GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


WinBlueSoft

3 posters

descriptionWinBlueSoft EmptyWinBlueSoft16th May 2009, 7:31 pm

more_horiz
Admin edit:

Other people with WinBlueSoft on your computer, please read this and post your HijackThis log in a new topic here. An expert will be assisting you to remove it for free.

You have to be a member to post questions, you can register for free here: register.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:03 PM, on 5/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\All Users\Application Data\OneStepSrch\onestep210.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\setup2.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Sierra\GPlan\CALTRAY.EXE
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Owner\Desktop\Hijack(GP)This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qca10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qca10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {491AF6C5-21F2-46E1-C653-3DF529127D7B} - C:\WINDOWS\wcidBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {85CF4327-68DE-1974-B32E-766E84A9706C} - C:\WINDOWS\wcidBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-356756253.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-356756253.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Sierra Garden Planner Tray Application.lnk = C:\Sierra\GPlan\CALTRAY.EXE
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-356756253.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-356756253.dll/gn_menu2.html
O9 - Extra button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - https://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - https://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - http://td.nortonconfidenceonline.com/plug-in/WSAS.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe (file missing)
O23 - Service: OneStepSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\OneStepSrch\onestep210.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13246 bytes

Hello!
I sure hope you guys can help! I was trying to fix my moms computer and downloaded WinBlue Soft. I know, I should of read more than one site of reviews. I have tried everything to stop the pop ups, as well as uninstalling that program. Nothing works. I've tried using the Malwarebytes program and it removed 27 infections. I restarted and ran the scan again as the pop ups were still happening and it found 4 more. I restarted again and Im still getting the pop ups as well as the " your computer is getting hacked" messages. I also get a message every half hour saying that my memorie is low. Its not. 18 gigs+ left.
Ive downloaded the following programs to no avail - ATF Cleaner, SYSRestore Point, Malwarebytes, Unhackme, and most recently hijackthis.

Please Help, its my Ma's computer and its her life.

Thanks!

descriptionWinBlueSoft EmptyRe: WinBlueSoft16th May 2009, 7:42 pm

more_horiz
Hello Berqy123,

My name is Origin and I will be helping you today.



1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.

descriptionWinBlueSoft EmptyRe: WinBlueSoft16th May 2009, 7:54 pm

more_horiz
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.


When windows loaded up this time it said No disk and asked if I wanted to continue I said yes about 5 times.

descriptionWinBlueSoft EmptyRe: WinBlueSoft16th May 2009, 7:57 pm

more_horiz
Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

  • Please download RootRepeal.zip from here.
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
    WinBlueSoft Ty87394lm6zwsm8gt

  • Select ALL of the checkboxes and then click OK and it will start scanning your system.
    WinBlueSoft Jzploa1hjbxcmszn3j35
  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

descriptionWinBlueSoft EmptyRe: WinBlueSoft16th May 2009, 8:11 pm

more_horiz
ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/16 15:59
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF36F6000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A31000 Size: 8192 File Visible: No
Status: -

Name: ezbvozst.sys
Image Path: ezbvozst.sys
Address: 0xF74E9000 Size: 61440 File Visible: No
Status: -

Name: Partizan.sys
Image Path: Partizan.sys
Address: 0xF7769000 Size: 30880 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEDBEA000 Size: 45056 File Visible: No
Status: -

Name: UnHackMeDrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\UnHackMeDrv.sys
Address: 0xF7A3F000 Size: 4832 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: \\?\C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for RootRepeal.zip\*
Status: Could not enumerate files with the Windows API (0x00000003)!


Path: C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for RootRepeal.zip\RootRepeal.exe
Status: Invisible to the Windows API!

Thank you so much for the help :o)
When i loaded up the program it said "Error - Invalid PE Image Found"

It may take a few moments for me to reply as that stupid software keeps telling me that Im browsing antivirus free and I should be careful

descriptionWinBlueSoft EmptyRe: WinBlueSoft16th May 2009, 8:18 pm

more_horiz
Hello the log looks incomplete, can you post the full one please.

descriptionWinBlueSoft EmptyRe: WinBlueSoft16th May 2009, 8:21 pm

more_horiz
That was all that was in there. Ill run it again.

descriptionWinBlueSoft EmptyRe: WinBlueSoft16th May 2009, 8:30 pm

more_horiz
Hey!,
I re-ran the report and it looks the same. I enclosed another that was there as well. I hope this helps

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/16 16:19
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF36F6000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A31000 Size: 8192 File Visible: No
Status: -

Name: ezbvozst.sys
Image Path: ezbvozst.sys
Address: 0xF74E9000 Size: 61440 File Visible: No
Status: -

Name: Partizan.sys
Image Path: Partizan.sys
Address: 0xF7769000 Size: 30880 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE39E000 Size: 45056 File Visible: No
Status: -

Name: UnHackMeDrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\UnHackMeDrv.sys
Address: 0xF7A3F000 Size: 4832 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/16 16:19
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS
Address: 0xF7579000 Size: 57344 File Visible: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF749A000 Size: 187776 File Visible: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189056 File Visible: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF4C38000 Size: 138496 File Visible: -
Status: -

Name: AFS2K.SYS
Image Path: C:\WINDOWS\System32\Drivers\AFS2K.SYS
Address: 0xF75D9000 Size: 35840 File Visible: -
Status: -

Name: AGRSM.sys
Image Path: C:\WINDOWS\System32\DRIVERS\AGRSM.sys
Address: 0xF61AF000 Size: 1066208 File Visible: -
Status: -

Name: ALCXWDM.SYS
Image Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xF5F3B000 Size: 2279424 File Visible: -
Status: -

Name: amdk7.sys
Image Path: C:\WINDOWS\System32\DRIVERS\amdk7.sys
Address: 0xF75B9000 Size: 37760 File Visible: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7452000 Size: 96512 File Visible: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF7B0E000 Size: 3072 File Visible: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7A67000 Size: 4224 File Visible: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF78F9000 Size: 12288 File Visible: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF3D16000 Size: 63744 File Visible: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF75E9000 Size: 62976 File Visible: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF7539000 Size: 53248 File Visible: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7529000 Size: 36352 File Visible: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7629000 Size: 61440 File Visible: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF36F6000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A31000 Size: 8192 File Visible: No
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF4B6B000 Size: 12288 File Visible: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7B12000 Size: 4096 File Visible: -
Status: -

Name: ezbvozst.sys
Image Path: ezbvozst.sys
Address: 0xF74E9000 Size: 61440 File Visible: No
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xF370E000 Size: 143744 File Visible: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF78A9000 Size: 27392 File Visible: -
Status: -

Name: fetnd5bv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
Address: 0xF7639000 Size: 42496 File Visible: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF6373000 Size: 44544 File Visible: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF78E9000 Size: 20480 File Visible: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF73F7000 Size: 129792 File Visible: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A65000 Size: 7936 File Visible: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF746A000 Size: 125056 File Visible: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
Address: 0xF7609000 Size: 40960 File Visible: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 131840 File Visible: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xEE586000 Size: 264832 File Visible: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF7659000 Size: 52480 File Visible: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xF75C9000 Size: 42112 File Visible: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xF4B77000 Size: 152832 File Visible: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xF4CDB000 Size: 75264 File Visible: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF74F9000 Size: 37248 File Visible: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF78C1000 Size: 24576 File Visible: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF79E9000 Size: 8192 File Visible: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xED9BF000 Size: 172416 File Visible: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys
Address: 0xF618C000 Size: 143360 File Visible: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF73CE000 Size: 92288 File Visible: -
Status: -

Name: LVCM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\LVCM.sys
Address: 0xF3DA8000 Size: 471232 File Visible: -
Status: -

Name: lvusbsta.sys
Image Path: C:\WINDOWS\system32\drivers\lvusbsta.sys
Address: 0xF6353000 Size: 45056 File Visible: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7A69000 Size: 4224 File Visible: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF7889000 Size: 30080 File Visible: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF78B1000 Size: 23040 File Visible: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7509000 Size: 42368 File Visible: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xEEB1C000 Size: 180608 File Visible: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xF4B9D000 Size: 455296 File Visible: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF77C1000 Size: 19072 File Visible: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF76E9000 Size: 35072 File Visible: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF6B6B000 Size: 15488 File Visible: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF72FA000 Size: 105344 File Visible: -
Status: -

Name: MxlW2k.SYS
Image Path: C:\WINDOWS\System32\Drivers\MxlW2k.SYS
Address: 0xF7891000 Size: 25504 File Visible: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7314000 Size: 182656 File Visible: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF79E5000 Size: 10112 File Visible: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xEEEBE000 Size: 14592 File Visible: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF5EEC000 Size: 91520 File Visible: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7709000 Size: 40576 File Visible: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF7559000 Size: 34688 File Visible: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xF4C5A000 Size: 162816 File Visible: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF77C9000 Size: 30848 File Visible: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7341000 Size: 574976 File Visible: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189056 File Visible: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7BBD000 Size: 2944 File Visible: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF7569000 Size: 61696 File Visible: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xF5F03000 Size: 80128 File Visible: -
Status: -

Name: Partizan.sys
Image Path: Partizan.sys
Address: 0xF7769000 Size: 30880 File Visible: No
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7779000 Size: 19712 File Visible: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF79F3000 Size: 6784 File Visible: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7489000 Size: 68224 File Visible: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7AB1000 Size: 3328 File Visible: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7771000 Size: 28672 File Visible: -
Status: -

Name: pfc.sys
Image Path: C:\WINDOWS\system32\drivers\pfc.sys
Address: 0xF79D5000 Size: 9856 File Visible: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189056 File Visible: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF5F17000 Size: 147456 File Visible: -
Status: -

Name: PS2.sys
Image Path: C:\WINDOWS\System32\DRIVERS\PS2.sys
Address: 0xF78B9000 Size: 23808 File Visible: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xF5EDB000 Size: 69120 File Visible: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF78D1000 Size: 17792 File Visible: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7549000 Size: 35680 File Visible: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF798D000 Size: 8832 File Visible: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF76B9000 Size: 51328 File Visible: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF76C9000 Size: 41472 File Visible: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF76D9000 Size: 48384 File Visible: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF78D9000 Size: 16512 File Visible: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189056 File Visible: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xF4C0D000 Size: 175744 File Visible: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7A6B000 Size: 4224 File Visible: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF75F9000 Size: 57600 File Visible: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE39E000 Size: 45056 File Visible: No
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS
Address: 0xF7417000 Size: 98304 File Visible: -
Status: -

Name: secdrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\secdrv.sys
Address: 0xEEC8E000 Size: 40960 File Visible: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xF79E1000 Size: 15744 File Visible: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF7649000 Size: 64512 File Visible: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF73E5000 Size: 73472 File Visible: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xEE9DA000 Size: 333952 File Visible: -
Status: -

descriptionWinBlueSoft EmptyRe: WinBlueSoft16th May 2009, 8:30 pm

more_horiz
Name: srvkp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srvkp.sys
Address: 0xF7999000 Size: 11392 File Visible: -
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xF6343000 Size: 53248 File Visible: -
Status: -

Name: sunkfilt.sys
Image Path: C:\WINDOWS\System32\Drivers\sunkfilt.sys
Address: 0xF77E1000 Size: 26368 File Visible: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF7A4F000 Size: 4352 File Visible: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF6303000 Size: 60800 File Visible: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xF4C82000 Size: 361600 File Visible: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF78C9000 Size: 20480 File Visible: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF76F9000 Size: 40704 File Visible: -
Status: -

Name: UnHackMeDrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\UnHackMeDrv.sys
Address: 0xF7A3F000 Size: 4832 File Visible: No
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF5E7D000 Size: 384768 File Visible: -
Status: -

Name: usbaudio.sys
Image Path: C:\WINDOWS\system32\drivers\usbaudio.sys
Address: 0xF6323000 Size: 60032 File Visible: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Address: 0xF77D9000 Size: 32128 File Visible: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF7A53000 Size: 8192 File Visible: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF78A1000 Size: 30208 File Visible: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF7739000 Size: 59520 File Visible: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF6168000 Size: 147456 File Visible: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbprint.sys
Address: 0xF77F1000 Size: 25856 File Visible: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Address: 0xF77E9000 Size: 26368 File Visible: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF7899000 Size: 20608 File Visible: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF77B9000 Size: 20992 File Visible: -
Status: -

Name: viaagp1.sys
Image Path: viaagp1.sys
Address: 0xF7781000 Size: 27904 File Visible: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xF79ED000 Size: 5376 File Visible: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xF62B4000 Size: 81920 File Visible: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7519000 Size: 52352 File Visible: -
Status: -

Name: vtdisp.dll
Image Path: C:\WINDOWS\System32\vtdisp.dll
Address: 0xBF9D5000 Size: 3448832 File Visible: -
Status: -

Name: vtmini.sys
Image Path: C:\WINDOWS\System32\DRIVERS\vtmini.sys
Address: 0xF62C8000 Size: 172672 File Visible: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF6363000 Size: 34560 File Visible: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF3CCC000 Size: 20480 File Visible: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xEED51000 Size: 83072 File Visible: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF79EB000 Size: 8192 File Visible: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189056 File Visible: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xF7995000 Size: 12032 File Visible: -
Status: -

descriptionWinBlueSoft EmptyRe: WinBlueSoft16th May 2009, 8:34 pm

more_horiz

  • Download combofix from here
    Link 1
    Link 2
  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    WinBlueSoft Rcauto10

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    WinBlueSoft Whatne10

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionWinBlueSoft EmptyRe: WinBlueSoft16th May 2009, 9:27 pm

more_horiz
ComboFix 09-05-16.03 - Owner 05/16/2009 16:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.178 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\Local Settings\Temp\IadHide5.dll
c:\program files\INSTALL.LOG
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://sunmicro.ht.rd.llnw.net
.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-12-28 15:33 . 2009-12-28 15:33 2854 ----a-w c:\windows\system32\5090spy210z.dll
2009-12-28 01:58 . 2009-12-28 01:58 12049 ----a-w c:\windows\system32\2cdd5aczdoor9934.exe
2009-12-26 01:38 . 2009-12-26 01:38 2853 ----a-w c:\windows\system32\85tr9j15z.dll
2009-12-23 06:31 . 2009-12-23 06:31 4648 ----a-w c:\windows\system32\10z97hackto5l40f9.exe
2009-12-21 07:47 . 2009-12-21 07:47 12096 ----a-w c:\windows\system32\6a9fspa5sez007.dll
2009-12-17 11:44 . 2009-12-17 11:44 16568 ----a-w c:\windows\system32\95469pam5zt30f.dll
2009-12-10 08:25 . 2009-12-10 08:25 15213 ----a-w c:\windows\system32\2z23hackto9l3465.dll
2009-12-09 21:21 . 2009-12-09 21:21 12710 ----a-w c:\windows\system32\7550baczdoo92653.bin
2009-12-08 10:44 . 2009-12-08 10:44 7936 ----a-w c:\windows\4918thr5az217959.exe
2009-12-05 18:55 . 2009-12-05 18:55 6120 ----a-w c:\windows\18259zirus4419.dll
2009-12-04 09:55 . 2009-12-04 09:55 12053 ----a-w c:\windows\system32\26054ha9kt5oz23.dll
2009-12-04 00:49 . 2009-12-04 00:49 11129 ----a-w c:\windows\system32\19014tro5677z.exe
2009-11-28 11:10 . 2009-11-28 11:10 18218 ----a-w c:\windows\system32\799zthief2590.dll
2009-11-27 01:49 . 2009-11-27 01:49 12559 ----a-w c:\windows\system32\309athief5518z.bin
2009-11-25 06:34 . 2009-11-25 06:34 14679 ----a-w c:\windows\15z81not-a-vi5us699.dll
2009-11-24 12:29 . 2009-11-24 12:29 14214 ----a-w c:\windows\system32\29aspzware1055.exe
2009-11-23 13:44 . 2009-11-23 13:44 9989 ----a-w c:\windows\system32\30zd5pyware2912.dll
2009-11-19 22:49 . 2009-11-19 22:49 2780 ----a-w c:\windows\5d66spar9e4z9.bin
2009-11-19 08:36 . 2009-11-19 08:36 9419 ----a-w c:\windows\6c5fzac95oor441.exe
2009-11-17 18:45 . 2009-11-17 18:45 11842 ----a-w c:\windows\system32\39b4downlo5dzr9289.dll
2009-11-16 23:50 . 2009-11-16 23:50 9139 ----a-w c:\windows\system32\689zbackdoor5632.exe
2009-11-08 23:15 . 2009-11-08 23:15 9260 ----a-w c:\windows\system32\215zt9reat51082.bin
2009-11-07 03:40 . 2009-11-07 03:40 3893 ----a-w c:\windows\system32\39e9viz2850.dll
2009-11-05 20:16 . 2009-11-05 20:16 5548 ----a-w c:\windows\1z81ste5l2906.exe
2009-11-01 15:12 . 2009-11-01 15:12 15358 ----a-w c:\windows\9e5fspzrse409.dll
2009-10-25 05:58 . 2009-10-25 05:58 12726 ----a-w c:\windows\system32\9517vzru9456.bin
2009-10-25 01:54 . 2009-10-25 01:54 13742 ----a-w c:\windows\system32\3145szamb5t99c.bin
2009-10-24 07:58 . 2009-10-24 07:58 11548 ----a-w c:\windows\2e5fvzr9219.exe
2009-10-23 22:07 . 2009-10-23 22:07 3710 ----a-w c:\windows\50b3stea59165z.bin
2009-10-23 08:46 . 2009-10-23 08:46 8839 ----a-w c:\windows\system32\6405za9ktoo5b1.exe
2009-10-18 22:26 . 2009-10-18 22:26 3610 ----a-w c:\windows\13955py6f9z.exe
2009-10-16 09:52 . 2009-10-16 09:52 14282 ----a-w c:\windows\system32\991vir2z51.exe
2009-10-13 05:59 . 2009-10-13 05:59 8824 ----a-w c:\windows\system32\25czvi92674.exe
2009-10-12 21:20 . 2009-10-12 21:20 9022 ----a-w c:\windows\system32\16325z9cktool565.dll
2009-10-12 20:50 . 2009-10-12 20:50 13248 ----a-w c:\windows\55e5tzie9383.dll
2009-10-08 19:48 . 2009-10-08 19:48 9345 ----a-w c:\windows\system32\4e4zad9ware2056.exe
2009-10-01 20:01 . 2009-10-01 20:01 8627 ----a-w c:\windows\system32\7979spam5ot6dz.exe
2009-10-01 02:04 . 2009-10-01 02:04 7221 ----a-w c:\windows\system32\3192zspy759.bin
2009-09-27 09:39 . 2009-09-27 09:39 4504 ----a-w c:\windows\system32\z9d5ir1727.dll
2009-09-26 20:19 . 2009-09-26 20:19 11349 ----a-w c:\windows\56959tr9j2b1z.dll
2009-09-20 04:08 . 2009-09-20 04:08 9979 ----a-w c:\windows\system32\z6288wor59d.dll
2009-09-18 00:36 . 2009-09-18 00:36 15646 ----a-w c:\windows\system32\114za9dware6595.exe
2009-09-17 14:37 . 2009-09-17 14:37 10366 ----a-w c:\windows\5aab9parsz2254.exe
2009-09-16 14:27 . 2009-09-16 14:27 3378 ----a-w c:\windows\z097v5ru934b.exe
2009-09-14 00:42 . 2009-09-14 00:42 5375 ----a-w c:\windows\system32\z5654tro9552.bin
2009-09-11 01:13 . 2009-09-11 01:13 3515 ----a-w c:\windows\system32\4e69spzware5693.bin
2009-09-07 14:32 . 2009-09-07 14:32 4918 ----a-w c:\windows\3663ad9waze2555.exe
2009-09-04 01:33 . 2009-09-04 01:33 3619 ----a-w c:\windows\16958spz65b.bin
2009-09-01 04:36 . 2009-09-01 04:36 8440 ----a-w c:\windows\system32\14721s9am5oz137.exe
2009-08-27 23:50 . 2009-08-27 23:50 5819 ----a-w c:\windows\217959pamb5t3dz.dll
2009-08-27 15:54 . 2009-08-27 15:54 15187 ----a-w c:\windows\system32\1432b5zkdoor3936.exe
2009-08-25 20:40 . 2009-08-25 20:40 11557 ----a-w c:\windows\192695i9uz7ce.exe
2009-08-25 16:18 . 2009-08-25 16:18 11372 ----a-w c:\windows\system32\19425virus7aez.exe
2009-08-25 10:59 . 2009-08-25 10:59 10357 ----a-w c:\windows\5529sp54d2z.bin
2009-08-21 18:56 . 2009-08-21 18:56 8839 ----a-w c:\windows\system32\5z749spambot7a3.dll
2009-08-21 07:16 . 2009-08-21 07:16 8243 ----a-w c:\windows\2389spamb5z251.exe
2009-08-20 09:13 . 2009-08-20 09:13 12246 ----a-w c:\windows\60zea9dwa5e773.bin
2009-08-19 06:33 . 2009-08-19 06:33 5916 ----a-w c:\windows\system32\95969tr5z750.dll
2009-08-17 16:58 . 2009-08-17 16:58 13387 ----a-w c:\windows\79z4spyw5re522.bin
2009-08-17 11:07 . 2009-08-17 11:07 15887 ----a-w c:\windows\10fczpywar9595.bin
2009-08-16 20:42 . 2009-08-16 20:42 17875 ----a-w c:\windows\z4314t5oj339.dll
2009-08-15 09:59 . 2009-08-15 09:59 6859 ----a-w c:\windows\20f4v9rz75.bin
2009-08-14 00:10 . 2009-08-14 00:10 12848 ----a-w c:\windows\5f59backdoo9z018.exe
2009-08-13 17:11 . 2009-08-13 17:11 4189 ----a-w c:\windows\system32\z81665py698.exe
2009-08-13 04:19 . 2009-08-13 04:19 2684 ----a-w c:\windows\system32\52398zpy9.dll
2009-08-08 14:41 . 2009-08-08 14:41 2723 ----a-w c:\windows\1650v9r735z.dll
2009-08-08 10:12 . 2009-08-08 10:12 17361 ----a-w c:\windows\system32\524zt95eat30607.bin
2009-08-07 00:46 . 2009-08-07 00:46 6866 ----a-w c:\windows\system32\7929spars5206z.bin
2009-08-04 18:23 . 2009-08-04 18:23 6064 ----a-w c:\windows\system32\51100not9azvirusfb.exe
2009-08-01 23:05 . 2009-08-01 23:05 2940 ----a-w c:\windows\2aza9ir566.bin
2009-07-26 23:40 . 2009-07-26 23:40 9264 ----a-w c:\windows\29459troj5z8.dll
2009-07-26 17:20 . 2009-07-26 17:20 16749 ----a-w c:\windows\67cedow5loa9er23z4.dll
2009-07-26 11:13 . 2009-07-26 11:13 10436 ----a-w c:\windows\812zspa59ot5f5.exe
2009-07-22 03:30 . 2009-07-22 03:30 18193 ----a-w c:\windows\15292s5azbot6d8.bin
2009-07-15 02:48 . 2009-07-15 02:48 16895 ----a-w c:\windows\system32\z99s9ambot45e5.dll
2009-07-12 12:19 . 2009-07-12 12:19 16410 ----a-w c:\windows\system32\11453s5ambzt9d4.dll
2009-07-09 18:28 . 2009-07-09 18:28 18044 ----a-w c:\windows\53z4backdoor1599.dll
2009-07-06 20:47 . 2009-07-06 20:47 6913 ----a-w c:\windows\system32\65389hiez2394.exe
2009-07-05 21:45 . 2009-07-05 21:45 11453 ----a-w c:\windows\5zd59hie580.exe
2009-07-05 21:30 . 2009-07-05 21:30 15468 ----a-w c:\windows\295259y3c1z.dll
2009-07-05 17:35 . 2009-07-05 17:35 5065 ----a-w c:\windows\56b8bzckdoor2859.exe
2009-07-03 11:00 . 2009-07-03 11:00 8489 ----a-w c:\windows\z0421hac5t9ol40a.dll
2009-07-03 02:47 . 2009-07-03 02:47 8306 ----a-w c:\windows\5796spa9bot5dz.exe
2009-07-03 00:45 . 2009-07-03 00:45 6166 ----a-w c:\windows\3d4fszy5are19209.bin
2009-07-01 17:38 . 2009-07-01 17:38 16463 ----a-w c:\windows\system32\7dfc9ddwarz605.dll
2009-06-28 02:26 . 2009-06-28 02:26 15176 ----a-w c:\windows\system32\z7csteal29605.dll
2009-06-27 20:29 . 2009-06-27 20:29 7409 ----a-w c:\windows\system32\46b1spy9aze579.dll
2009-06-25 11:35 . 2009-06-25 11:35 8478 ----a-w c:\windows\23544wo9z567.bin
2009-06-22 22:43 . 2009-06-22 22:43 2769 ----a-w c:\windows\13483hack95ol206z.bin
2009-06-21 14:16 . 2009-06-21 14:16 3518 ----a-w c:\windows\2159ste9l513z.dll
2009-06-19 15:55 . 2009-06-19 15:55 13801 ----a-w c:\windows\5931virz51.bin
2009-06-17 08:04 . 2009-06-17 08:04 5231 ----a-w c:\windows\d569par5e1006z.dll
2009-06-17 03:50 . 2009-06-17 03:50 8116 ----a-w c:\windows\system32\490spy145z.bin
2009-06-16 13:27 . 2009-06-16 13:27 5557 ----a-w c:\windows\18603vizu9ce5.exe
2009-06-15 05:21 . 2009-06-15 05:21 10436 ----a-w c:\windows\system32\9z40spambot159.exe
2009-06-14 09:56 . 2009-06-14 09:56 2584 ----a-w c:\windows\159bsparze1583.exe
2009-06-14 06:31 . 2009-06-14 06:31 9085 ----a-w c:\windows\system32\60z4vi5us19f.bin
2009-06-14 06:29 . 2009-06-14 06:29 3202 ----a-w c:\windows\system32\zb92vir5470.bin
2009-06-14 01:14 . 2009-06-14 01:14 13599 ----a-w c:\windows\system32\30415w9rm7ez.exe
2009-06-12 02:28 . 2009-06-12 02:28 16474 ----a-w c:\windows\31976tro5zf6.bin
2009-06-11 09:42 . 2009-06-11 09:42 4169 ----a-w c:\windows\system32\24614viru95z5.exe
2009-06-09 17:33 . 2009-06-09 17:33 12462 ----a-w c:\windows\22411vi5usz9f.exe
2009-06-05 17:19 . 2009-06-05 17:19 18248 ----a-w c:\windows\system32\5b4zdownloader9143.dll
2009-06-04 00:07 . 2009-06-04 00:07 16939 ----a-w c:\windows\289109irus5e6z.dll
2009-06-03 14:16 . 2009-06-03 14:16 15466 ----a-w c:\windows\7b81s9a5sz2409.bin
2009-06-01 06:43 . 2009-06-01 06:43 13581 ----a-w c:\windows\1a9e9ddwz5e2273.dll
2009-05-28 02:53 . 2009-05-28 02:53 7679 ----a-w c:\windows\system32\850zv9rus298.bin
2009-05-27 16:10 . 2009-05-27 16:10 8399 ----a-w c:\windows\system32\5z95wor9875.dll
2009-05-26 13:01 . 2009-05-26 13:01 10143 ----a-w c:\windows\system32\94797not-a-ziru57da.dll
2009-05-25 11:47 . 2009-05-25 11:47 9651 ----a-w c:\windows\system32\19585worz29a.bin
2009-05-24 09:31 . 2009-05-24 09:31 10524 ----a-w c:\windows\592z4wor9218.exe
2009-05-21 17:30 . 2009-05-21 17:30 7217 ----a-w c:\windows\system32\25695not-a-vzrus6ed9.bin
2009-05-19 13:52 . 2009-05-19 13:52 14794 ----a-w c:\windows\3950thief1z05.dll
2009-05-16 19:58 . 2009-05-16 19:58 0 ----a-w c:\documents and settings\Owner\settings.dat
2009-05-16 18:24 . 2009-05-16 18:24 -------- d-----w C:\RootkitNO
2009-05-16 16:49 . 2009-05-16 16:49 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-16 16:49 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 16:49 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 15:46 . 2009-05-16 15:46 2 --shatr c:\windows\winstart.bat
2009-05-16 15:46 . 2009-05-16 19:56 -------- d-----w c:\program files\UnHackMe
2009-05-16 14:01 . 2009-05-16 14:04 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-16 13:59 . 2009-05-16 13:59 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-16 13:59 . 2009-05-16 16:49 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-15 18:13 . 2009-05-15 18:13 86 ---ha-w C:\aaw7boot.cmd
2009-05-15 16:05 . 2009-05-15 18:18 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 15:56 . 2008-12-18 11:37 -------- d-----w c:\program files\OneStepSrch
2009-05-15 18:13 . 2005-01-23 12:01 -------- d-----w c:\program files\ICQToolbar
2009-05-08 17:32 . 2004-05-23 19:50 4127 -c--a-w c:\windows\viassary-hp.reg
2009-05-05 12:31 . 2009-02-10 14:50 339968 ----a-w c:\windows\system32\pythoncom25.dll
2009-05-05 12:31 . 2009-02-10 14:50 114688 ----a-w c:\windows\system32\pywintypes25.dll
2009-05-05 12:31 . 2009-02-10 14:50 2117632 ----a-w c:\windows\system32\python25.dll
2009-05-04 19:05 . 2009-05-04 19:05 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-05-04 19:05 . 2009-05-04 19:05 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-18 22:37 . 2004-01-26 10:23 -------- d-----w c:\program files\Java
2009-04-15 01:44 . 2009-04-15 01:44 5973 ----a-w c:\windows\system32\z952hacktool5de.exe
2009-04-12 12:53 . 2009-04-02 13:44 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-12 12:45 . 2009-04-12 12:44 -------- d-----w c:\program files\iTunes
2009-04-12 12:45 . 2009-04-12 12:45 -------- d-----w c:\program files\iPod
2009-04-12 12:44 . 2007-07-08 01:50 -------- d-----w c:\program files\Common Files\Apple
2009-04-10 01:16 . 2009-04-10 01:16 7706 ----a-w c:\windows\826znot9a-virus20a5.bin
2009-04-09 14:13 . 2009-04-09 14:13 8374 ----a-w c:\windows\2587not5a9vizus7fc.exe
2009-04-09 05:55 . 2009-04-09 05:55 17980 ----a-w c:\windows\9255nzt-9-virus349.bin

descriptionWinBlueSoft EmptyRe: WinBlueSoft16th May 2009, 9:34 pm

more_horiz
Hello.
Log was cut off, please post the rest.

Stand by for Origins answer.

descriptionWinBlueSoft EmptyRe: WinBlueSoft16th May 2009, 9:46 pm

more_horiz
2009-04-09 00:33 . 2009-04-09 00:33 9846 ----a-w c:\windows\system32\265z7hacktool59f9.dll
2009-04-04 17:38 . 2004-08-01 11:39 56880 -c--a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 17:36 . 2008-03-10 13:17 -------- d-----w c:\program files\Windows Live
2009-04-04 17:36 . 2009-04-04 17:36 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-04 17:34 . 2009-04-04 17:34 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-04 17:32 . 2009-04-04 17:32 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-03 11:24 . 2009-04-03 11:24 13249 ----a-w c:\windows\3893z5y6eb.dll
2009-04-02 13:44 . 2009-04-02 13:33 -------- d-----w c:\program files\Microsoft
2009-04-02 13:44 . 2009-04-02 13:44 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-04-02 13:26 . 2009-04-02 13:26 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-02 08:15 . 2009-04-02 08:15 5197 ----a-w c:\windows\system32\21625zpamb9t5fa.bin
2009-03-27 22:31 . 2009-03-27 22:31 2770 ----a-w c:\windows\system32\78c6spars92555z.dll
2009-03-25 06:54 . 2009-03-25 06:54 6441 ----a-w c:\windows\system32\399ztro555d.bin
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-14 23:27 . 2009-03-14 23:27 10787 ----a-w c:\windows\98247zackt5ol61e.dll
2009-03-11 09:39 . 2009-03-11 09:39 10741 ----a-w c:\windows\25907wzrm197.exe
2009-03-10 18:55 . 2009-03-10 18:55 6705 ----a-w c:\windows\system32\217529py58az.bin
2009-03-10 12:16 . 2009-03-10 12:16 7466 ----a-w c:\windows\system32\98295szy1e8.bin
2009-03-09 15:20 . 2009-03-09 15:20 9676 ----a-w c:\windows\152279o5m59bz.bin
2009-03-09 09:19 . 2008-12-02 05:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 22:22 . 2009-03-06 22:22 9948 ----a-w c:\windows\system32\29604zir5s4ad.bin
2009-03-06 14:22 . 2004-02-04 18:37 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 12:39 . 2009-03-06 12:39 7350 ----a-w c:\windows\z5733no9-a-virus596.dll
2009-03-06 09:23 . 2009-03-06 09:23 11465 ----a-w c:\windows\2a9bste5z2440.bin
2009-03-05 21:58 . 2009-03-05 21:58 6978 ----a-w c:\windows\5z799spambot681.exe
2009-03-03 00:18 . 2004-02-06 22:05 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-01 19:30 . 2009-03-01 19:30 9925 ----a-w c:\windows\258039ot-a-virus2dfz.bin
2009-03-01 04:57 . 2009-03-01 04:57 3335 ----a-w c:\windows\system32\14410zot-a9vir5s465.exe
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-18 18:31 . 2009-02-18 18:31 14621 ----a-w c:\windows\2z0755acktool399.exe
2009-02-18 05:46 . 2009-02-18 05:46 9997 ----a-w c:\windows\system32\24681spam9oz67d5.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2005-10-25 14892072]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"setup2.exe"="c:\windows\system32\setup2.exe" [2009-05-16 1097728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-13 180269]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-02-27 135168]
"SetDefPrt"="c:\program files\Brother\BRMFLPRO\BrDefPrt.exe" [2002-12-18 40960]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-04 29744]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-12-12 366400]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-21 98304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-1-26 16384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-29 67128]
Sierra Garden Planner Tray Application.lnk - c:\sierra\GPlan\CALTRAY.EXE [2004-5-29 32768]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-2-3 1568768]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"c:\\Westwood\\RA2\\game.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 OneStepSrch Service;OneStepSrch Service;c:\documents and settings\All Users\Application Data\OneStepSrch\onestep210.exe [1/8/2009 6:49 PM 4608]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
S2 mrtRate;mrtRate; [x]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [7/31/2004 3:55 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [7/31/2004 3:55 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [7/31/2004 3:55 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [7/31/2004 3:55 PM 10368]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/11/2007 7:46 AM 29744]
.
Contents of the 'Scheduled Tasks' folder

2009-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-16 c:\windows\Tasks\User_Feed_Synchronization-{ED66BDE5-8676-42CC-AF80-7684888F2EC8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 23:36]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
HKCU-Run-RecordNow! - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://srch-qca10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Note this (Google Notebook) - c:\program files\Google\Google Notebook\gnotes1.0.2.19-356756253.dll/gn_menu1.html
IE: Note this item (Google Notebook) - c:\program files\Google\Google Notebook\gnotes1.0.2.19-356756253.dll/gn_menu2.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6cru8cq.default\
FF - prefs.js: browser.startup.homepage - hxxp://sympatico.my.msn.com/default.aspx?mypg=1
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 16:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1427937640-3629286915-1191468878-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1384)
c:\docume~1\Owner\LOCALS~1\Temp\IadHide5.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\progra~1\PANICW~1\POP-UP~1\XAHook.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-16 16:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-16 20:56

Pre-Run: 129,594,396,672 bytes free
Post-Run: 129,626,648,576 bytes free

350 --- E O F --- 2009-04-29 22:02

My computer is lagging huge. I cant run the simplest thing. Please assist.

descriptionWinBlueSoft EmptyRe: WinBlueSoft17th May 2009, 1:29 am

more_horiz
What a mess you got there Yikes


Now open a new notepad file.
Input this into the notepad file:

KILLALL::


File::
c:\windows\system32\24681spam9oz67d5.dll
c:\windows\system32\24681spam9oz67d5.dll
c:\windows\system32\14410zot-a9vir5s465.exe
c:\windows\258039ot-a-virus2dfz.bin
c:\windows\5z799spambot681.exe
c:\windows\2a9bste5z2440.bin
c:\windows\z5733no9-a-virus596.dll
c:\windows\system32\29604zir5s4ad.bin
c:\windows\152279o5m59bz.bin
c:\windows\system32\98295szy1e8.bin
c:\windows\system32\217529py58az.bin
c:\windows\25907wzrm197.exe
c:\windows\98247zackt5ol61e.dll
c:\windows\system32\399ztro555d.bin
c:\windows\system32\78c6spars92555z.dll
c:\windows\system32\21625zpamb9t5fa.bin
c:\windows\3893z5y6eb.dll
c:\windows\system32\265z7hacktool59f9.dll
c:\windows\9255nzt-9-virus349.bin
c:\windows\9255nzt-9-virus349.bin
c:\windows\2587not5a9vizus7fc.exe
c:\windows\826znot9a-virus20a5.bin
c:\windows\system32\z952hacktool5de.exe
c:\windows\3950thief1z05.dll
c:\windows\system32\25695not-a-vzrus6ed9.bin
c:\windows\592z4wor9218.exe
c:\windows\system32\19585worz29a.bin
c:\windows\system32\94797not-a-ziru57da.dll
c:\windows\system32\5z95wor9875.dll
c:\windows\system32\850zv9rus298.bin
c:\windows\1a9e9ddwz5e2273.dll
c:\windows\7b81s9a5sz2409.bin
c:\windows\289109irus5e6z.dll
c:\windows\system32\5b4zdownloader9143.dll
c:\windows\22411vi5usz9f.exe
c:\windows\system32\24614viru95z5.exe
c:\windows\31976tro5zf6.bin
c:\windows\system32\30415w9rm7ez.exe
c:\windows\system32\zb92vir5470.bin
c:\windows\system32\60z4vi5us19f.bin
c:\windows\159bsparze1583.exe
c:\windows\system32\9z40spambot159.exe
c:\windows\18603vizu9ce5.exe
c:\windows\system32\490spy145z.bin
c:\windows\d569par5e1006z.dll
c:\windows\5931virz51.bin
c:\windows\2159ste9l513z.dll
c:\windows\13483hack95ol206z.bin
c:\windows\23544wo9z567.bin
c:\windows\system32\46b1spy9aze579.dll
c:\windows\system32\z7csteal29605.dll
c:\windows\system32\7dfc9ddwarz605.dll
c:\windows\3d4fszy5are19209.bin
c:\windows\5796spa9bot5dz.exe
c:\windows\z0421hac5t9ol40a.dll
c:\windows\56b8bzckdoor2859.exe
c:\windows\295259y3c1z.dll
c:\windows\5zd59hie580.exe
c:\windows\system32\65389hiez2394.exe
c:\windows\53z4backdoor1599.dll
c:\windows\system32\11453s5ambzt9d4.dll
c:\windows\system32\z99s9ambot45e5.dll
c:\windows\15292s5azbot6d8.bin
c:\windows\2389spamb5z251.exe
c:\windows\60zea9dwa5e773.bin
c:\windows\system32\95969tr5z750.dll
c:\windows\79z4spyw5re522.bin
c:\windows\10fczpywar9595.bin
c:\windows\z4314t5oj339.dll
c:\windows\20f4v9rz75.bin
c:\windows\5f59backdoo9z018.exe
c:\windows\system32\z81665py698.exe
c:\windows\system32\52398zpy9.dll
c:\windows\1650v9r735z.dll
c:\windows\system32\524zt95eat30607.bin
c:\windows\system32\7929spars5206z.bin
c:\windows\system32\51100not9azvirusfb.exe
c:\windows\2aza9ir566.bin
c:\windows\29459troj5z8.dll
c:\windows\67cedow5loa9er23z4.dll
c:\windows\812zspa59ot5f5.exe
c:\windows\system32\5090spy210z.dll
c:\windows\system32\2cdd5aczdoor9934.exe
c:\windows\system32\85tr9j15z.dll
c:\windows\system32\10z97hackto5l40f9.exe
c:\windows\system32\6a9fspa5sez007.dll
c:\windows\system32\95469pam5zt30f.dll
c:\windows\system32\2z23hackto9l3465.dll
c:\windows\system32\7550baczdoo92653.bin
c:\windows\4918thr5az217959.exe
c:\windows\18259zirus4419.dll
c:\windows\system32\26054ha9kt5oz23.dll
c:\windows\system32\19014tro5677z.exe
c:\windows\system32\799zthief2590.dll
c:\windows\system32\309athief5518z.bin
c:\windows\15z81not-a-vi5us699.dll
c:\windows\system32\29aspzware1055.exe
c:\windows\system32\30zd5pyware2912.dll
c:\windows\5d66spar9e4z9.bin
c:\windows\6c5fzac95oor441.exe
c:\windows\system32\39b4downlo5dzr9289.dll
c:\windows\system32\689zbackdoor5632.exe
c:\windows\system32\215zt9reat51082.bin
c:\windows\system32\39e9viz2850.dll
c:\windows\1z81ste5l2906.exe
c:\windows\9e5fspzrse409.dll
c:\windows\system32\9517vzru9456.bin
c:\windows\system32\3145szamb5t99c.bin
c:\windows\2e5fvzr9219.exe
c:\windows\50b3stea59165z.bin
c:\windows\system32\6405za9ktoo5b1.exe
c:\windows\13955py6f9z.exe
c:\windows\system32\991vir2z51.exe
c:\windows\system32\25czvi92674.exe
c:\windows\system32\16325z9cktool565.dll
c:\windows\55e5tzie9383.dll
c:\windows\system32\4e4zad9ware2056.exe
c:\windows\system32\7979spam5ot6dz.exe
c:\windows\system32\3192zspy759.bin
c:\windows\system32\z9d5ir1727.dll
c:\windows\56959tr9j2b1z.dll
c:\windows\system32\z6288wor59d.dll
c:\windows\system32\114za9dware6595.exe
c:\windows\5aab9parsz2254.exe
c:\windows\z097v5ru934b.exe
c:\windows\system32\z5654tro9552.bin
c:\windows\system32\4e69spzware5693.bin
c:\windows\3663ad9waze2555.exe
c:\windows\16958spz65b.bin
c:\windows\system32\14721s9am5oz137.exe
c:\windows\217959pamb5t3dz.dll
c:\windows\system32\1432b5zkdoor3936.exe
c:\windows\192695i9uz7ce.exe
c:\windows\system32\19425virus7aez.exe
c:\windows\5529sp54d2z.bin
c:\windows\system32\5z749spambot7a3.dll
c:\windows\system32\setup2.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"setup2.exe"=-


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
WinBlueSoft Sfxdaw

This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

descriptionWinBlueSoft EmptyRe: WinBlueSoft17th May 2009, 3:46 pm

more_horiz
Hey! I haven't done that yet. Here's whats happened - After the computer was lagging huge, I couldn't even access the sites. All my ram was be used. It was so bad, I did a system restore to April 30th, which in turn, got me back my ram and I could access the sites. I found also, using firefox that winblue soft does not block the websites only on IE. My mom woke up this morning (before me) to see an IE error message and clicked "Do not Send" After that win blue soft crashed (or so it seems) and we haven't had a problem yet. I also haven't restarted yet so I'm unsure if its fixed or? What do you think?

descriptionWinBlueSoft EmptyRe: WinBlueSoft17th May 2009, 5:32 pm

more_horiz
The virus could still be there prior to the system restore, please post a new HijackThis log.

descriptionWinBlueSoft EmptyRe: WinBlueSoft17th May 2009, 5:57 pm

more_horiz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:50 PM, on 5/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Documents and Settings\All Users\Application Data\OneStepSrch\onestep210.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\Sierra\GPlan\CALTRAY.EXE
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Stuff\Hijack(GP)This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qca10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {491AF6C5-21F2-46E1-C653-3DF529127D7B} - C:\WINDOWS\wcidBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {85CF4327-68DE-1974-B32E-766E84A9706C} - C:\WINDOWS\wcidBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-356756253.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-356756253.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe
O4 - HKCU\..\Run: [Antivirus_ProMFCT] C:\Program Files\SmitFraudFixPro\SmitFraudFixPro.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Sierra Garden Planner Tray Application.lnk = C:\Sierra\GPlan\CALTRAY.EXE
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-356756253.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-356756253.dll/gn_menu2.html
O9 - Extra button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - https://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - https://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - http://td.nortonconfidenceonline.com/plug-in/WSAS.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe (file missing)
O23 - Service: OneStepSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\OneStepSrch\onestep210.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12758 bytes

Sorry about that. I couldn't get onto anything.

descriptionWinBlueSoft EmptyRe: WinBlueSoft17th May 2009, 6:04 pm

more_horiz
The virus is still there,


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.

descriptionWinBlueSoft EmptyRe: WinBlueSoft19th May 2009, 4:50 pm

more_horiz
DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 12:49:15.81 on Tue 05/19/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.119 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Documents and Settings\All Users\Application Data\OneStepSrch\onestep210.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Sierra\GPlan\CALTRAY.EXE
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://srch-qca10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {491af6c5-21f2-46e1-c653-3df529127d7b} - c:\windows\wcidBHO.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: {85cf4327-68de-1974-b32e-766e84a9706c} - c:\windows\wcidBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: &Google Notebook: {ccccccd3-666f-4f81-8b69-745de9f6d897} - c:\program files\google\google notebook\gnotes1.0.2.19-356756253.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Google Notebook: {ccccccdb-4ddb-4703-95d4-dd2c526397bf} - c:\program files\google\google notebook\gnotes1.0.2.19-356756253.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Google Notebook: {ccccccdb-4ddb-4703-95d4-dd2c526397bf} - c:\program files\google\google notebook\gnotes1.0.2.19-356756253.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [PopUpStopperFreeEdition] "c:\progra~1\panicw~1\pop-up~1\PSFree.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [setup2.exe] c:\windows\system32\setup2.exe
uRun: [Antivirus_ProMFCT] c:\program files\smitfraudfixpro\SmitFraudFixPro.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [SetDefPrt] c:\program files\brother\brmflpro\BrDefPrt.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\1940576\program\BackWeb-1940576.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sierra~1.lnk - c:\sierra\gplan\CALTRAY.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartui.lnk - c:\program files\scansoft\paperport\smartui\SmartUI.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Note this (Google Notebook) - c:\program files\google\google notebook\gnotes1.0.2.19-356756253.dll/gn_menu1.html
IE: Note this item (Google Notebook) - c:\program files\google\google notebook\gnotes1.0.2.19-356756253.dll/gn_menu2.html
IE: {144FDEB7-A23D-4D39-A00E-AA44195535B6} - c:\windows\wcidButton.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

descriptionWinBlueSoft EmptyRe: WinBlueSoft19th May 2009, 4:51 pm

more_horiz
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - hxxp://td.nortonconfidenceonline.com/plug-in/WSAS.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\v6cru8cq.default\
FF - prefs.js: browser.startup.homepage - hxxp://sympatico.my.msn.com/default.aspx?mypg=1
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 OneStepSrch Service;OneStepSrch Service;c:\documents and settings\all users\application data\onestepsrch\onestep210.exe [2009-1-8 4608]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
S2 mrtRate;mrtRate; [x]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2004-7-31 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2004-7-31 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2004-7-31 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2004-7-31 10368]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-3-11 29744]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-10-6 1245064]

=============== Created Last 30 ================

2009-05-19 09:52 14,794 a------- c:\windows\3950thief1z05.dll
2009-05-19 05:34 13,363 a------- c:\windows\system32\93165rojz79.cpl
2009-05-18 19:49 16,800 a------- c:\windows\system32\19bast95lz8.cpl
2009-05-18 05:13 18,403 a------- c:\windows\954bbzckdoor714.cpl
2009-05-18 05:12 13,513 a------- c:\windows\system32\z8d9addware254.cpl
2009-05-17 08:29 5,023 a------- c:\windows\system32\22z51sp9478.cpl
2009-05-16 19:42 0 a------- c:\windows\system32\MSVolume.dll
2009-05-16 19:39 --d----- c:\program files\SmitFraudFixPro
2009-05-16 18:33 --d----- c:\program files\CrossLoop
2009-05-16 16:40 161,792 a------- c:\windows\SWREG.exe
2009-05-16 16:40 98,816 a------- c:\windows\sed.exe
2009-05-16 15:58 0 a------- c:\documents and settings\owner\settings.dat
2009-05-16 14:25 123 a------- c:\windows\rootkitno.ini
2009-05-16 14:24 --d----- C:\RootkitNO
2009-05-16 12:49 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-05-16 12:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-16 12:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 11:46 2 a--shrot c:\windows\winstart.bat
2009-05-16 11:46 --d----- c:\program files\UnHackMe
2009-05-16 09:59 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-16 09:59 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-15 14:13 86 a---h--- C:\aaw7boot.cmd
2009-05-15 06:09 9,110 a------- c:\windows\1f99stezl1985.bin
2009-05-13 15:07 9,200 a------- c:\windows\system32\15953trz9464.ocx
2009-05-12 22:34 16,745 a------- c:\windows\32z40hacktoo934c5.bin
2009-05-12 02:34 14,168 a------- c:\windows\9c15spywzre1310.dll
2009-05-10 03:47 17,703 a------- c:\windows\system32\208faddwzr9546.exe
2009-05-09 15:32 11,114 a------- c:\windows\system32\68bbza5kd9or709.exe
2009-05-08 21:28 5,275 a------- c:\windows\5258zormfd9.cpl
2009-05-08 12:21 7,771 a------- c:\windows\5bzds9arse796.bin
2009-05-08 06:50 5,761 a------- c:\windows\system32\be95zckdoor3112.cpl
2009-05-07 11:11 3,464 a------- c:\windows\43645o9nloadzr2021.dll
2009-05-07 01:54 11,256 a------- c:\windows\1c97threat2549z.bin
2009-05-06 16:02 5,515 a------- c:\windows\system32\59zas9eal559.bin
2009-05-06 13:44 17,878 a------- c:\windows\27195t5zj31a.ocx
2009-05-05 17:23 2,636 a------- c:\windows\system32\12290h9ckt5oz3cd.dll
2009-05-04 15:05 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-05-04 15:05 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-04 12:33 11,211 a------- c:\windows\system32\97ddazdware585.cpl
2009-05-01 10:41 10,679 a------- c:\windows\system32\193threz529214.bin
2009-04-26 05:33 15,579 a------- c:\windows\system32\53615spzmbot339.exe
2009-04-26 03:27 6,144 a------- c:\windows\system32\1d98tzief4375.cpl
2009-04-25 13:44 6,312 a------- c:\windows\system32\419z5t9al2172.cpl
2009-04-22 06:22 16,658 a------- c:\windows\system32\23d6zownlo5der3914.exe
2009-04-21 10:37 6,292 a------- c:\windows\3z53spars9434.bin
2009-04-20 03:18 17,857 a------- c:\windows\system32\700zsp5ware9258.ocx

==================== Find3M ====================

2009-05-16 20:42 4,127 ac------ c:\windows\viassary-hp.reg
2009-05-14 15:45 156,582 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-05-05 08:31 339,968 a------- c:\windows\system32\pythoncom25.dll
2009-05-05 08:31 2,117,632 a------- c:\windows\system32\python25.dll
2009-05-05 08:31 114,688 a------- c:\windows\system32\pywintypes25.dll
2009-04-18 00:03 3,107 a------- c:\windows\system32\4949dzw5loader2376.bin
2009-04-17 08:27 11,223 a------- c:\windows\44bzdo9nloader21615.dll
2009-04-14 21:44 5,973 a------- c:\windows\system32\z952hacktool5de.exe
2009-04-09 21:16 7,706 a------- c:\windows\826znot9a-virus20a5.bin
2009-04-09 10:13 8,374 a------- c:\windows\2587not5a9vizus7fc.exe
2009-04-09 01:55 17,980 a------- c:\windows\9255nzt-9-virus349.bin
2009-04-08 20:33 9,846 a------- c:\windows\system32\265z7hacktool59f9.dll
2009-04-03 07:24 13,249 a------- c:\windows\3893z5y6eb.dll
2009-04-02 04:15 5,197 a------- c:\windows\system32\21625zpamb9t5fa.bin
2009-03-27 18:31 2,770 a------- c:\windows\system32\78c6spars92555z.dll
2009-03-25 02:54 6,441 a------- c:\windows\system32\399ztro555d.bin
2009-03-14 19:27 10,787 a------- c:\windows\98247zackt5ol61e.dll
2009-03-11 05:39 10,741 a------- c:\windows\25907wzrm197.exe
2009-03-10 14:55 6,705 a------- c:\windows\system32\217529py58az.bin
2009-03-10 08:16 7,466 a------- c:\windows\system32\98295szy1e8.bin
2009-03-09 11:20 9,676 a------- c:\windows\152279o5m59bz.bin
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 18:22 9,948 a------- c:\windows\system32\29604zir5s4ad.bin
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 08:39 7,350 a------- c:\windows\z5733no9-a-virus596.dll
2009-03-06 05:23 11,465 a------- c:\windows\2a9bste5z2440.bin
2009-03-05 17:58 6,978 a------- c:\windows\5z799spambot681.exe
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-01 15:30 9,925 a------- c:\windows\258039ot-a-virus2dfz.bin
2009-03-01 00:57 3,335 a------- c:\windows\system32\14410zot-a9vir5s465.exe
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-18 14:31 14,621 a------- c:\windows\2z0755acktool399.exe
2002-06-04 11:06 65,536 -c------ c:\windows\inf\copyinf.exe
2008-09-12 06:33 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 12:49:58.18 ===============

descriptionWinBlueSoft EmptyRe: WinBlueSoft20th May 2009, 1:10 am

more_horiz

  • Download combofix from here
    Link 1
    Link 2
  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    WinBlueSoft Rcauto10

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    WinBlueSoft Whatne10

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionWinBlueSoft EmptyRe: WinBlueSoft20th May 2009, 3:17 pm

more_horiz
Hey I went to run combofix and I received a Microsoft error stating pev.cfexe has encountered an error and needs to close.

descriptionWinBlueSoft EmptyRe: WinBlueSoft20th May 2009, 3:29 pm

more_horiz
Try running it again, or re-download it again.

descriptionWinBlueSoft EmptyRe: WinBlueSoft20th May 2009, 4:07 pm

more_horiz
Hey! My computer aint lagging :o)

Heres the results :


ComboFix 09-05-19.08 - Owner 05/20/2009 11:51.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.188 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Owner\Local Settings\temp\IadHide5.dll
c:\windows\10ezhreat25393.ocx
c:\windows\10fczpywar9595.bin
c:\windows\10z95spambot270.cpl
c:\windows\11461n95-a-vzrus224.bin
c:\windows\115zw5rm679.bin
c:\windows\119409zc5tool124.ocx
c:\windows\11979hiefz2275.ocx
c:\windows\119faz9w5re1685.dll
c:\windows\11z92troj152.ocx
c:\windows\1217not-a-9z5us5f2.cpl
c:\windows\12303n9t-a-viruz4985.cpl
c:\windows\12427h9c5zool502.bin
c:\windows\1298ba5kdo9rz62.bin
c:\windows\13483hack95ol206z.bin
c:\windows\135z6sp9905.dll
c:\windows\135zthrea58191.exe
c:\windows\13955py6f9z.exe
c:\windows\14149h5cktool9z4.ocx
c:\windows\14549not-azvir9s7a0.exe
c:\windows\1475zv9rus57.bin
c:\windows\14907hackto9l2az5.ocx
c:\windows\15127tr9z350.ocx
c:\windows\152279o5m59bz.bin
c:\windows\15292s5azbot6d8.bin
c:\windows\1567add9ar5z405.bin
c:\windows\15744noz-a-virus799.cpl
c:\windows\157z3not-a-v9rus78f.ocx
c:\windows\159bsparze1583.exe
c:\windows\15z81not-a-vi5us699.dll
c:\windows\1608z9a5ktool4ed.exe
c:\windows\16419not-a9viruz3985.exe
c:\windows\1650v9r735z.dll
c:\windows\16958spz65b.bin
c:\windows\1695wor9z8d.cpl
c:\windows\17356spzmbot9b5.dll
c:\windows\173bv9z5133.bin
c:\windows\1750zwo9m4ac.bin
c:\windows\1753t9oj415z.cpl
c:\windows\17671spz5bot924.exe
c:\windows\17844v5zus579.ocx
c:\windows\17943viru55z.cpl
c:\windows\17981zor5618.ocx
c:\windows\18259zirus4419.dll
c:\windows\184dsz9ware20185.dll
c:\windows\1859thief30z59.ocx
c:\windows\18603vizu9ce5.exe
c:\windows\18905not5a-v9rzs537.dll
c:\windows\18zf9ddwa5e472.exe
c:\windows\1901h5cktool3b2z.cpl
c:\windows\19050wormz49.dll
c:\windows\19080worz795.cpl
c:\windows\19095spamz5t641.ocx
c:\windows\192695i9uz7ce.exe
c:\windows\193455ot-azvirus7b7.ocx
c:\windows\19385vzruse9.ocx
c:\windows\19451za5ktoold9.ocx
c:\windows\1952t9ojz86.dll
c:\windows\198viz25595.dll
c:\windows\1997znot-5-virus619.ocx
c:\windows\1a95tezl1321.bin
c:\windows\1a9e9ddwz5e2273.dll
c:\windows\1ad0sparsez8995.ocx
c:\windows\1c18do5nloadzr197.bin
c:\windows\1c50ste5l2679z.cpl
c:\windows\1c75addware9z0.dll
c:\windows\1c97threat2549z.bin
c:\windows\1e69zownload9r5556.exe
c:\windows\1f37d5wnzoa9er625.cpl
c:\windows\1f5cdownloa9er245z.dll
c:\windows\1f8zthr9at14825.exe
c:\windows\1f99stezl1985.bin
c:\windows\1z2a9h5ef1421.exe
c:\windows\1z593viru55c09.ocx
c:\windows\1z59ha9kt5olbc.cpl
c:\windows\1z81ste5l2906.exe
c:\windows\1z987wo9m75.dll
c:\windows\1zd8th59f301.cpl
c:\windows\20073spambotz259.cpl
c:\windows\20160w9r53za.dll
c:\windows\20705zro9184.cpl
c:\windows\20856spz699.bin
c:\windows\20dft9ie5306z.cpl
c:\windows\20f4v9rz75.bin
c:\windows\20z37spa9bot5b.bin
c:\windows\21179not-a-vizus4f95.bin
c:\windows\213a5hiez59.dll
c:\windows\2159ste9l513z.dll
c:\windows\21738sz9584.exe
c:\windows\2178not-z-vir5s49b.ocx
c:\windows\217959pamb5t3dz.dll
c:\windows\21z9no9-a-v5rus209.exe
c:\windows\22125zwnloader779.dll
c:\windows\22411vi5usz9f.exe
c:\windows\22557zot-a-vi9us5a6.dll
c:\windows\2269spzrse5095.dll
c:\windows\2269threat2z085.cpl
c:\windows\228bszeal18995.ocx
c:\windows\22z19worm155.dll
c:\windows\22z40not-9-virus5b8.cpl
c:\windows\23148hazk5ool419.ocx
c:\windows\23536spambzt1c39.bin
c:\windows\23544wo9z567.bin
c:\windows\2389spamb5z251.exe
c:\windows\23z66n5t-a9virus323.ocx
c:\windows\24293trzj705.ocx
c:\windows\248189ackto5l1d4z.cpl
c:\windows\2520steal21z29.bin
c:\windows\25225spy9z55.ocx
c:\windows\252859zambot3be.dll
c:\windows\25293wzrm7cc.cpl
c:\windows\254779pamb5z5c2.dll
c:\windows\25576tzoj971.cpl
c:\windows\258039ot-a-virus2dfz.bin
c:\windows\2587not5a9vizus7fc.exe
c:\windows\25907wzrm197.exe
c:\windows\25952wor95d4z.ocx
c:\windows\2599hief13z0.dll
c:\windows\26zthie59690.cpl
c:\windows\27195t5zj31a.ocx
c:\windows\273625zru9339.ocx
c:\windows\27472sp59ze.dll
c:\windows\27910s5ambot6bz.dll
c:\windows\2796downloazer2531.ocx
c:\windows\28533w9r53dz.dll
c:\windows\2856tz5ef1197.dll
c:\windows\28587hac9tozl31c.dll
c:\windows\289109irus5e6z.dll
c:\windows\289z9sp52b.dll
c:\windows\29095iz2674.bin
c:\windows\29193sz564f.ocx
c:\windows\292fthreat54z5.cpl
c:\windows\293fs9arse3105z.bin
c:\windows\29459troj5z8.dll
c:\windows\295259y3c1z.dll
c:\windows\29535s5amboz54.ocx
c:\windows\29589pzrse2536.cpl
c:\windows\295zhacktool253.ocx
c:\windows\29634vizus5e5.cpl
c:\windows\29724hack5z9l456.bin
c:\windows\29998not-azv5rus9ef.bin
c:\windows\29c8vir25z95.ocx
c:\windows\2a9bste5z2440.bin
c:\windows\2aza9ir566.bin
c:\windows\2b51st9al15z7.ocx
c:\windows\2b64v5r1z429.ocx
c:\windows\2b87downloa9erz255.ocx
c:\windows\2c33spyzar914695.dll
c:\windows\2d05doznl9ader2982.ocx
c:\windows\2e5fvzr9219.exe
c:\windows\2f05azdware9069.bin
c:\windows\2f2zsp95se2565.exe
c:\windows\2z0755acktool399.exe
c:\windows\2z339hac5tool730.cpl
c:\windows\2z429n9t-a-virus625.exe
c:\windows\2zadspyw5r9280.exe
c:\windows\306ethre951060z.ocx
c:\windows\30990hacktzo94865.ocx
c:\windows\30z225irus19d.ocx
c:\windows\31458s9ambot644z.ocx
c:\windows\31976tro5zf6.bin
c:\windows\32096tz5j3f9.bin
c:\windows\32595virus4bz.dll
c:\windows\32996spambotz385.dll
c:\windows\32z40hacktoo934c5.bin
c:\windows\33c9do5nloader15z6.dll
c:\windows\33c9zpywa5e2969.dll
c:\windows\33fadownlo9dzr3157.cpl
c:\windows\35dft5iez9077.exe
c:\windows\3663ad9waze2555.exe
c:\windows\37ezst95l1496.cpl
c:\windows\385fstea91z17.cpl
c:\windows\3893z5y6eb.dll
c:\windows\392ab5ckdoor10z59.exe
c:\windows\3950thief1z05.dll
c:\windows\395adownzoader970.exe
c:\windows\39zcdow5loader697.ocx
c:\windows\3a89spars5z939.ocx
c:\windows\3azfa9dwa5e1106.ocx
c:\windows\3bd9st5zl1579.dll
c:\windows\3c89th5efz109.ocx
c:\windows\3d33d5wnzoader2899.exe
c:\windows\3d4fszy5are19209.bin
c:\windows\3ed9thi5fz834.bin
c:\windows\3z00s5y695.cpl
c:\windows\3z08thre5t19756.bin
c:\windows\3z36no5-a-vi9us3aa.cpl
c:\windows\3z53spars9434.bin
c:\windows\3z74addw9re1305.dll
c:\windows\4029threaz22053.ocx
c:\windows\4091st5zl1976.bin
c:\windows\410fz9ief2554.bin
c:\windows\4159szarse680.dll
c:\windows\428ft9i5f1z55.exe
c:\windows\42d2thr5zt9917.bin
c:\windows\43645o9nloadzr2021.dll
c:\windows\445f9teal226z.ocx
c:\windows\44bzdo9nloader21615.dll
c:\windows\4506steaz913.ocx
c:\windows\456edoznlo9der2139.bin
c:\windows\45caddware9z95.bin
c:\windows\46b4t9rea52z891.bin
c:\windows\4780troj952z.ocx
c:\windows\4780zpamb9t51d.cpl
c:\windows\47f4addwzre5179.dll
c:\windows\4918thr5az217959.exe
c:\windows\495daddzare1255.cpl
c:\windows\4cb9threat5402z.cpl
c:\windows\4d4zthrea597668.ocx
c:\windows\4dc7th9ef2545z.bin
c:\windows\4z599teal1526.bin
c:\windows\505atzief2497.ocx
c:\windows\505ziru93c.ocx
c:\windows\5075wozm5df9.dll
c:\windows\50b3stea59165z.bin
c:\windows\50z9thief2452.cpl
c:\windows\51069zr650.bin
c:\windows\5195thief52z5.cpl
c:\windows\51bz95arse1816.ocx
c:\windows\520cdow9zoader358.bin
c:\windows\5247viz6795.cpl
c:\windows\5258zormfd9.cpl
c:\windows\5259sparsez725.exe
c:\windows\5293zot-a-virus751.cpl
c:\windows\52cdzownl9a5er2768.bin
c:\windows\52fas9zware1475.dll
c:\windows\52z49orm55a.cpl
c:\windows\5345spar5ez394.ocx
c:\windows\5374spzwa591231.ocx
c:\windows\5394spywarz2437.bin
c:\windows\53b5vir3964z.cpl
c:\windows\53fds9e5l901z.bin
c:\windows\53z4backdoor1599.dll
c:\windows\5434worm44z9.bin
c:\windows\54z3spy952.dll
c:\windows\5529sp54d2z.bin
c:\windows\553dbackdoz9490.bin
c:\windows\55e5tzie9383.dll
c:\windows\55z4worm36a9.ocx
c:\windows\5620s5eal295z.bin
c:\windows\5650back9oorz052.ocx
c:\windows\56959tr9j2b1z.dll
c:\windows\56b8bzckdoor2859.exe
c:\windows\56c3azd5are1928.bin
c:\windows\56vi969z.cpl
c:\windows\5706vir238z9.exe
c:\windows\5796spa9bot5dz.exe
c:\windows\57b859yzare822.exe
c:\windows\57c8zownloader5259.dll
c:\windows\57zfthief7839.bin
c:\windows\5845w9rm3z8.ocx
c:\windows\585sp9529z.dll
c:\windows\58628zpy591.exe
c:\windows\58917spy499z.cpl
c:\windows\5894bzc9door1462.exe
c:\windows\592z4wor9218.exe
c:\windows\5931virz51.bin
c:\windows\59496hacktozl76d.dll
c:\windows\5992d5wnloazer2108.exe
c:\windows\59z1spars51597.ocx
c:\windows\5a1zsteal2098.ocx
c:\windows\5aab9parsz2254.exe
c:\windows\5b58s95wzre2409.cpl
c:\windows\5b93zte9l1552.dll
c:\windows\5bzds9arse796.bin
c:\windows\5c89viz2655.bin
c:\windows\5cc7spy5are29z7.ocx
c:\windows\5d55s9eal2122z.ocx
c:\windows\5d66spar9e4z9.bin
c:\windows\5d7zvir15329.exe
c:\windows\5db99zarse2694.dll
c:\windows\5dcedoznloa5e9972.bin
c:\windows\5de5backd9zr2667.cpl
c:\windows\5dezs5arse25589.dll
c:\windows\5e3espywa9e59z.dll
c:\windows\5e59stzal9134.cpl
c:\windows\5f09zi57439.dll
c:\windows\5f59backdoo9z018.exe
c:\windows\5fdd9zr24445.exe
c:\windows\5z25worm976.exe
c:\windows\5z799spambot681.exe
c:\windows\5zc4thr59t30971.ocx
c:\windows\5zd59hie580.exe
c:\windows\60zea9dwa5e773.bin
c:\windows\615cspars987z.bin
c:\windows\6175szywa9e486.ocx
c:\windows\62e5ownl9zder185.dll
c:\windows\635z9o5nloader974.cpl
c:\windows\649ebackdoor2558z.bin
c:\windows\65adszeal1099.ocx
c:\windows\65c1threaz141779.exe
c:\windows\66cet9zef5691.ocx
c:\windows\67cedow5loa9er23z4.dll
c:\windows\69065py5a9z.exe
c:\windows\69315teaz2031.dll
c:\windows\693fviz5704.bin
c:\windows\693z5py9a0.dll
c:\windows\6c5fzac95oor441.exe
c:\windows\6d549pyzar51899.ocx
c:\windows\6d5bthief907z.exe
c:\windows\6dzdsparse1959.ocx
c:\windows\6e3cszywar92825.cpl
c:\windows\6edas5ars93236z.cpl
c:\windows\6f5cthrea5923z7.cpl
c:\windows\6fb3tzrea592995.dll
c:\windows\6z57spa9se1645.ocx
c:\windows\6z5adownlo9der54.cpl
c:\windows\6z60spywar91575.cpl
c:\windows\74b0thr5at29757z.ocx
c:\windows\7535spzmbo918a.cpl
c:\windows\7559troj69dz.ocx
c:\windows\759zdownlo5d9r1161.cpl
c:\windows\7665tr9j74z.exe
c:\windows\7802adzwar52649.ocx
c:\windows\7823v9zu5774.dll

descriptionWinBlueSoft EmptyRe: WinBlueSoft20th May 2009, 4:09 pm

more_horiz
c:\windows\7933sp591z.cpl
c:\windows\7970steal1456z.cpl
c:\windows\79e9threaz66425.bin
c:\windows\79f7v5r3257z.cpl
c:\windows\79z4spyw5re522.bin
c:\windows\7b81s9a5sz2409.bin
c:\windows\7fb5downloaz9r647.cpl
c:\windows\812zspa59ot5f5.exe
c:\windows\8196zo5m489.cpl
c:\windows\826znot9a-virus20a5.bin
c:\windows\833sp96z5.bin
c:\windows\84fthrea592129z.bin
c:\windows\8883spazb5t9ee.dll
c:\windows\8z02h9cktool6965.bin
c:\windows\8z95not95-virus469.cpl
c:\windows\90405h5cztool5f3.ocx
c:\windows\9132s5azse1364.ocx
c:\windows\91385spy5az.exe
c:\windows\919965ackzool485.dll
c:\windows\92505v5zus1af.ocx
c:\windows\9255nzt-9-virus349.bin
c:\windows\92581virus6z.ocx
c:\windows\9296steal2564z.cpl
c:\windows\92z47tr5j730.ocx
c:\windows\93bzv5r1429.dll
c:\windows\9415spyzbf.ocx
c:\windows\954bbzckdoor714.cpl
c:\windows\95dzspyware3134.exe
c:\windows\960z8spy751.ocx
c:\windows\96eevz52398.dll
c:\windows\9795troj5az9.cpl
c:\windows\97d8thze5t12490.ocx
c:\windows\98247zackt5ol61e.dll
c:\windows\9929spyw5re625z.exe
c:\windows\996zsp551c.ocx
c:\windows\99874not-a-vi5uzc8.ocx
c:\windows\99906spambot6z85.cpl
c:\windows\99952spy1caz.cpl
c:\windows\9c15spywzre1310.dll
c:\windows\9c19pyzare2135.ocx
c:\windows\9e5fspzrse409.dll
c:\windows\a105hief239z.ocx
c:\windows\bb2zackdoor5009.exe
c:\windows\c0ad9warez9735.dll
c:\windows\d569par5e1006z.dll
c:\windows\dda9zyware5559.exe
c:\windows\f50addw9ze516.bin
c:\windows\system32\104viz4759.ocx
c:\windows\system32\1095zspambot26f.cpl
c:\windows\system32\10z97hackto5l40f9.exe
c:\windows\system32\11095py79z.dll
c:\windows\system32\11453s5ambzt9d4.dll
c:\windows\system32\114za9dware6595.exe
c:\windows\system32\119z5ackdoor727.cpl
c:\windows\system32\12168zpa9bot855.cpl
c:\windows\system32\12290h9ckt5oz3cd.dll
c:\windows\system32\1254zs9ambot1b2.dll
c:\windows\system32\1279zh9ck5ool514.bin
c:\windows\system32\13056sp9mboz714.bin
c:\windows\system32\13113zackt9o54f2.exe
c:\windows\system32\132205ot-a-zirus9bb.cpl
c:\windows\system32\13347spz951.dll
c:\windows\system32\13515roj4zf9.ocx
c:\windows\system32\13553hack9oolz15.ocx
c:\windows\system32\13755zo9m4bf.exe
c:\windows\system32\1389zdd5are861.dll
c:\windows\system32\1432b5zkdoor3936.exe
c:\windows\system32\14335hacktoolz9d.exe
c:\windows\system32\14405wormz90.ocx
c:\windows\system32\14410zot-a9vir5s465.exe
c:\windows\system32\1453sz9ware2249.cpl
c:\windows\system32\14721s9am5oz137.exe
c:\windows\system32\1478zwor942d5.ocx
c:\windows\system32\14856zpambot9a0.ocx
c:\windows\system32\1523wzrm7659.dll
c:\windows\system32\157285ot-azvirus1bb9.exe
c:\windows\system32\15796s9z345.ocx
c:\windows\system32\15953trz9464.ocx
c:\windows\system32\16004viz5s696.cpl
c:\windows\system32\16178z5rus4849.bin
c:\windows\system32\16325z9cktool565.dll
c:\windows\system32\1640back9ooz1552.cpl
c:\windows\system32\16508hac9toolz3c.exe
c:\windows\system32\16800n9t-z-virus155.cpl
c:\windows\system32\1691thze5t20998.exe
c:\windows\system32\1706zspa5bot491.ocx
c:\windows\system32\1709addw5rez191.cpl
c:\windows\system32\1716worz5a59.cpl
c:\windows\system32\17568vi9usz0e.cpl
c:\windows\system32\1759z5py4eb.ocx
c:\windows\system32\17844s9y50bz.bin
c:\windows\system32\18449hzc5tool4d9.cpl
c:\windows\system32\18506spambo558z9.bin
c:\windows\system32\18719wor9za5.ocx
c:\windows\system32\18z85w9rm175.exe
c:\windows\system32\19014tro5677z.exe
c:\windows\system32\19195n9t-a5virzsd2.dll
c:\windows\system32\193threz529214.bin
c:\windows\system32\19406v5r9z342.bin
c:\windows\system32\19425virus7aez.exe
c:\windows\system32\19585worz29a.bin
c:\windows\system32\195z05orm4919.dll
c:\windows\system32\19775trojz9d.cpl
c:\windows\system32\19905not-a-vzru5521.ocx
c:\windows\system32\19a5sparse1z63.bin
c:\windows\system32\19bast95lz8.cpl
c:\windows\system32\1a5espzrse5596.ocx
c:\windows\system32\1cd9a5dw9ze2754.bin
c:\windows\system32\1d5caddwzre9200.dll
c:\windows\system32\1d98tzief4375.cpl
c:\windows\system32\1e885zwnload9r2467.ocx
c:\windows\system32\1e89z5eal95.ocx
c:\windows\system32\1f81ba5kdo9r2z65.ocx
c:\windows\system32\1z0fspywar52919.dll
c:\windows\system32\1z551t5oj994.bin
c:\windows\system32\1z69spyware9695.ocx
c:\windows\system32\1z970vi59s766.cpl
c:\windows\system32\2057s9z288.bin
c:\windows\system32\208faddwzr9546.exe
c:\windows\system32\21097wo9m544z.cpl
c:\windows\system32\21391wo5z50f.cpl
c:\windows\system32\215zt9reat51082.bin
c:\windows\system32\21625zpamb9t5fa.bin
c:\windows\system32\217529py58az.bin
c:\windows\system32\219zspambot665.ocx
c:\windows\system32\22z51sp9478.cpl
c:\windows\system32\2351v5rzs4779.ocx
c:\windows\system32\23995spyzf5.exe
c:\windows\system32\23caszarse25839.ocx
c:\windows\system32\23d6zownlo5der3914.exe
c:\windows\system32\23zdspa59e2274.cpl
c:\windows\system32\24362sp56c9z.ocx
c:\windows\system32\24474hac9toolz85.cpl
c:\windows\system32\2452sparse9514z.dll
c:\windows\system32\24614viru95z5.exe
c:\windows\system32\24681spam9oz67d5.dll
c:\windows\system32\24859pzwar51579.ocx
c:\windows\system32\2494spars9465z.bin
c:\windows\system32\2542z9py485.ocx
c:\windows\system32\25525notz9-virus6d7.bin
c:\windows\system32\2560zha9ktool21f.exe
c:\windows\system32\25695not-a-vzrus6ed9.bin
c:\windows\system32\25c5virz39.bin
c:\windows\system32\25czvi92674.exe
c:\windows\system32\26054ha9kt5oz23.dll
c:\windows\system32\26343hacz5ool4639.ocx
c:\windows\system32\26552spamb9tza5.cpl
c:\windows\system32\265z7hacktool59f9.dll
c:\windows\system32\26dczhi5910.cpl
c:\windows\system32\26e4addwarz595.exe
c:\windows\system32\26e65tea9208z.cpl
c:\windows\system32\273449izusb95.bin
c:\windows\system32\27796v9zu57c.cpl
c:\windows\system32\27978not-z-5irus583.cpl
c:\windows\system32\28130spaz59t224.bin
c:\windows\system32\282ddow9loader1z355.dll
c:\windows\system32\2851dzwnloader9235.exe
c:\windows\system32\28732zorm15d9.exe
c:\windows\system32\28888haz9tool1b5.ocx
c:\windows\system32\29089sp9mbot71z5.cpl
c:\windows\system32\291zbackdoo59991.exe
c:\windows\system32\29249virus55z.dll
c:\windows\system32\29255py75z.bin
c:\windows\system32\29384zpy599.ocx
c:\windows\system32\2940ztr9jc45.ocx
c:\windows\system32\294tro955z.exe
c:\windows\system32\295z9wor55e2.cpl
c:\windows\system32\29604zir5s4ad.bin
c:\windows\system32\297989o5z5e2.ocx
c:\windows\system32\2987z5roj313.cpl
c:\windows\system32\29aspzware1055.exe
c:\windows\system32\29z5hacktool7e4.ocx
c:\windows\system32\2b969ddzare805.ocx
c:\windows\system32\2bbfzownlo5de9811.cpl
c:\windows\system32\2cdd5aczdoor9934.exe
c:\windows\system32\2e39zhreat5456.ocx
c:\windows\system32\2ee59iz1995.bin
c:\windows\system32\2ez4s59ware1465.dll
c:\windows\system32\2ez7thi95121.cpl
c:\windows\system32\2f5zad5ware869.dll
c:\windows\system32\2z053s9y457.ocx
c:\windows\system32\2z23hackto9l3465.dll
c:\windows\system32\2z50sparse2989.cpl
c:\windows\system32\2z52sp5rs91530.ocx
c:\windows\system32\2z565not9a-virus629.ocx
c:\windows\system32\2ze6downloader31395.cpl
c:\windows\system32\30415w9rm7ez.exe
c:\windows\system32\3045t9iez5182.ocx
c:\windows\system32\309athief5518z.bin
c:\windows\system32\30zd5pyware2912.dll
c:\windows\system32\3145szamb5t99c.bin
c:\windows\system32\3192zspy759.bin
c:\windows\system32\3211spam9ot5z.dll
c:\windows\system32\333zh9cktool5e3.cpl
c:\windows\system32\344szy2195.ocx
c:\windows\system32\3460vzrus2a95.cpl
c:\windows\system32\34f8ad9zare2519.dll
c:\windows\system32\3559zddwar93160.ocx
c:\windows\system32\35972zroj58b.cpl
c:\windows\system32\35973vizus5ac.cpl
c:\windows\system32\35bddown95ader50z.bin
c:\windows\system32\38159parse556z.ocx
c:\windows\system32\39369i5325z.ocx
c:\windows\system32\39782wozm153.ocx
c:\windows\system32\399ddownloade532z9.dll
c:\windows\system32\399ztro555d.bin
c:\windows\system32\39b4downlo5dzr9289.dll
c:\windows\system32\39e9viz2850.dll
c:\windows\system32\3d6zth5ef917.ocx
c:\windows\system32\3z99spam5ot178.bin
c:\windows\system32\3z9bspa5se2846.ocx
c:\windows\system32\3zf95teal2766.ocx
c:\windows\system32\409bbzckdoo527159.cpl
c:\windows\system32\41499r5j4e2z.dll
c:\windows\system32\419z5t9al2172.cpl
c:\windows\system32\422zs5e9l317.ocx
c:\windows\system32\4280ste9z21205.cpl
c:\windows\system32\4509n5t-a-virzs3b19.cpl
c:\windows\system32\4535vir497z.exe
c:\windows\system32\4573h5cktool72z9.cpl
c:\windows\system32\45bfd9znloader306.cpl
c:\windows\system32\46b1spy9aze579.dll
c:\windows\system32\46z0bac5door9709.exe
c:\windows\system32\4908szy952.ocx
c:\windows\system32\490spy145z.bin
c:\windows\system32\4949dzw5loader2376.bin
c:\windows\system32\4b589hiez86.ocx
c:\windows\system32\4ba1thief9563z.bin
c:\windows\system32\4c45ddwarz1899.dll
c:\windows\system32\4d8bbackdooz895.cpl
c:\windows\system32\4df59zr2582.exe
c:\windows\system32\4e3bs5e9l2503z.exe
c:\windows\system32\4e4zad9ware2056.exe
c:\windows\system32\4e69spzware5693.bin
c:\windows\system32\4e85z9ywar5991.bin
c:\windows\system32\5024w5rm17z9.dll
c:\windows\system32\5052bac9dzor3147.ocx
c:\windows\system32\506zthrea526907.ocx
c:\windows\system32\50825hz9ktool7b5.cpl
c:\windows\system32\5090spy210z.dll
c:\windows\system32\5094st9al1z7.ocx
c:\windows\system32\51100not9azvirusfb.exe
c:\windows\system32\51878hackz9ol28b.exe
c:\windows\system32\519729zojd0.cpl
c:\windows\system32\5205thief941z.exe
c:\windows\system32\524zt95eat30607.bin
c:\windows\system32\52856sp9mzot5ea.dll
c:\windows\system32\529adownloz59r1244.cpl
c:\windows\system32\529zspy5f5.cpl
c:\windows\system32\53615spzmbot339.exe
c:\windows\system32\53e4th9ef2z12.bin
c:\windows\system32\54599zpy98.cpl
c:\windows\system32\549zvirus155.bin
c:\windows\system32\54c3addwar52z96.bin
c:\windows\system32\5549pambot1d6z.cpl
c:\windows\system32\55b55ddw9ze323.cpl
c:\windows\system32\5659tzoj792.exe
c:\windows\system32\5679spz3d7.cpl
c:\windows\system32\56z5backdoor2193.dll
c:\windows\system32\56zbvi914365.ocx
c:\windows\system32\57095troz9d0.cpl
c:\windows\system32\5738vir1z995.exe
c:\windows\system32\5798baz9door2965.exe
c:\windows\system32\5819addzare25289.bin
c:\windows\system32\582949irus29dz.ocx
c:\windows\system32\58a5threat1739z.cpl
c:\windows\system32\58z5vi91489.cpl
c:\windows\system32\590szar5e3156.ocx
c:\windows\system32\5911not-a-vzrus1b7.cpl
c:\windows\system32\59275rojzab.exe
c:\windows\system32\59391spyzf.cpl
c:\windows\system32\5988a5dwaze2835.dll
c:\windows\system32\59bvzr855.ocx
c:\windows\system32\59zas9eal559.bin
c:\windows\system32\5a52dow5lozder32589.dll
c:\windows\system32\5az8s9arse1879.bin
c:\windows\system32\5b4bz95eat4445.bin
c:\windows\system32\5b4zdownloader9143.dll
c:\windows\system32\5c99sp5waze2088.cpl
c:\windows\system32\5d93downl5ader1z02.dll
c:\windows\system32\5e75zackdoor497.dll
c:\windows\system32\5f5ddoznl9ader2783.ocx
c:\windows\system32\5f7evir29z5.ocx
c:\windows\system32\5f9z5parse9959.exe
c:\windows\system32\5z749spambot7a3.dll
c:\windows\system32\5z95wor9875.dll
c:\windows\system32\60z4vi5us19f.bin
c:\windows\system32\6126sp9z5e506.cpl
c:\windows\system32\624ds9eaz335.dll
c:\windows\system32\6332n5t-a-virzs3879.bin
c:\windows\system32\63cfs9arse514z.exe
c:\windows\system32\6405za9ktoo5b1.exe
c:\windows\system32\65389hiez2394.exe
c:\windows\system32\6592hacktool4az.cpl
c:\windows\system32\65z8vir31099.cpl
c:\windows\system32\6685sp9rsz2196.cpl
c:\windows\system32\67245hrea91620z.cpl
c:\windows\system32\689zbackdoor5632.exe
c:\windows\system32\68bbza5kd9or709.exe
c:\windows\system32\6954wzrm6395.bin
c:\windows\system32\695b5h9efz439.cpl
c:\windows\system32\69easp5rsz1490.dll
c:\windows\system32\69z95parse228.dll
c:\windows\system32\6a9fspa5sez007.dll
c:\windows\system32\6b2thrza555859.ocx
c:\windows\system32\6b7cstzal57009.bin
c:\windows\system32\6b95addware65z.ocx
c:\windows\system32\6bb7spa9se31z35.ocx
c:\windows\system32\6c5zthie92845.bin
c:\windows\system32\6dbs9yware3525z.bin
c:\windows\system32\6z90addware1528.dll
c:\windows\system32\700zsp5ware9258.ocx
c:\windows\system32\70be5parze2509.ocx
c:\windows\system32\72f95ackdzor2526.dll
c:\windows\system32\73fa9d5ware13z7.ocx
c:\windows\system32\7533thzeat29980.cpl
c:\windows\system32\7550baczdoo92653.bin

descriptionWinBlueSoft EmptyRe: WinBlueSoft20th May 2009, 4:10 pm

more_horiz
c:\windows\system32\zc12thre9t225885.dll
c:\windows\system32\zc9a5parse829.cpl
c:\windows\z0421hac5t9ol40a.dll
c:\windows\z0595spambot4af.dll
c:\windows\z097v5ru934b.exe
c:\windows\z1526ha9k5ool51.ocx
c:\windows\z3054s9y175.cpl
c:\windows\z3950hacktool1a5.bin
c:\windows\z4314t5oj339.dll
c:\windows\z4877sp56159.ocx
c:\windows\z49bdownloader9995.ocx
c:\windows\z4b9spyw5re1349.dll
c:\windows\z5219spambot656.bin
c:\windows\z5733no9-a-virus596.dll
c:\windows\z7afba5kdo9r419.ocx
c:\windows\z8903ha5ktool9eb.dll
c:\windows\z917s5eal1538.ocx
c:\windows\z930n5t-a-vir9s2f4.exe
c:\windows\z951spy379.bin
c:\windows\z9fas5arse941.ocx
c:\windows\zb9cdownlo59er2731.ocx
c:\windows\zb9cs9eal24005.cpl
c:\windows\zc5es9eal562.exe
c:\windows\zf199hief1453.bin

.
((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.

2009-08-13 04:19 . 2009-08-13 04:19 2684 ----a-w c:\windows\system32\52398zpy9.dll
2009-05-16 23:39 . 2009-05-16 23:39 -------- d-----w c:\program files\SmitFraudFixPro
2009-05-16 23:27 . 2009-05-16 23:27 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-16 22:33 . 2009-05-16 22:34 -------- d-----w c:\program files\CrossLoop
2009-05-16 19:58 . 2009-05-16 19:58 0 ----a-w c:\documents and settings\Owner\settings.dat
2009-05-16 18:24 . 2009-05-16 18:24 -------- d-----w C:\RootkitNO
2009-05-16 16:49 . 2009-05-16 16:49 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-16 16:49 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 16:49 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 15:46 . 2009-05-16 15:46 2 --shatr c:\windows\winstart.bat
2009-05-16 15:46 . 2009-05-16 22:07 -------- d-----w c:\program files\UnHackMe
2009-05-16 14:01 . 2009-05-16 14:04 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-16 13:59 . 2009-05-16 13:59 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-16 13:59 . 2009-05-16 22:08 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-15 18:13 . 2009-05-15 18:13 86 ---ha-w C:\aaw7boot.cmd
2009-05-15 16:05 . 2009-05-15 18:18 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 00:42 . 2004-05-23 19:50 4127 -c--a-w c:\windows\viassary-hp.reg
2009-05-16 15:56 . 2008-12-18 11:37 -------- d-----w c:\program files\OneStepSrch
2009-05-15 18:13 . 2005-01-23 12:01 -------- d-----w c:\program files\ICQToolbar
2009-05-05 12:31 . 2009-02-10 14:50 339968 ----a-w c:\windows\system32\pythoncom25.dll
2009-05-05 12:31 . 2009-02-10 14:50 114688 ----a-w c:\windows\system32\pywintypes25.dll
2009-05-05 12:31 . 2009-02-10 14:50 2117632 ----a-w c:\windows\system32\python25.dll
2009-05-04 19:05 . 2009-05-04 19:05 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-05-04 19:05 . 2009-05-04 19:05 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-18 22:37 . 2004-01-26 10:23 -------- d-----w c:\program files\Java
2009-04-12 12:53 . 2009-04-02 13:44 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-12 12:45 . 2009-04-12 12:44 -------- d-----w c:\program files\iTunes
2009-04-12 12:45 . 2009-04-12 12:45 -------- d-----w c:\program files\iPod
2009-04-12 12:44 . 2007-07-08 01:50 -------- d-----w c:\program files\Common Files\Apple
2009-04-04 17:38 . 2004-08-01 11:39 56880 -c--a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 17:36 . 2008-03-10 13:17 -------- d-----w c:\program files\Windows Live
2009-04-04 17:36 . 2009-04-04 17:36 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-04 17:34 . 2009-04-04 17:34 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-04 17:32 . 2009-04-04 17:32 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-02 13:44 . 2009-04-02 13:33 -------- d-----w c:\program files\Microsoft
2009-04-02 13:44 . 2009-04-02 13:44 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-04-02 13:26 . 2009-04-02 13:26 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 09:19 . 2008-12-02 05:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-02-04 18:37 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-02-06 22:05 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-16_20.46.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-20 15:57 . 2009-05-20 15:57 16384 c:\windows\Temp\Perflib_Perfdata_20c.dat
- 2004-05-27 19:35 . 2009-04-29 22:01 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-22 23:05 . 2007-03-22 23:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2004-05-27 19:35 . 2009-05-16 23:23 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-05-16 22:03 . 2009-05-14 19:45 156582 c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
- 2004-05-27 19:35 . 2009-04-29 22:01 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-05-16 22:05 . 2009-05-16 22:08 4506044 c:\windows\system32\Restore\rstrlog.dat
+ 2005-05-11 00:59 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2005-10-25 14892072]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Antivirus_ProMFCT"="c:\program files\SmitFraudFixPro\SmitFraudFixPro.exe" [2009-04-05 13839992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-13 180269]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-02-27 135168]
"SetDefPrt"="c:\program files\Brother\BRMFLPRO\BrDefPrt.exe" [2002-12-18 40960]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-04 29744]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-12-12 366400]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-21 98304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-1-26 16384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-29 67128]
Sierra Garden Planner Tray Application.lnk - c:\sierra\GPlan\CALTRAY.EXE [2004-5-29 32768]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-2-3 1568768]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"c:\\Westwood\\RA2\\game.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

descriptionWinBlueSoft EmptyRe: WinBlueSoft20th May 2009, 4:10 pm

more_horiz
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 OneStepSrch Service;OneStepSrch Service;c:\documents and settings\All Users\Application Data\OneStepSrch\onestep210.exe [1/8/2009 6:49 PM 4608]
S2 mrtRate;mrtRate; [x]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [7/31/2004 3:55 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [7/31/2004 3:55 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [7/31/2004 3:55 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [7/31/2004 3:55 PM 10368]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/11/2007 7:46 AM 29744]
.
Contents of the 'Scheduled Tasks' folder

2009-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-20 c:\windows\Tasks\User_Feed_Synchronization-{ED66BDE5-8676-42CC-AF80-7684888F2EC8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://srch-qca10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Note this (Google Notebook) - c:\program files\Google\Google Notebook\gnotes1.0.2.19-356756253.dll/gn_menu1.html
IE: Note this item (Google Notebook) - c:\program files\Google\Google Notebook\gnotes1.0.2.19-356756253.dll/gn_menu2.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6cru8cq.default\
FF - prefs.js: browser.startup.homepage - hxxp://sympatico.my.msn.com/default.aspx?mypg=1
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 11:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1427937640-3629286915-1191468878-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4000)
c:\docume~1\Owner\LOCALS~1\Temp\IadHide5.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\progra~1\PANICW~1\POP-UP~1\XAHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-20 12:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-20 16:05
ComboFix2.txt 2009-05-16 20:58

Pre-Run: 129,860,706,304 bytes free
Post-Run: 129,862,815,744 bytes free

988 --- E O F --- 2009-05-16 23:23

descriptionWinBlueSoft EmptyRe: WinBlueSoft20th May 2009, 4:15 pm

more_horiz
Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
OneStepSrch Service
mrtRate

File::
c:\windows\system32\52398zpy9.dll
c:\windows\winstart.bat

Folder::
c:\program files\SmitFraudFixPro
C:\RootkitNO
c:\documents and settings\All Users\Application Data\OneStepSrch
c:\Program Files\LimeWire

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus_ProMFCT"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
WinBlueSoft Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

descriptionWinBlueSoft EmptyRe: WinBlueSoft20th May 2009, 4:29 pm

more_horiz
ComboFix 09-05-19.08 - Owner 05/20/2009 12:17.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.152 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::
c:\windows\system32\52398zpy9.dll
c:\windows\winstart.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\OneStepSrch
c:\documents and settings\All Users\Application Data\OneStepSrch\onestep210.exe
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.1.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava.jar
c:\program files\LimeWire\lib\forms.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\guice-1.0.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\swt.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
c:\program files\SmitFraudFixPro
c:\program files\SmitFraudFixPro\A_VPEngine.dat
c:\program files\SmitFraudFixPro\A_VPEngine.dll
c:\program files\SmitFraudFixPro\SmitFraudFixPro.exe
c:\program files\SmitFraudFixPro\unins000.dat
c:\program files\SmitFraudFixPro\unins000.exe
C:\RootkitNO
c:\rootkitno\SYSTEM.bk
c:\rootkitno\SYSTEM.LOG
c:\windows\system32\52398zpy9.dll
c:\windows\winstart.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MRTRATE
-------\Legacy_ONESTEPSRCH_SERVICE
-------\Service_mrtRate
-------\Service_OneStepSrch Service


((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.

2009-05-16 23:27 . 2009-05-16 23:27 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-16 22:33 . 2009-05-16 22:34 -------- d-----w c:\program files\CrossLoop
2009-05-16 19:58 . 2009-05-16 19:58 0 ----a-w c:\documents and settings\Owner\settings.dat
2009-05-16 16:49 . 2009-05-16 16:49 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-16 16:49 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 16:49 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 15:46 . 2009-05-16 22:07 -------- d-----w c:\program files\UnHackMe
2009-05-16 14:01 . 2009-05-16 14:04 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-16 13:59 . 2009-05-16 13:59 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-16 13:59 . 2009-05-16 22:08 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-15 18:13 . 2009-05-15 18:13 86 ---ha-w C:\aaw7boot.cmd
2009-05-15 16:05 . 2009-05-15 18:18 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 00:42 . 2004-05-23 19:50 4127 -c--a-w c:\windows\viassary-hp.reg
2009-05-16 15:56 . 2008-12-18 11:37 -------- d-----w c:\program files\OneStepSrch
2009-05-15 18:13 . 2005-01-23 12:01 -------- d-----w c:\program files\ICQToolbar
2009-05-05 12:31 . 2009-02-10 14:50 339968 ----a-w c:\windows\system32\pythoncom25.dll
2009-05-05 12:31 . 2009-02-10 14:50 114688 ----a-w c:\windows\system32\pywintypes25.dll
2009-05-05 12:31 . 2009-02-10 14:50 2117632 ----a-w c:\windows\system32\python25.dll
2009-05-04 19:05 . 2009-05-04 19:05 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-05-04 19:05 . 2009-05-04 19:05 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-18 22:37 . 2004-01-26 10:23 -------- d-----w c:\program files\Java
2009-04-12 12:53 . 2009-04-02 13:44 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-12 12:45 . 2009-04-12 12:44 -------- d-----w c:\program files\iTunes
2009-04-12 12:45 . 2009-04-12 12:45 -------- d-----w c:\program files\iPod
2009-04-12 12:44 . 2007-07-08 01:50 -------- d-----w c:\program files\Common Files\Apple
2009-04-04 17:38 . 2004-08-01 11:39 56880 -c--a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 17:36 . 2008-03-10 13:17 -------- d-----w c:\program files\Windows Live
2009-04-04 17:36 . 2009-04-04 17:36 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-04 17:34 . 2009-04-04 17:34 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-04 17:32 . 2009-04-04 17:32 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-02 13:44 . 2009-04-02 13:33 -------- d-----w c:\program files\Microsoft
2009-04-02 13:44 . 2009-04-02 13:44 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-04-02 13:26 . 2009-04-02 13:26 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 09:19 . 2008-12-02 05:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-02-04 18:37 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-02-06 22:05 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
.

descriptionWinBlueSoft EmptyRe: WinBlueSoft20th May 2009, 4:30 pm

more_horiz
((((((((((((((((((((((((((((( SnapShot@2009-05-16_20.46.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-20 16:21 . 2009-05-20 16:21 16384 c:\windows\temp\Perflib_Perfdata_7e4.dat
- 2004-05-27 19:35 . 2009-04-29 22:01 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-22 23:05 . 2007-03-22 23:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2004-05-27 19:35 . 2009-05-16 23:23 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-05-16 22:03 . 2009-05-14 19:45 156582 c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
- 2004-05-27 19:35 . 2009-04-29 22:01 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2004-05-27 19:35 . 2009-04-29 22:01 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2004-05-27 19:35 . 2009-05-16 23:23 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-05-16 22:05 . 2009-05-16 22:08 4506044 c:\windows\system32\Restore\rstrlog.dat
+ 2005-05-11 00:59 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2005-10-25 14892072]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-13 180269]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-02-27 135168]
"SetDefPrt"="c:\program files\Brother\BRMFLPRO\BrDefPrt.exe" [2002-12-18 40960]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-04 29744]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-12-12 366400]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-21 98304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-1-26 16384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-29 67128]
Sierra Garden Planner Tray Application.lnk - c:\sierra\GPlan\CALTRAY.EXE [2004-5-29 32768]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-2-3 1568768]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"c:\\Westwood\\RA2\\game.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [7/31/2004 3:55 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [7/31/2004 3:55 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [7/31/2004 3:55 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [7/31/2004 3:55 PM 10368]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/11/2007 7:46 AM 29744]
.
Contents of the 'Scheduled Tasks' folder

2009-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-20 c:\windows\Tasks\User_Feed_Synchronization-{ED66BDE5-8676-42CC-AF80-7684888F2EC8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://srch-qca10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Note this (Google Notebook) - c:\program files\Google\Google Notebook\gnotes1.0.2.19-356756253.dll/gn_menu1.html
IE: Note this item (Google Notebook) - c:\program files\Google\Google Notebook\gnotes1.0.2.19-356756253.dll/gn_menu2.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6cru8cq.default\
FF - prefs.js: browser.startup.homepage - hxxp://sympatico.my.msn.com/default.aspx?mypg=1
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 12:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1427937640-3629286915-1191468878-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3788)
c:\docume~1\Owner\LOCALS~1\Temp\IadHide5.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-20 12:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-20 16:27
ComboFix2.txt 2009-05-20 16:05
ComboFix3.txt 2009-05-16 20:58

Pre-Run: 129,870,024,704 bytes free
Post-Run: 129,833,603,072 bytes free

324 --- E O F --- 2009-05-16 23:23

descriptionWinBlueSoft EmptyRe: WinBlueSoft20th May 2009, 5:30 pm

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

WinBlueSoft CF_Cleanup

This will also reset your restore points.

How is the machine running now?

descriptionWinBlueSoft EmptyRe: WinBlueSoft20th May 2009, 5:39 pm

more_horiz
Thank you guys sooo much Smile... The computer is running tip top. Smile... I know you guys get this alot but I really really really appreciate it. I am so glad you guys exist.

:o) THANK YOU!!!!!!!!!!

descriptionWinBlueSoft EmptyRe: WinBlueSoft20th May 2009, 5:41 pm

more_horiz
Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

descriptionWinBlueSoft EmptyRe: WinBlueSoft

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum