.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
    O4 - HKLM\..\Run: [sysldtray] C:\Windows\ld08.exe
    O4 - HKLM\..\Run: [pp] C:\Windows\pp08.exe
    O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Windows\system32\config\systemprofile\Desktop\uTorrent.exe"
    O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL
    O4 - HKUS\S-1-5-18\..\Run: [uTorrent] "C:\Windows\system32\config\systemprofile\Desktop\uTorrent.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [uTorrent] "C:\Windows\system32\config\systemprofile\Desktop\uTorrent.exe" (User 'Default user')
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/WebfettiInitialSetup1.0.1.0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{39B9288A-9C8F-45CA-9BFA-65ED3D3CF105}: NameServer = 85.255.112.168,85.255.112.146
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C6E557D2-3EA9-4747-9265-89001AB6F199}: NameServer = 85.255.112.168,85.255.112.146
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.168,85.255.112.146
    O17 - HKLM\System\CS1\Services\Tcpip\..\{39B9288A-9C8F-45CA-9BFA-65ED3D3CF105}: NameServer = 85.255.112.168,85.255.112.146
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.168,85.255.112.146
    O17 - HKLM\System\CS2\Services\Tcpip\..\{39B9288A-9C8F-45CA-9BFA-65ED3D3CF105}: NameServer = 85.255.112.168,85.255.112.146
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


  • Press "Fix Checked"
  • Close Hijack This.

Next,

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Infected by Winblue Soft CF_download_FF

    Infected by Winblue Soft CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV. (Symantec?)
  • Double click on ComboFix.exe.
  • Follow the prompts.
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Infected by Winblue Soft DXwU4
Infected by Winblue Soft VvYDg

descriptionInfected by Winblue Soft EmptyRe: Infected by Winblue Soft22nd May 2009, 12:17 pm

more_horiz
Heya,

Did as asked and came up with the below report (split over a few msgs). What should I do now?


ComboFix 09-05-21.01 - SYSTEM 22/05/2009 21:26.2 - NTFSx86
Microsoft®️ Windows Vista™️ Home Basic 6.0.6000.0.1252.61.1033.18.502.161 [GMT 10:00]
Running from: c:\windows\system32\config\systemprofile\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
PEV Error: LocalSettingsFile

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\1019znot-a-virus25e.exe
c:\windows\107bdzwn9o5der314.cpl
c:\windows\11039spambot6z5.cpl
c:\windows\116595rus1bz.ocx
c:\windows\11907not-a-vzrus35c9.exe
c:\windows\11925zy389.dll
c:\windows\11b9tzief2582.cpl
c:\windows\12505vi5us19z.exe
c:\windows\12827zirus5925.ocx
c:\windows\12891zpambot1559.exe
c:\windows\12925ot-z-viru9279.bin
c:\windows\12z5th59f3111.cpl
c:\windows\13100notza-virus159.dll
c:\windows\13305z9oj745.exe
c:\windows\149z5hac9tool65e.bin
c:\windows\149z8spambo581.ocx
c:\windows\1508addw9re306z.dll
c:\windows\1521zspambot970.ocx
c:\windows\1526zvirus491.cpl
c:\windows\1527notza-9irus2175.bin
c:\windows\152899orm4z7.exe
c:\windows\153spyz9a.exe
c:\windows\155v9z803.cpl
c:\windows\15680s9amb5t40z.bin
c:\windows\157bazd9are295.exe
c:\windows\15897hacktool1z7.dll
c:\windows\15905not-a-virzs189.dll
c:\windows\1594spyzar91019.ocx
c:\windows\15993zirus658.ocx
c:\windows\15e8azdwar91998.bin
c:\windows\15z92troj69e.exe
c:\windows\16036viruz985.bin
c:\windows\163769pzmbot4b5.exe
c:\windows\16399troz5dd.cpl
c:\windows\1649zv5r9s1b8.ocx
c:\windows\1687hacktz5l94.ocx
c:\windows\169715zrm9a1.ocx
c:\windows\16e9dowzloa5er1312.dll
c:\windows\174z4not-5-virus79e.ocx
c:\windows\18111sp5mbzt1ae9.ocx
c:\windows\18545spz6955.dll
c:\windows\18563viru942z.exe
c:\windows\1865sz9mbot5a6.dll
c:\windows\1899d9znloader1582.exe
c:\windows\18aesteaz509.bin
c:\windows\19045not-azvirus765.cpl
c:\windows\191019z5m84.bin
c:\windows\195805py6bz.exe
c:\windows\19605viruz693.exe
c:\windows\19802zpy365.ocx
c:\windows\1a14dow5lz9der990.bin
c:\windows\1a2eadd9are20z65.cpl
c:\windows\1a95th95f2075z.bin
c:\windows\1e79adzware22935.dll
c:\windows\1f63spzware595.ocx
c:\windows\1z435troj95e.exe
c:\windows\1z599s5ambot15c.ocx
c:\windows\1z5c9pyware769.cpl
c:\windows\1z889troj7675.ocx
c:\windows\1z8w5rm19f.cpl
c:\windows\1z929hac9to5l58c.dll
c:\windows\1za85hrea91464.dll
c:\windows\20100hac9to5l62cz.bin
c:\windows\20149vzru550.bin
c:\windows\20805t5o94ze.dll
c:\windows\20z1worm5d9.ocx
c:\windows\20z6495yd4.dll
c:\windows\20z9ad5ware703.exe
c:\windows\21158tro9293z.dll
c:\windows\2152add9are170z.dll
c:\windows\21fa5ackdz9r2545.ocx
c:\windows\2275zw5rm596.bin
c:\windows\228dzpars919785.dll
c:\windows\22987not-z-5irus397.cpl
c:\windows\22zathie91059.dll
c:\windows\2314doznloader29135.cpl
c:\windows\23154sp9mbotzed5.ocx
c:\windows\23291vir9s5bz.exe
c:\windows\23579szy2aa.exe
c:\windows\2373zir9657.ocx
c:\windows\239zvir5s479.cpl
c:\windows\23e5addwar912z9.dll
c:\windows\24z5threat97469.exe
c:\windows\250z0troj57f9.ocx
c:\windows\253z4spy9c5.exe
c:\windows\2550thr9atz1089.bin
c:\windows\2569sp5warez546.exe
c:\windows\257235roj19z.cpl
c:\windows\25783h5ckzool1f69.ocx
c:\windows\2590dow5loader288z.cpl
c:\windows\25930not-z-v5rus59b.dll
c:\windows\25935virus6az.dll
c:\windows\259athreatz2163.ocx
c:\windows\25z28v9rus5ce.exe
c:\windows\26152t95z5f1.cpl
c:\windows\26579ddwarz3045.bin
c:\windows\26641s9569z.exe
c:\windows\27117viz59418.exe
c:\windows\27538no9-5zvirus74.bin
c:\windows\2755ba5kdz9r1814.cpl
c:\windows\27786wor56z9.ocx
c:\windows\2781vir95z2.bin
c:\windows\283abz5kd9or2905.dll
c:\windows\283z7hac5tool449.cpl
c:\windows\2885zspy994.cpl
c:\windows\288dt5zef3097.cpl
c:\windows\28935spambot59z.exe
c:\windows\28z85spambot5d9.ocx
c:\windows\292735zr9s2d3.cpl
c:\windows\292789zrus2375.cpl
c:\windows\29559spambot5zf9.bin
c:\windows\29959zy645.exe
c:\windows\29f3z5ief3921.ocx
c:\windows\2a59bac9doo518z1.cpl
c:\windows\2a655ir79z.ocx
c:\windows\2b89s95al78z.bin
c:\windows\2bfzst5al985.exe
c:\windows\2c37az9ware31145.ocx
c:\windows\2d55szea91025.ocx
c:\windows\2da4ad5warez0269.ocx
c:\windows\2z39t5reat302.dll
c:\windows\2z959spy57.cpl
c:\windows\2zfcthie53009.exe
c:\windows\303astea5z952.cpl
c:\windows\3087vi955z.cpl
c:\windows\30948w5rm313z.cpl
c:\windows\31295worm37z.bin
c:\windows\315z7not-a-9iru54d3.ocx
c:\windows\31602s9zmbot5dc.cpl
c:\windows\3212n5t-a-vizusfd9.bin
c:\windows\32459virz54a7.bin
c:\windows\325bb9zkdoor2495.cpl
c:\windows\3298zt5oj134.ocx
c:\windows\3299zhacktool4e5.exe
c:\windows\339zddware51029.dll
c:\windows\34379iruzf75.exe
c:\windows\347edownloa5e9992z.exe
c:\windows\3578h9cztool41.ocx
c:\windows\3597addw5ze194.ocx
c:\windows\35d0szarse28589.ocx
c:\windows\36fdt5iez9155.bin
c:\windows\3719thiefz358.ocx
c:\windows\3799s5arse274z.exe
c:\windows\37d3bac9zoo52129.exe
c:\windows\3853wzrm592.exe
c:\windows\3863ste5l97z8.dll
c:\windows\3868zhief15195.bin
c:\windows\390zspyware12025.exe
c:\windows\39576worm1c5z.exe
c:\windows\395965orm59z.ocx
c:\windows\39abaz9w5re2646.bin
c:\windows\39c4st9z5395.exe
c:\windows\39c95parze2048.cpl
c:\windows\3dc75teaz1976.dll
c:\windows\3f9z59r2736.cpl
c:\windows\3z187vi5us1579.bin
c:\windows\3z298hackt5o97e.exe
c:\windows\3z70spy5are95.bin
c:\windows\3z9asteal1512.bin
c:\windows\3zfaback5o9r77.ocx
c:\windows\4063hacktoo95dz5.exe
c:\windows\40d7tzreat5529.ocx
c:\windows\4180ad5war91526z.exe
c:\windows\41865ackdoo9z52.cpl
c:\windows\423zspar5e999.bin
c:\windows\424f9pyware551z.dll
c:\windows\4270ste5z12549.dll
c:\windows\43359ir4z4.cpl
c:\windows\44e2tzr9at31537.ocx
c:\windows\4742troj39z5.exe
c:\windows\47539teal29z5.bin
c:\windows\47v9zus6d55.exe
c:\windows\485not-9-zirus6d0.cpl
c:\windows\4864backdo5r2941z.bin
c:\windows\48a5v9r2579z.exe
c:\windows\48ae59ief222z.ocx
c:\windows\48d2thzeat42589.dll
c:\windows\4934s9ar5e2259z.exe
c:\windows\497zpa5se513.dll
c:\windows\498spy75z9.ocx
c:\windows\49c9steal29z35.bin
c:\windows\4b83s9yware326z5.bin
c:\windows\4c4espywa5e91z9.bin
c:\windows\4d659pyzare192.cpl
c:\windows\4de19ir255z.bin
c:\windows\4e79thz5at1824.cpl
c:\windows\4z63s5ea9579.ocx
c:\windows\4zd3addwar92053.ocx
c:\windows\50285spy9fz.bin
c:\windows\5057th5z9t8295.cpl
c:\windows\505dbazkdoo91654.exe
c:\windows\50618hack9zol7d2.exe
c:\windows\50870hacktoolz59.dll
c:\windows\50915zrm59.bin
c:\windows\509z5acktool529.bin
c:\windows\51592spambz9142.ocx
c:\windows\517dstza52928.exe
c:\windows\519downlozder199.exe
c:\windows\51e1threat598z.exe
c:\windows\521z4wo9m431.dll
c:\windows\5285zirus3139.dll
c:\windows\529cthrezt657.bin
c:\windows\529szarse19975.exe
c:\windows\52fadd9zre1412.ocx
c:\windows\52fet5ie92z11.ocx
c:\windows\52z949irus375.bin
c:\windows\535ath9zf3207.exe
c:\windows\5385spywarz397.ocx
c:\windows\54f99zr2955.bin
c:\windows\55262h9cktooz586.cpl
c:\windows\5532wo5m9b3z.dll
c:\windows\558zvirus29c.dll
c:\windows\559csparsz2597.ocx
c:\windows\55fespazse1497.exe
c:\windows\5654zpy9are512.ocx
c:\windows\568z5i91546.ocx
c:\windows\569spy5zd.ocx
c:\windows\56a0thi9fz85.bin
c:\windows\56a5a5dwa9e67z.bin
c:\windows\5799spywa5e211z.dll
c:\windows\57azvi91119.exe
c:\windows\57ffs9arze13705.ocx
c:\windows\5857sparse159z.exe
c:\windows\5897worm3cz.exe
c:\windows\58d9th5eaz150519.ocx
c:\windows\594z0hacktool48b.dll
c:\windows\5956thief3z74.cpl
c:\windows\5987szarse2110.exe
c:\windows\59c9stzal435.ocx
c:\windows\5b54spywa5e9063z.exe
c:\windows\5d9zvir5935.bin
c:\windows\5e38threa521z97.bin
c:\windows\5e795d9ware17z0.exe
c:\windows\5eczthr5a9473.ocx
c:\windows\5f99a9zware619.ocx
c:\windows\5fz6threat9519.dll
c:\windows\5z02s9ywar51017.bin
c:\windows\5z242no9-a-virus733.cpl
c:\windows\5z48v591984.ocx
c:\windows\5z957virus449.dll
c:\windows\5z9bdow9loader12385.bin
c:\windows\5zb1th9eat58015.ocx
c:\windows\5zce9hief1519.cpl
c:\windows\62zbth5eat31269.exe
c:\windows\6398thrzat225865.bin
c:\windows\63e0spy5ar9z3.exe
c:\windows\6439spa5ze9920.ocx
c:\windows\651fsp9warez965.dll
c:\windows\65a1ztea91181.exe
c:\windows\65bzdownlo9d5r2464.dll
c:\windows\6692tzie9945.exe
c:\windows\6894thief4z85.exe
c:\windows\68a9vir588z.bin
c:\windows\68cad9warez56.exe
c:\windows\6949a5dware13z6.dll
c:\windows\6957spambot528z.ocx
c:\windows\6959ba5kdzor1796.bin
c:\windows\696zhac59ool3a9.bin
c:\windows\6995baczdoor5563.bin
c:\windows\69abbackdoor46z5.exe
c:\windows\69abth5ez2023.bin
c:\windows\69d4sp5waze1226.exe
c:\windows\6a48zpar5e14269.dll
c:\windows\6b9ddo59lozder1588.ocx
c:\windows\6c0195r1z76.dll
c:\windows\6ca8thr9a54z97.bin
c:\windows\6da7spywa9e865z.ocx
c:\windows\6fz6threa5998.cpl
c:\windows\6z54not-a9virus75a.cpl
c:\windows\6z54v9r523.exe
c:\windows\6z7eaddw9re857.cpl
c:\windows\70025hief9031z.exe
c:\windows\704zdownlo9d5r1422.ocx
c:\windows\70ba9hr5atz9031.ocx
c:\windows\7149not-a-v9ruszce5.cpl
c:\windows\7255add9are122z.bin
c:\windows\729spywar5154z.ocx
c:\windows\74355ack9oolz5.bin
c:\windows\7510vir27z49.exe
c:\windows\7546z9y4b2.dll
c:\windows\755ethizf595.bin
c:\windows\7581thzeat2797.exe
c:\windows\759addwarez056.cpl
c:\windows\75z9t9reat16595.exe
c:\windows\760db5czdoor9611.cpl
c:\windows\7690szarse26475.dll
c:\windows\782f5i92z29.cpl
c:\windows\7890d9znl5ader1218.cpl
c:\windows\7950hazktool15a.ocx
c:\windows\79fav5z2571.bin
c:\windows\79z9vi5us23b.exe
c:\windows\7c2back5oor14z9.cpl

descriptionInfected by Winblue Soft EmptyRe: Infected by Winblue Soft22nd May 2009, 12:19 pm

more_horiz
c:\windows\7c9zt59ef535.dll
c:\windows\7e559hief2z89.cpl
c:\windows\7eczst9al2750.ocx
c:\windows\7z20spy59re1899.dll
c:\windows\7z27spamb59163.ocx
c:\windows\7zb0add5are9531.cpl
c:\windows\8074s9ambotze55.cpl
c:\windows\8469trzj595.bin
c:\windows\851down5oad9r1375z.dll
c:\windows\8597wzrm9c5.exe
c:\windows\85z3wor93dd.bin
c:\windows\8795no5-a-virus8z.ocx
c:\windows\88z9a5kdoor2403.ocx
c:\windows\8a2b5ckdooz1982.cpl
c:\windows\8d0th9eat50z95.bin
c:\windows\8z0spar9e2257.ocx
c:\windows\902765acktool797z.exe
c:\windows\9235spambzt1fc.cpl
c:\windows\92884wozm55a.cpl
c:\windows\9349troj605z.dll
c:\windows\9423addza5e518.dll
c:\windows\9426zorm15f.exe
c:\windows\944dow59oazer126.ocx
c:\windows\9470ha5kzool26b9.dll
c:\windows\9495z5oj5a2.bin
c:\windows\94a15teal2851z.bin
c:\windows\9509vir2z52.exe
c:\windows\951715otza-virus57e.dll
c:\windows\9535sparsez228.dll
c:\windows\9615steal726z.ocx
c:\windows\9652hzcktoo9167.ocx
c:\windows\96d9zddwa5e1504.ocx
c:\windows\96f1tzi5f2903.ocx
c:\windows\970065roz73a.ocx
c:\windows\97azspar5e2380.ocx
c:\windows\983stealz285.exe
c:\windows\985bzc5door9775.dll
c:\windows\9864no9-5-virus7bz.cpl
c:\windows\987adow5loadzr2174.ocx
c:\windows\9930szarse1057.dll
c:\windows\99501spy6za.cpl
c:\windows\9994zac9to5l7b0.bin
c:\windows\9e5fzddware801.exe
c:\windows\9z13virus2e5.dll
c:\windows\9z70spambot5ae5.dll
c:\windows\9z9edownl5ader1935.ocx
c:\windows\a93s9arse2z235.cpl
c:\windows\b275i91509z.bin
c:\windows\bb3t5reat32z359.exe
c:\windows\c599ddwaze1245.bin
c:\windows\ca99irz157.ocx
c:\windows\d8ebackd5or119z.bin
c:\windows\dazth5ef3968.dll
c:\windows\dbdvz9516.dll
c:\windows\ea8s9eal15z5.ocx
c:\windows\ez1vi51191.bin
c:\windows\ld08.exe
c:\windows\pp07.exe
c:\windows\pp08.exe
c:\windows\st_1242757005.exe
c:\windows\st_1242769131.exe
c:\windows\st_1242777173.exe
c:\windows\system32\102z1viru54a89.dll
c:\windows\system32\10425t9oz2b65.dll
c:\windows\system32\1055zsp9391.bin
c:\windows\system32\11413ha9kto5z60e.exe
c:\windows\system32\115985azktool91f.bin
c:\windows\system32\1199worz3995.exe
c:\windows\system32\11a15zi9f1795.bin
c:\windows\system32\12058vzr9s548.dll
c:\windows\system32\1280zspambo579e.bin
c:\windows\system32\1291s5ywarz1471.bin
c:\windows\system32\1302addw5r9296z.ocx
c:\windows\system32\13269ddz5re2065.exe
c:\windows\system32\13335n5t9azvirus2c.ocx
c:\windows\system32\13356ha9ktool2zb.exe
c:\windows\system32\13416sp5289z.ocx
c:\windows\system32\137579pyz4d.bin
c:\windows\system32\14093worm4z85.exe
c:\windows\system32\14339tr59fdz.dll
c:\windows\system32\14592trzj795.dll
c:\windows\system32\14675spz397.exe
c:\windows\system32\15246not-a-9i5us3eez.ocx
c:\windows\system32\152825paz9ot58f.cpl
c:\windows\system32\15355vz9us59c.exe
c:\windows\system32\15495pywarez94.exe
c:\windows\system32\15519not-a-vi5zs68f.dll
c:\windows\system32\155z19roj224.cpl
c:\windows\system32\1572zt5oj459.cpl
c:\windows\system32\15953wzrm145.exe
c:\windows\system32\15989spambot69az.exe
c:\windows\system32\15ceazdware15919.exe
c:\windows\system32\15d0backzo9r887.dll
c:\windows\system32\15z585pa9bot236.bin
c:\windows\system32\16391not5a-9irzs5c5.cpl
c:\windows\system32\168995roz537.dll
c:\windows\system32\1728t5iefz4109.bin
c:\windows\system32\17298troz659.cpl
c:\windows\system32\1753adzware3192.exe
c:\windows\system32\17750sp925cz.cpl
c:\windows\system32\1835zs5amb9t54.ocx
c:\windows\system32\18aea9zwa5e1789.bin
c:\windows\system32\1911995y5bdz.bin
c:\windows\system32\191529oz549e.cpl
c:\windows\system32\19183hazkt5ol25e.bin
c:\windows\system32\19198spzmbot5105.exe
c:\windows\system32\1938wozm57.ocx
c:\windows\system32\1945zparse1145.ocx
c:\windows\system32\19475sz5b9.cpl
c:\windows\system32\19495spz359.exe
c:\windows\system32\1959zvi5us4be.cpl
c:\windows\system32\19720n5t9z-virus1f7.ocx
c:\windows\system32\19z4spy9are1500.ocx
c:\windows\system32\1d495z9al300.bin
c:\windows\system32\1d49spazse1335.bin
c:\windows\system32\1d895hief2z36.exe
c:\windows\system32\1dz5thief2719.cpl
c:\windows\system32\1e95doz5l9ader1532.exe
c:\windows\system32\1ebe5t9al281z.dll
c:\windows\system32\1f23bzck95or1364.dll
c:\windows\system32\1f4cbac9doo52z32.dll
c:\windows\system32\1f59addware32z6.dll
c:\windows\system32\1fc3thr9zt17953.bin
c:\windows\system32\1z218tr9j5aa.bin
c:\windows\system32\1z32t9r5at1114.ocx
c:\windows\system32\1z485n95-a-virus105.ocx
c:\windows\system32\1z639t59j591.dll
c:\windows\system32\20913nzt-a-viru533.exe
c:\windows\system32\2091z9ackto5l60b.bin
c:\windows\system32\20efs5zrse10969.exe
c:\windows\system32\21544worz739.cpl
c:\windows\system32\2171zs5am9ot4b0.ocx
c:\windows\system32\217z1vi5us2e9.dll
c:\windows\system32\21zhi5f9910.bin
c:\windows\system32\22162z5ambot719.bin
c:\windows\system32\22389not-a5v9rus14z.dll
c:\windows\system32\22823tzo93bf5.exe
c:\windows\system32\22928t9oj4z55.exe
c:\windows\system32\229535pyaz.cpl
c:\windows\system32\229z5spy219.bin
c:\windows\system32\22e5spywa5e255z9.exe
c:\windows\system32\23005hzcktool955.dll
c:\windows\system32\23318n5z-a-vi9us481.bin
c:\windows\system32\233z3vir5s931.cpl
c:\windows\system32\23554h9ckzool6f2.exe
c:\windows\system32\23799p5rsz221.dll
c:\windows\system32\23bdste9l155z.cpl
c:\windows\system32\23f7sp5rse9z53.cpl
c:\windows\system32\24262nzt59-virus68c.exe
c:\windows\system32\24551noz-a-virus690.ocx
c:\windows\system32\24598hack5ool45z.exe
c:\windows\system32\24759not-a-ziru92f3.cpl
c:\windows\system32\2509ztroj3e9.ocx
c:\windows\system32\2536spyw9rez140.exe
c:\windows\system32\2556ad9warz797.ocx
c:\windows\system32\2560szarse1399.bin
c:\windows\system32\25659zr9j6865.cpl
c:\windows\system32\25692troj5z.cpl
c:\windows\system32\25856sp955bz.dll
c:\windows\system32\2595zhac9tool5e0.dll
c:\windows\system32\25968not-z-v5rus729.bin
c:\windows\system32\259bzhr9at13903.dll
c:\windows\system32\25a6vzr18929.dll
c:\windows\system32\2655not9a-viruszcd.dll
c:\windows\system32\269365zt-a9virus5a.exe
c:\windows\system32\27354h9cktzo515d.exe
c:\windows\system32\27744spamzo96845.dll
c:\windows\system32\27756w95mcz.cpl
c:\windows\system32\27856hacktz9l3b0.dll
c:\windows\system32\2797hzck59ol4f3.dll
c:\windows\system32\28263hackto9l50z.dll
c:\windows\system32\285659ot-a-virus5dz.cpl
c:\windows\system32\28809w5rmz349.bin
c:\windows\system32\29006s5amzot7b3.cpl
c:\windows\system32\29029hack5ooz975.ocx
c:\windows\system32\29121nzt-a-virus2925.exe
c:\windows\system32\2934159rm6za.ocx
c:\windows\system32\29532spam5otz949.exe
c:\windows\system32\2955sparse155z.cpl
c:\windows\system32\29849hacktzol455.exe
c:\windows\system32\29857spy55z.bin
c:\windows\system32\29880hack5ooz6a3.bin
c:\windows\system32\29952vi9usz8.dll
c:\windows\system32\299z8s5y1ad.cpl
c:\windows\system32\2bzd5ackdoor2934.cpl
c:\windows\system32\2cz9vir1567.exe
c:\windows\system32\2e95zir557.ocx
c:\windows\system32\2z102spambo94525.ocx
c:\windows\system32\2z2795eal211.cpl
c:\windows\system32\2z405not-a9virus546.exe
c:\windows\system32\2z589parse746.ocx
c:\windows\system32\2z709trojc5.dll
c:\windows\system32\2z7cst9al2652.exe
c:\windows\system32\30105a9ktool25z.exe
c:\windows\system32\3085n9t-a-virzs299.cpl
c:\windows\system32\31472not-a-5irusz93.cpl
c:\windows\system32\31e9s5zware3919.ocx
c:\windows\system32\32315hackz9ol4c5.dll
c:\windows\system32\32540ha5ktoolz589.dll
c:\windows\system32\3298sparsez0095.bin
c:\windows\system32\33195pyzare1302.dll
c:\windows\system32\34b15hrzat27579.cpl
c:\windows\system32\35299hacktozle29.ocx
c:\windows\system32\3529s59az1269.dll
c:\windows\system32\3549steal30z2.exe
c:\windows\system32\3599wor52z7.bin
c:\windows\system32\35f7backzoor2955.cpl
c:\windows\system32\35z92worm3a0.cpl
c:\windows\system32\3731s9ywaze9295.bin
c:\windows\system32\3799spzwar52139.exe
c:\windows\system32\379bzddware5201.bin
c:\windows\system32\382fsz5al16159.exe
c:\windows\system32\3853t9izf31435.exe
c:\windows\system32\38555zckto9l2d1.ocx
c:\windows\system32\388dth9eat2875z5.cpl
c:\windows\system32\39245iz1999.ocx
c:\windows\system32\392cbaczd5or2993.ocx
c:\windows\system32\39360tro5zd.bin
c:\windows\system32\3939viz1596.ocx
c:\windows\system32\39965w5rm10az.exe
c:\windows\system32\3a3zaddwar913705.exe
c:\windows\system32\3cespazse5195.dll
c:\windows\system32\3db5thi9f20z9.bin
c:\windows\system32\3ez8thie928945.cpl

c:\windows\system32\3fa9szeal30735.bin
c:\windows\system32\3z39s9yware1715.ocx
c:\windows\system32\3z693not-a-virus35.bin
c:\windows\system32\3zc5vi92357.cpl
c:\windows\system32\4005vir9s4z5.cpl
c:\windows\system32\4079h9cktool54bz.exe
c:\windows\system32\4109sp5z8f.bin
c:\windows\system32\4152sz95ba.dll
c:\windows\system32\415zthre9t208765.bin
c:\windows\system32\419d5tzal2709.cpl
c:\windows\system32\4254spambot4z9.exe
c:\windows\system32\4295wzrm6d.exe
c:\windows\system32\43z9bac5door2786.bin
c:\windows\system32\4562vir2959z.exe
c:\windows\system32\4575w9rm2dfz.dll
c:\windows\system32\4588hac95oolz72.cpl
c:\windows\system32\458zadd9are5750.dll
c:\windows\system32\459asparsz1925.ocx
c:\windows\system32\45dezackdoor9993.cpl
c:\windows\system32\477zthief1459.exe
c:\windows\system32\4892addw5rz98.cpl
c:\windows\system32\4939adzware95.ocx
c:\windows\system32\49905ackzoor147.bin
c:\windows\system32\4993thief1005z.bin
c:\windows\system32\4994za5kdoor1436.exe
c:\windows\system32\49d85ir1z52.dll
c:\windows\system32\4az85ack9oor775.cpl
c:\windows\system32\4zcback9oor9745.dll
c:\windows\system32\5008d59nloader1z35.bin
c:\windows\system32\50209wormz72.exe
c:\windows\system32\5028steal2996z.exe
c:\windows\system32\5079vir23z7.dll
c:\windows\system32\50z3worm5729.cpl
c:\windows\system32\51e5bac9doorz579.bin
c:\windows\system32\52139spy9z.cpl
c:\windows\system32\52a9s5eal1031z.exe
c:\windows\system32\52cdback9ooz1358.exe
c:\windows\system32\5324szambot459.exe
c:\windows\system32\5333spzware944.cpl
c:\windows\system32\5338ztroj719.cpl
c:\windows\system32\534thief962z.bin
c:\windows\system32\5352ha5ktool9ze.bin
c:\windows\system32\5359addware133z.bin
c:\windows\system32\53z5thie52559.exe
c:\windows\system32\54050spambzt79e.exe
c:\windows\system32\5435szam5ot419.dll
c:\windows\system32\5447s9ambotz4a5.exe
c:\windows\system32\546ez5ie92999.ocx
c:\windows\system32\5470znot-a-9irus762.exe
c:\windows\system32\54dfdownz9ader2727.bin
c:\windows\system32\5560steal209z.ocx
c:\windows\system32\561athr9at21z54.ocx
c:\windows\system32\56783vizus9d0.exe
c:\windows\system32\5693bz5kdoor2427.cpl
c:\windows\system32\569etzie5935.ocx
c:\windows\system32\56z2d9wnloader5039.dll
c:\windows\system32\5731trojz399.cpl
c:\windows\system32\57c15ackdo9r302z.dll
c:\windows\system32\587edowzloa59r704.ocx
c:\windows\system32\58f9s9ea51514z.ocx
c:\windows\system32\5914zacktool715.exe
c:\windows\system32\592fs5eal2175z.exe
c:\windows\system32\5948threat2994z.dll
c:\windows\system32\59594hacktool5c4z.exe

descriptionInfected by Winblue Soft EmptyRe: Infected by Winblue Soft22nd May 2009, 12:22 pm

more_horiz
c:\windows\system32\5964steal5z2.bin
c:\windows\system32\5966zt9oj16a.dll
c:\windows\system32\5986t9reatz6257.ocx
c:\windows\system32\598z5teal2083.ocx
c:\windows\system32\599e9ir2844z.cpl
c:\windows\system32\59a95ack9zor41.cpl
c:\windows\system32\59bd5ownloader3105z.dll
c:\windows\system32\5a3fdow9zoader5265.dll
c:\windows\system32\5a59stzal1986.exe
c:\windows\system32\5b6dspywa5e108z9.dll
c:\windows\system32\5c2fbazkdo9r125.exe
c:\windows\system32\5dadsp5zse2794.exe
c:\windows\system32\5e36threzt25928.dll
c:\windows\system32\5e5abackd9or29z4.dll
c:\windows\system32\5e62do95lozder110.ocx
c:\windows\system32\5eb4spyware3z09.dll
c:\windows\system32\5ezvir2926.bin
c:\windows\system32\5f77zp95se2079.bin
c:\windows\system32\5z09not-a-virus65d.bin
c:\windows\system32\5z90ste5l186.cpl
c:\windows\system32\5ze9vir2591.ocx
c:\windows\system32\5zf75ackdoo9368.cpl
c:\windows\system32\6133t5o92dfz.bin
c:\windows\system32\61ab59zrse657.dll
c:\windows\system32\61f85ownlza9er1567.ocx
c:\windows\system32\63a9tzr9at26095.exe
c:\windows\system32\6459spar5e283z.dll
c:\windows\system32\645hze9t6903.ocx
c:\windows\system32\650zthre5t95214.cpl
c:\windows\system32\669zno59a-virus71b.exe
c:\windows\system32\66ad5ownlo9dzr430.dll
c:\windows\system32\66z5vir26989.exe
c:\windows\system32\676ezow9loader105.dll
c:\windows\system32\676thie510z09.exe
c:\windows\system32\67e15hi9fz719.bin
c:\windows\system32\68spy5a9e286z.ocx
c:\windows\system32\690a5iz647.bin
c:\windows\system32\690dvir13z59.exe
c:\windows\system32\6915threat1542z.bin
c:\windows\system32\6926addwa9e1597z.bin
c:\windows\system32\6975thie52656z.exe
c:\windows\system32\69e2back5o9rz252.cpl
c:\windows\system32\6e9bs5yware323z9.exe
c:\windows\system32\7014bzck95or2355.ocx
c:\windows\system32\7085dow9lozder1990.cpl
c:\windows\system32\71viz5259.cpl
c:\windows\system32\724csz9al2285.exe
c:\windows\system32\72bbsz5war91675.ocx
c:\windows\system32\72zfsp95are802.exe
c:\windows\system32\739a5iz2090.bin
c:\windows\system32\7490adzware5499.dll
c:\windows\system32\74addownloa5zr795.exe
c:\windows\system32\7555virz639.dll
c:\windows\system32\75989rzj735.ocx
c:\windows\system32\7615downlo9derz825.exe
c:\windows\system32\76f95hizf2027.exe
c:\windows\system32\7825virusz965.ocx
c:\windows\system32\7859ad9ware3z59.bin
c:\windows\system32\785zs9ywa5e2136.dll
c:\windows\system32\78z59pyware1786.bin
c:\windows\system32\7939zh9ef4275.dll
c:\windows\system32\7980t5oz983.dll
c:\windows\system32\7a98downloa5er52z.cpl
c:\windows\system32\7bd29ir1z57.bin
c:\windows\system32\7d39vir5966z.exe
c:\windows\system32\7d54spy9arez996.cpl
c:\windows\system32\7d69zhr5at15507.bin
c:\windows\system32\7f9fvir2556z.bin
c:\windows\system32\7ze35ddware797.ocx
c:\windows\system32\837spyzar95375.ocx
c:\windows\system32\85049ot5a-virus407z.ocx
c:\windows\system32\86139pazbot3e85.dll
c:\windows\system32\88559ormz5.cpl
c:\windows\system32\89379ack5oolz16.cpl
c:\windows\system32\89z5vi5us980.cpl
c:\windows\system32\8f5szar5e99.cpl
c:\windows\system32\903spzmb9t456.cpl
c:\windows\system32\909zs5y2d59.dll
c:\windows\system32\90z22v5rus603.exe
c:\windows\system32\91588wor57z5.bin
c:\windows\system32\91765hreat19z92.ocx
c:\windows\system32\9219worz50.cpl
c:\windows\system32\92529not-azvirus339.exe
c:\windows\system32\925sze9l538.cpl
c:\windows\system32\92spars9z755.exe
c:\windows\system32\933bviz3075.bin
c:\windows\system32\94115spambot5efz.cpl
c:\windows\system32\944675irusz4b.dll
c:\windows\system32\947895irus1fz.dll
c:\windows\system32\9531vir1z39.cpl
c:\windows\system32\9533spzmb5t2a7.dll
c:\windows\system32\9552viruz587.ocx
c:\windows\system32\9571z5roj317.ocx
c:\windows\system32\9689worm2z85.cpl
c:\windows\system32\9767ba5kdzor483.bin
c:\windows\system32\97893viru571bz.bin
c:\windows\system32\97c7threa51855z.bin
c:\windows\system32\97fv5r2z69.dll
c:\windows\system32\98225hizf133.exe
c:\windows\system32\9860wor59bz.exe
c:\windows\system32\9904viz29135.bin
c:\windows\system32\99265zy397.cpl
c:\windows\system32\992e5pazse526.bin
c:\windows\system32\9950wzrm5035.ocx
c:\windows\system32\99859zroj5595.cpl
c:\windows\system32\99z5o9m382.ocx
c:\windows\system32\9b9ddowz5oader2319.ocx

descriptionInfected by Winblue Soft EmptyRe: Infected by Winblue Soft22nd May 2009, 12:27 pm

more_horiz
c:\windows\system32\9bc1steaz533.bin
c:\windows\system32\9ca0thi5fz84.cpl
c:\windows\system32\9cvir520z.exe
c:\windows\system32\9z13spy557.cpl
c:\windows\system32\9z8vir94155.cpl
c:\windows\system32\bd9thiefz6215.exe
c:\windows\system32\fcfbac5d9oz2369.ocx
c:\windows\system32\x64
c:\windows\system32\z01bthie9285.bin
c:\windows\system32\z0acs5ywar92408.bin
c:\windows\system32\z123s5yware1971.dll
c:\windows\system32\z15fd5w9loader1909.bin
c:\windows\system32\z22329ro57fb.dll
c:\windows\system32\z23cste9l5844.dll
c:\windows\system32\z2695sp94c3.cpl
c:\windows\system32\z2795roj6de.ocx
c:\windows\system32\z353viru9320.dll
c:\windows\system32\z4518vi5us469.cpl
c:\windows\system32\z4a3th9e52034.ocx
c:\windows\system32\z5365v9rus7c5.ocx
c:\windows\system32\z55cv9r2955.cpl
c:\windows\system32\z5953spy959.bin
c:\windows\system32\z5989virus2ab9.cpl
c:\windows\system32\z5d9spy95re691.cpl
c:\windows\system32\z5dcv9r2856.cpl
c:\windows\system32\z69fth5eat13257.dll
c:\windows\system32\z7598spy515.bin
c:\windows\system32\z82995rm52c.cpl
c:\windows\system32\z870sparse93965.exe
c:\windows\system32\z937vir2559.ocx
c:\windows\system32\z9505ot-a-virus109.ocx
c:\windows\system32\z9549worm159.ocx
c:\windows\system32\z98695rus6e7.dll
c:\windows\system32\z995thief5701.bin
c:\windows\system32\z9a5threat19595.cpl
c:\windows\Temp\1616217584.exe
c:\windows\Temp\230618176.exe
c:\windows\Temp\2640203648.exe
c:\windows\Temp\2645507648.exe
c:\windows\Temp\333254320.exe
c:\windows\Temp\3346284352.exe
c:\windows\Temp\3921828912.exe
c:\windows\z0989spy529.dll
c:\windows\z169vir851.dll
c:\windows\z19245pamb9t391.ocx
c:\windows\z1e9st5al2958.ocx
c:\windows\z375worm9b5.dll
c:\windows\z37935py51c.dll
c:\windows\z4512vi9us724.ocx
c:\windows\z4558s9y1a2.ocx
c:\windows\z48069irus225.cpl
c:\windows\z496tr5j2a4.ocx
c:\windows\z498worm592.exe
c:\windows\z5057s9y255.dll
c:\windows\z50faddware129.ocx
c:\windows\z51fdown9oader3048.bin
c:\windows\z52spyware493.exe
c:\windows\z5396sp9mbot5f5.bin
c:\windows\z547backdoor58759.bin
c:\windows\z55spyware11169.ocx
c:\windows\z5617spam59t5a.dll
c:\windows\z579s9yware404.exe
c:\windows\z59avir637.ocx
c:\windows\z7258wor9574.cpl
c:\windows\z7505spy90a.bin
c:\windows\z8fdd9wnloader5276.bin
c:\windows\z9085troj562.bin
c:\windows\z95dthief2415.cpl
c:\windows\z95thie51952.bin
c:\windows\z97dthief2519.cpl
c:\windows\z99205ot-a-virus171.exe
c:\windows\za9ba9dw5re2078.dll
c:\windows\ze09stea5995.cpl
D:\Desktop.ini
.
---- Previous Run -------
.
C:\autorun.inf
c:\program files\ThunMail
c:\windows\system32\dcads-remove.exe
c:\windows\system32\drivers\gaopdxdfpjuepeceoxxteugbnuyneowipidpcp.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxlgscdditfyqtydlbhfapgfwdyisorwpj.dll
c:\windows\system32\setup2.exe
c:\windows\system32\SYS32DLL.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-09-03 17:00 . 2009-09-03 17:00 11081 ----a-w c:\windows\39czspyware5.dll
2009-05-22 11:12 . 2009-05-22 11:12 -------- d-sh--w C:\found.000
2009-05-21 10:43 . 2009-05-21 10:49 -------- d-----w c:\program files\Easy Message
2009-05-20 05:49 . 2009-03-19 06:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-20 05:49 . 2008-04-17 02:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-20 05:48 . 2009-05-20 05:48 -------- d-----w c:\program files\iPod
2009-05-20 05:48 . 2009-05-20 05:49 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-20 05:48 . 2009-05-20 05:49 -------- d-----w c:\program files\iTunes
2009-05-20 05:44 . 2009-05-20 05:44 -------- d-----w c:\program files\Bonjour
2009-05-20 05:41 . 2009-05-20 05:42 -------- d-----w c:\program files\QuickTime
2009-05-20 01:44 . 2009-05-20 01:44 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-19 16:31 . 2009-05-19 16:31 153 ----a-w C:\43454354.bat
2009-05-19 16:31 . 2009-05-19 16:31 2 ---h--w c:\windows\sto453660.dat
2009-05-19 13:20 . 2009-05-19 13:20 2 ---h--w c:\windows\sto453553.dat
2009-05-19 05:21 . 2009-05-22 08:48 -------- d-----w c:\windows\system32\790151
2009-05-18 08:09 . 2009-05-22 08:48 -------- d-----w c:\windows\system32\796525
2009-05-18 08:09 . 2009-05-18 08:09 2 ---h--w c:\windows\sto453601.dat
2009-05-18 08:09 . 2009-05-18 08:09 -------- d-----w c:\program files\websrvx
2009-05-17 09:28 . 2009-05-22 11:01 -------- d-----w C:\ComboFix
2009-05-17 03:47 . 2009-05-17 03:47 -------- d-----w c:\program files\WinBlueSoft Software
2009-05-09 05:24 . 2008-07-29 16:06 36368 ----a-w c:\windows\system32\drivers\tmpreflt.sys
2009-05-09 05:24 . 2008-07-29 16:06 205328 ----a-w c:\windows\system32\drivers\tmxpflt.sys
2009-05-08 00:05 . 2008-07-29 16:06 144912 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-05-08 00:04 . 2008-07-29 16:06 1195448 ----a-w c:\windows\system32\drivers\vsapint.sys
2009-04-28 05:10 . 2009-04-28 05:11 -------- d-----w c:\windows\system32\config\systemprofile\AppData\Roaming\Roxio
2009-04-28 01:54 . 2009-04-28 01:54 -------- d-----w c:\windows\system32\config\systemprofile\AppData\Local\Google
2009-04-22 22:08 . 2009-04-22 22:08 8508 ----a-w c:\windows\19z79not-a-vir5se.exe

descriptionInfected by Winblue Soft EmptyRe: Infected by Winblue Soft22nd May 2009, 12:28 pm

more_horiz
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 11:08 . 2009-04-07 04:46 -------- d-----w c:\windows\system32\config\systemprofile\AppData\Roaming\uTorrent
2009-05-20 09:16 . 2008-02-27 06:01 -------- d-----w c:\users\erin\AppData\Roaming\uTorrent
2009-05-20 09:07 . 2007-11-21 10:24 -------- d-----w c:\program files\Nokia
2009-05-20 09:04 . 2007-11-21 10:16 61440 ----a-w c:\programdata\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-20 09:04 . 2007-11-21 10:16 10240 ----a-w c:\programdata\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCS.exe
2009-05-20 09:04 . 2007-11-21 10:16 8192 ----a-w c:\programdata\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstCCD.exe
2009-05-20 08:55 . 2006-12-20 04:54 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-20 05:48 . 2007-08-26 06:56 -------- d-----w c:\program files\Common Files\Apple
2009-05-16 09:42 . 2007-06-30 19:53 87640 ----a-w c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-15 09:44 . 2009-04-03 06:45 -------- d-----w c:\program files\NCH Software
2009-05-15 09:43 . 2009-04-07 05:36 -------- d-----w c:\program files\Common Files\Ahead
2009-05-15 09:42 . 2006-12-20 05:29 -------- d-----w c:\program files\DivX
2009-05-11 05:38 . 2007-08-26 08:30 -------- d-----w c:\program files\Norton Security Scan
2009-05-07 23:47 . 2006-12-20 05:04 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-07 23:42 . 2006-12-20 05:04 -------- d-----w c:\programdata\Symantec
2009-04-30 21:32 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-30 21:32 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-30 21:32 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-30 21:32 . 2006-12-20 05:16 -------- d-----w c:\program files\Microsoft Works
2009-04-30 21:32 . 2009-04-08 01:05 -------- d-----w c:\program files\DVD Shrink
2009-04-30 21:32 . 2006-12-20 05:04 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-04-29 08:38 . 2006-12-20 05:00 -------- d-----w c:\programdata\Roxio
2009-04-24 08:47 . 2008-02-27 06:03 -------- d-----w c:\program files\uTorrent
2009-04-22 03:20 . 2009-04-10 02:36 -------- d-----w c:\program files\Common Files\Nero
2009-04-22 03:15 . 2009-04-03 06:40 -------- d-----w c:\program files\NCH Swift Sound
2009-04-22 03:14 . 2009-04-22 03:14 -------- d-----w c:\windows\system32\config\systemprofile\AppData\Roaming\NCH Swift Sound
2009-04-12 02:29 . 2009-04-12 02:29 -------- d-----w c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2009-04-12 02:15 . 2007-11-27 00:40 -------- d-----w c:\program files\Windows Live
2009-04-10 05:42 . 2009-04-10 02:37 -------- d-----w c:\programdata\Nero
2009-04-09 11:03 . 2009-04-09 10:55 -------- d-----w c:\windows\system32\config\systemprofile\AppData\Roaming\Digsby
2009-04-08 21:50 . 2009-04-08 21:50 -------- d-----w c:\windows\system32\config\systemprofile\AppData\Roaming\Symantec
2009-04-08 04:11 . 2009-04-08 01:05 -------- d-----w c:\programdata\DVD Shrink
2009-04-07 11:45 . 2009-04-07 11:45 -------- d-----w c:\windows\system32\config\systemprofile\AppData\Roaming\GRETECH
2009-04-07 05:39 . 2009-04-07 05:38 -------- d-----w c:\program files\PS3 Media Server
2009-04-07 05:37 . 2009-04-07 05:37 -------- d-----w c:\programdata\Ahead
2009-04-07 05:03 . 2009-04-07 05:03 -------- d-----w c:\windows\system32\config\systemprofile\AppData\Roaming\dvdcss
2009-04-06 04:58 . 2007-06-30 20:44 7186 ----a-w c:\users\erin\AppData\Roaming\wklnhst.dat
2009-04-03 06:50 . 2009-04-03 06:45 -------- d-----w c:\programdata\NCH Swift Sound
2009-04-03 06:47 . 2009-04-03 06:47 -------- d-----w c:\programdata\NCH Software
2009-04-03 06:45 . 2009-04-03 06:45 27136 ----a-w c:\windows\system32\drivers\nchssvad.sys
2009-04-03 06:45 . 2009-04-03 06:44 -------- d-----w c:\users\erin\AppData\Roaming\NCH Swift Sound
2009-03-31 04:35 . 2009-04-21 22:14 17160 ----a-w c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 06:30 . 2009-04-21 22:14 17160 ----a-w c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-28 23:10 . 2009-03-28 23:10 -------- d-----w c:\users\erin\AppData\Roaming\Sony Corporation
2009-03-28 08:53 . 2007-08-26 10:21 -------- d-----w c:\users\erin\AppData\Roaming\dvdcss
2009-03-24 00:17 . 2008-05-17 00:57 -------- d-----w c:\users\erin\AppData\Roaming\My Games
2009-03-24 00:06 . 2008-07-07 10:23 -------- d-----w c:\program files\Common Files\Adobe
2009-03-24 00:01 . 2009-03-24 00:01 -------- d-----w c:\programdata\Office Genuine Advantage
2009-03-19 06:32 . 2009-03-19 06:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-06 07:12 . 2008-01-08 22:20 21256 ----a-w c:\windows\Help\OEM\scripts\HPscript.exe
2009-03-05 02:29 . 2009-03-17 22:13 16648 ----a-w c:\windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"uTorrent"="c:\windows\system32\config\systemprofile\Desktop\uTorrent.exe" [2009-02-15 270128]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-03 167936]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-09-22 144792]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{15FEB79B-DB6E-4693-AACE-BD2075D2FF58}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{5EEC6061-505A-4ED6-B0CD-CCE4C620FAC8}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{08094204-5A2E-4C31-9E8C-7E48DC684ACB}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{BB6EAA10-A57A-4DF9-85FC-0730566C3E19}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{00320C23-6BAB-47E5-B71A-003065996B34}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{B2B14CA0-7658-47C9-8196-FD5BC1ABAF85}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{E3EB54DC-2774-4A39-94B8-9BD040553DA9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{BBD78239-13B6-4277-951F-3CF917526078}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8CB42DB4-21C2-4B97-B4C2-59ADC9408A67}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D85E5C64-985C-49F7-B551-235AC910B6DD}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{F4BA0750-A8B3-4D02-8A89-5656AA2D2B6C}"= UDP:c:\windows\system32\config\systemprofile\Downloads\utorrent.exe:µTorrent (TCP-In)
"{A9221765-482B-4E5F-A7FB-C83A1443CB7A}"= TCP:c:\windows\system32\config\systemprofile\Downloads\utorrent.exe:µTorrent (UDP-In)
"{C37EC530-3917-4286-9854-FE199E23D31A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FFF4AE9B-3D8A-4A3C-9A54-AFCB98352F1D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{5E7A0E52-1D99-4A10-8DE9-700B8A7130AF}"= UDP:c:\windows\system32\config\systemprofile\Desktop\uTorrent.exe:µTorrent (TCP-In)
"{FE6F8389-484A-4A2E-9077-6888D39F5B25}"= TCP:c:\windows\system32\config\systemprofile\Desktop\uTorrent.exe:µTorrent (UDP-In)
"{29DD181A-9D52-40DA-B32F-8CF7C10F7465}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{56A88EFE-CCC5-413B-990F-E4D3C1F76C87}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{012E212F-9AE4-404B-9CC1-7A6737FADDFA}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{AEDE3361-D7BD-440A-9261-B5B840E0381B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{B5381FD2-882D-47C2-9B84-349E0066696B}"= UDP:c:\windows\system32\config\systemprofile\Desktop\uTorrent.exe:µTorrent (TCP-In)
"{B16DC444-59DC-4640-8BB8-051D8F2C652D}"= TCP:c:\windows\system32\config\systemprofile\Desktop\uTorrent.exe:µTorrent (UDP-In)
"{FF0A8EED-29BE-4277-81E3-CF4E3B95D1AE}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{F3E31DD9-5046-411F-A418-8B2D8970A98B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{3D74CE0A-B3A1-47C1-A948-B065657C9260}"= UDP:c:\windows\system32\config\systemprofile\Desktop\uTorrent.exe:µTorrent (TCP-In)
"{052554DA-A0BC-47BA-8335-BA208A9CD940}"= TCP:c:\windows\system32\config\systemprofile\Desktop\uTorrent.exe:µTorrent (UDP-In)
"{C0CA1EF6-3ABF-47D1-A58F-A8F64D44D20A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{9BC2643B-9987-488E-B3D3-074AF3A4E28C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{108CEEB0-F2E0-4685-BF59-53A9C428A2D8}"= UDP:c:\windows\system32\config\systemprofile\Desktop\uTorrent.exe:µTorrent (TCP-In)
"{3B53D887-E87C-409A-BB6F-B9CB2DBB2D92}"= TCP:c:\windows\system32\config\systemprofile\Desktop\uTorrent.exe:µTorrent (UDP-In)
"{0ABC285B-2231-4058-AC74-934ABCF83BAC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{57CC649E-4B48-4228-AF6E-4DE380AEF3C0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{103E7AE7-8623-48DC-B780-76A64D2487E9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B9DEB46B-1649-4C50-9D51-A7C28C25790F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [9/05/2009 3:24 PM 36368]
R2 websrvx;websrvx;c:\program files\websrvx\websrvx.exe [18/05/2009 6:09 PM 9728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-EasyMessage - c:\program files\Easy Message\em2.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local;
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\3ebedxwp.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 21:36
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
EasyMessage = c:\program files\Easy Message\em2.exe????????(????3?????H????:3??????????:3? ????:3??:3??????:3?3 d?????????l???????0?????^w?ibw????G$dwL!dwA???P????:3?????A???-?dw(????????(3??????(3??????j??????)????????????g??8????h???)3??k??L???P?????????^w????P???????q?:v

scanning hidden files ...


c:\windows\system32\config\SYSTEM~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-22 21:40
ComboFix-quarantined-files.txt 2009-05-22 11:40

Pre-Run: 3,267,035,136 bytes free
Post-Run: 4,185,198,592 bytes free

1001 --- E O F --- 2009-03-23 23:09

descriptionInfected by Winblue Soft EmptyRe: Infected by Winblue Soft23rd May 2009, 12:27 am

more_horiz
I see that you are running uTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If uTorrent is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • uTorrent





Now open a new notepad file.
Input this into the notepad file:

File::
C:\autorun.inf
c:\program files\ThunMail
c:\windows\system32\dcads-remove.exe
c:\windows\system32\drivers\gaopdxdfpjuepeceoxxteugbnuyneowipidpcp.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxlgscdditfyqtydlbhfapgfwdyisorwpj.dll
c:\windows\system32\setup2.exe
c:\windows\system32\SYS32DLL.exe
D:\Autorun.inf
c:\windows\39czspyware5.dll
C:\found.000
c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
C:\43454354.bat
c:\windows\sto453660.dat
c:\windows\sto453553.dat
c:\windows\system32\790151
c:\windows\system32\796525
c:\windows\sto453601.dat
c:\windows\system32\config\systemprofile\AppData\Roaming\uTorrent'
c:\users\erin\AppData\Roaming\uTorrent
c:\program files\websrvx\websrvx.exe


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Infected by Winblue Soft Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

............................................................................................

While my help is always free, please consider donating to keep this site alive: Donate

Infected by Winblue Soft 2wg6fte

descriptionInfected by Winblue Soft EmptyRe: Infected by Winblue Soft

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum