GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Win blue soft has taken over my xp laptop can anyone help me?!

View previous topic View next topic Go down

Win blue soft has taken over my xp laptop can anyone help me?!

Post by dougiefresh504 on Wed Jun 03, 2009 5:29 am

i almost removed everything with malwarebytes Anti-Malware,, but still the Laptop just shuts down on its own and cant change features on desktop. in about every five minutes the mouse cursor automatically moves ITSELF to the Start Tab and shuts down! If anybody can help that would be a life saver.

dougiefresh504
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-06-02
OS : XP
Points : 27427
# Likes : 0

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by Belahzur on Wed Jun 03, 2009 1:19 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by dougiefresh504 on Wed Jun 03, 2009 9:18 pm

it wont pull up the note pad and i cant open manually either

dougiefresh504
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-06-02
OS : XP
Points : 27427
# Likes : 0

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by Belahzur on Wed Jun 03, 2009 9:19 pm

Hello.
Try opening the log with Wordpad instead.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by dougiefresh504 on Wed Jun 03, 2009 9:24 pm

ok i opened the notepad manually but how do i copy and paste it?

dougiefresh504
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-06-02
OS : XP
Points : 27427
# Likes : 0

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by Belahzur on Wed Jun 03, 2009 9:31 pm

Go into the edit menu, press "Select all", then go back into the edit menu again, press "Copy".

Now right click anywhere in your text box, select "Paste"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by dougiefresh504 on Wed Jun 03, 2009 9:38 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:38 PM, on 6/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - AppInit_DLLs: blocker.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 4879 bytes

dougiefresh504
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-06-02
OS : XP
Points : 27427
# Likes : 0

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by Belahzur on Wed Jun 03, 2009 9:43 pm

Hello.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Delete a file on reboot..."
  • Then find and select this file: C:\windows\system32\blocker.dll
  • Select okay and select yes to reboot.

Then after reboot, we need to clean some things up in Hijack This. Please make sure TeaTimer is disabled before doing this fix.

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
    O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
    O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
    O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
    O20 - AppInit_DLLs: blocker.dll


  • Press "Fix Checked"
  • Close Hijack This.

Let me know once you've done that.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by dougiefresh504 on Wed Jun 03, 2009 9:56 pm

ok done

dougiefresh504
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-06-02
OS : XP
Points : 27427
# Likes : 0

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by Belahzur on Wed Jun 03, 2009 10:13 pm


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by dougiefresh504 on Wed Jun 03, 2009 10:26 pm

great im seeing the progress,, it says "connecting to microsft.com" btw thanx for all ur help i am definitley gng to donate.......
now its scanning for infeted files. i hope my laptop does not shut down :Clapping:

dougiefresh504
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-06-02
OS : XP
Points : 27427
# Likes : 0

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by dougiefresh504 on Wed Jun 03, 2009 10:42 pm

ComboFix 09-06-03.01 - askari aamir 06/03/2009 17:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.272 [GMT -5:00]
Running from: c:\documents and settings\askari aamir\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\outlook
c:\windows\10258spamb9z576.exe
c:\windows\10349vi95z7c4.dll
c:\windows\10355spz9bot18b.cpl
c:\windows\1045doz9loader1912.bin
c:\windows\105z9spy3c9.exe
c:\windows\10671noz-a-viru95ad.exe
c:\windows\10757nzt9a-virus4275.cpl
c:\windows\10870worm5zf9.bin
c:\windows\10cfvi9152z.dll
c:\windows\11018t9ojzb5.bin
c:\windows\11389s5amboz51e.ocx
c:\windows\11402h5ckto9l45z.bin
c:\windows\1171th5ef69z9.ocx
c:\windows\119559ot-a-zir5s7d7.bin
c:\windows\120bvzr21599.dll
c:\windows\13056spa9boz633.dll
c:\windows\1310095rus24z.ocx
c:\windows\13191viruz95.cpl
c:\windows\137959ot5a-vizus1b4.bin
c:\windows\13c0spar5e2z09.bin
c:\windows\13z9thi5f9485.dll
c:\windows\1407addwa5e9z50.dll
c:\windows\1409spam95t2c8z.exe
c:\windows\141699ot-azviru5c9.dll
c:\windows\1443stzal5895.exe
c:\windows\1466759rmz54.dll
c:\windows\14754sza9bo5386.exe
c:\windows\1494zhackto5l1d4.ocx
c:\windows\15175spam9otz7e.bin
c:\windows\15295z9rm9c.ocx
c:\windows\152z99pambot5d3.ocx
c:\windows\15358w9z5591.ocx
c:\windows\1549vi5254z.bin
c:\windows\15515spazbot951.dll
c:\windows\155929pzmbot51a.dll
c:\windows\1567b9czdoor2310.dll
c:\windows\15739spamzot330.bin
c:\windows\1599downzoader15065.bin
c:\windows\159fsteal296z5.ocx
c:\windows\159ztroj97d.cpl
c:\windows\1638d9wnz5ader2887.bin
c:\windows\16458h5c9tozl44b.cpl
c:\windows\16993spazbot7f5.bin
c:\windows\17036hacktoo9z25.bin
c:\windows\1754sp59are217z.ocx
c:\windows\175759ruza0.cpl
c:\windows\17851vi59sz8d.cpl
c:\windows\17f95pazse3117.cpl
c:\windows\18029spz5509.dll
c:\windows\184985pz46e.bin
c:\windows\19040tzo569f.dll
c:\windows\19259worz2f9.dll
c:\windows\1945vzr3055.ocx
c:\windows\19584zroj495.bin
c:\windows\195fstea913z3.exe
c:\windows\1965threat10z59.ocx
c:\windows\1980worm5z5.dll
c:\windows\19970not-a-v59us3zb.dll
c:\windows\199fvirz5315.cpl
c:\windows\19b9do9nloadz51484.exe
c:\windows\19z96not-a-v5rus271.dll
c:\windows\1a57spywz9e3144.exe
c:\windows\1c299hi5f292z.bin
c:\windows\1d9bzte5l1916.bin
c:\windows\1e5bvirz599.dll
c:\windows\1f0eaddz5r9785.exe
c:\windows\1f92t5reat5553z.dll
c:\windows\1z061spam9ot50d.cpl
c:\windows\1z0f5te9l855.exe
c:\windows\1z22v95228.ocx
c:\windows\1z295teal1600.bin
c:\windows\1z55sp59are2346.dll
c:\windows\1z562wo9m3da.bin
c:\windows\1z9589py159.bin
c:\windows\20588spzmbot2a89.dll
c:\windows\20927spz359.dll
c:\windows\20e69zr5993.bin
c:\windows\21280zot5a-v9rus16d.cpl
c:\windows\21935z9r5497.bin
c:\windows\21999ha9ktool2z5.ocx
c:\windows\22022not-z-vi95s7f3.dll
c:\windows\221569zy18b.dll
c:\windows\22311ha9ktzol85.ocx
c:\windows\22490troj59z.dll
c:\windows\224z5pywar91292.dll
c:\windows\22654zp5499.ocx
c:\windows\2279spam5zt439.exe
c:\windows\23095spamb5t60z.ocx
c:\windows\23370worz795.dll
c:\windows\23555hazktool59e.ocx
c:\windows\23756woz96f9.exe
c:\windows\23852not-a-ziru92d9.bin
c:\windows\23990noz-5-viruse9.dll
c:\windows\239z3hacktool15.ocx
c:\windows\2407zs5am9ot3e1.ocx
c:\windows\2425down9oaderz765.exe
c:\windows\24679not-a-virzs7a25.bin
c:\windows\24f2stea915z3.bin
c:\windows\251dsteaz9431.ocx
c:\windows\2539thiefz094.exe
c:\windows\254f9ackdoor738z.ocx
c:\windows\25563spy97z.bin
c:\windows\255zvir9287.exe
c:\windows\25624zpambot7c9.cpl
c:\windows\25865spam9ot27z.exe
c:\windows\25z3addware19.exe
c:\windows\25z5steal2399.dll
c:\windows\260059py5d8z.ocx
c:\windows\2609z5roj3f9.exe
c:\windows\264e5ownlozd9r150.exe
c:\windows\26b4stea5299z.cpl
c:\windows\26z569pambo558c.cpl
c:\windows\2709spywz5e2791.cpl
c:\windows\274225iz9s493.bin
c:\windows\2751sze5l1923.cpl
c:\windows\27f1zteal1495.ocx
c:\windows\28059worm7c0z.cpl
c:\windows\2845wo9m3ccz.exe
c:\windows\289cszarse16959.cpl
c:\windows\29059hief13z8.exe
c:\windows\29068hacktzol4569.exe
c:\windows\29445hacztool6b7.bin
c:\windows\29551not-azvirus15.ocx
c:\windows\29731spamb5z169.exe
c:\windows\29758spambotz02.ocx
c:\windows\299athz5at15392.exe
c:\windows\2a49zir1519.cpl
c:\windows\2b4a59z2926.exe
c:\windows\2d0z9pyware854.cpl
c:\windows\2d7dzwnloader51719.bin
c:\windows\2e2zspars55889.exe
c:\windows\2z30v5rus9ee.cpl
c:\windows\2z399v9rus59c.cpl
c:\windows\2z56down9oader12665.ocx
c:\windows\2z612t9oj150.ocx
c:\windows\2z62t5ie9854.bin
c:\windows\2z665no5-a-virus539.ocx
c:\windows\2z72thre5t26297.exe
c:\windows\2z8319pambot56b5.dll
c:\windows\30472z5rus749.ocx
c:\windows\30695pyz9.exe
c:\windows\308z5v5rus549.dll
c:\windows\30943zack9ool35e.exe
c:\windows\30z8add5ar9193.dll
c:\windows\31147hackto591zc.cpl
c:\windows\31180not9a-vizu550a.cpl
c:\windows\31232not-5zv9rusf7.exe
c:\windows\31249s5zmbot4a9.exe
c:\windows\31504hac5tzol7849.cpl
c:\windows\31531noz-a-virus2c59.exe
c:\windows\318185roj29z.bin
c:\windows\31855hr9at139z9.ocx
c:\windows\31928spam59z1e6.ocx
c:\windows\3198zspamb5t3869.ocx
c:\windows\320z5vi5us59d.exe
c:\windows\32636zp95bot2c5.exe
c:\windows\3270dowz9oader1725.ocx
c:\windows\3544zvirus98f.cpl
c:\windows\35ezthreat92400.exe
c:\windows\3633h9zktool2bb5.bin
c:\windows\364no9-a5virus7ffz.dll
c:\windows\38059py5zc.dll
c:\windows\3902b5ckdozr1764.ocx
c:\windows\3926trz577e.bin
c:\windows\395hreat22z22.bin
c:\windows\3984spz5a9.cpl
c:\windows\39a0s9eaz2450.bin
c:\windows\39ezspy5are1583.bin
c:\windows\39z91t5oj6ba.bin
c:\windows\39z9add5are1146.exe
c:\windows\3bb2thie9z250.cpl
c:\windows\3c95back5oor649z.cpl
c:\windows\3caz9hre5t22416.dll
c:\windows\3d59sparsez5699.cpl
c:\windows\3db9bac5door28z1.exe
c:\windows\3faczir19205.ocx
c:\windows\3z3825pambot39e.ocx
c:\windows\3z6n95-a-virus13f.ocx
c:\windows\3z85download9r3285.cpl
c:\windows\401ebackdzor99265.bin
c:\windows\40dezp5rse959.ocx
c:\windows\419zadd5are792.bin
c:\windows\42455iru935cz.cpl
c:\windows\42fdspzw59e2902.ocx
c:\windows\4359th5ef309z.exe
c:\windows\435dzpywa9e487.exe
c:\windows\4386hzcktool6579.exe
c:\windows\4394zt9al5728.bin
c:\windows\4495ack9zor233.cpl
c:\windows\4592sparsz2953.cpl
c:\windows\4756viruz97c.bin
c:\windows\47a9stealz305.dll
c:\windows\47ac59eal1798z.bin
c:\windows\47z359rm3f0.exe
c:\windows\4891threzt315369.dll
c:\windows\48d5zh9ef3144.ocx

dougiefresh504
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-06-02
OS : XP
Points : 27427
# Likes : 0

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by dougiefresh504 on Wed Jun 03, 2009 10:43 pm

c:\windows\4950spaz9ot82.dll
c:\windows\495bthr5zt19571.cpl
c:\windows\49f5spyware273z.dll
c:\windows\4a2zste952799.exe
c:\windows\4a30thz9at58664.dll
c:\windows\4abbth9eat22655z.cpl
c:\windows\4ba5t9reat86z7.ocx
c:\windows\4c1spyw9rez581.exe
c:\windows\4c6bs5a9se23z8.ocx
c:\windows\4d099hre5z7915.dll
c:\windows\4dcas5yw9re114z.bin
c:\windows\4f13zhrea523997.bin
c:\windows\4z92steal1252.dll
c:\windows\4z9dspars51975.cpl
c:\windows\50z5backdoor26289.dll
c:\windows\513fszywa9e5075.exe
c:\windows\5191spyware2981z.exe
c:\windows\51e0zt9al5343.exe
c:\windows\52384z9cktool35.bin
c:\windows\529azpyw5re2441.dll
c:\windows\531ethrza51927.ocx
c:\windows\5330th5z92049.exe
c:\windows\5355stzal1239.bin
c:\windows\536bspaz5e9640.dll
c:\windows\5489spywarez657.exe
c:\windows\54z6sp53d29.dll
c:\windows\5529t95ezt8299.cpl
c:\windows\553v9z2592.cpl
c:\windows\5553t9iez1558.cpl
c:\windows\556athi5z2947.ocx
c:\windows\557ed9wnloaderz53.cpl
c:\windows\55953virus9z5.bin
c:\windows\55987hackt9oz398.ocx
c:\windows\55997troz914.cpl
c:\windows\55a2vir491z.dll
c:\windows\55cbdownloa5er984z.cpl
c:\windows\55dzd9wnloader1127.ocx
c:\windows\5641not9z-virus95.ocx
c:\windows\56555not-a-virus2z9.bin
c:\windows\5694addwarez0675.ocx
c:\windows\56edownl9ader6z.cpl
c:\windows\56z05virus953.cpl
c:\windows\57fest9az1052.ocx
c:\windows\587et5i9f18z.ocx
c:\windows\58961spazbot9bc.cpl
c:\windows\58d2spzware50589.ocx
c:\windows\58f8d5wnloader9535z.dll
c:\windows\58z1vir3996.ocx
c:\windows\58z60spy795.bin
c:\windows\5941sp9a9z.dll
c:\windows\59695roj7b7z.dll
c:\windows\59732vir9z13b.exe
c:\windows\598ev5rz495.bin
c:\windows\5991vi9zs69.cpl
c:\windows\59921worm54z.dll
c:\windows\59c0sp9za5e1895.dll
c:\windows\59c85ddwarez145.ocx
c:\windows\59cevirz449.exe
c:\windows\5ad9backdoor1z75.dll
c:\windows\5bc29pyw5rez87.cpl
c:\windows\5c8dztea9553.cpl
c:\windows\5c9ezddware9635.bin
c:\windows\5cc9downloade5928z.bin
c:\windows\5d97tzr9at8030.bin
c:\windows\5e59zyware2779.cpl
c:\windows\5ecthzea911088.cpl
c:\windows\5f8bthreat9z718.ocx
c:\windows\5fa3thze9t5403.bin
c:\windows\5fa99zdware1891.dll
c:\windows\5z235s9ambot710.exe
c:\windows\5z2fvi52590.bin
c:\windows\5z498worm607.dll
c:\windows\5ze3spy5are2597.dll
c:\windows\6076not-a-5zrus379.bin
c:\windows\60c59ownloaderz50.bin
c:\windows\6113z9oj42e5.ocx
c:\windows\6176zack5ool5b9.cpl
c:\windows\6194not-a-zir955b6.dll
c:\windows\62z8s5y4279.cpl
c:\windows\6349wzr547c.dll
c:\windows\6359hiefz55.exe
c:\windows\63e19hrezt298255.cpl
c:\windows\6554szar9e535.ocx
c:\windows\65c1s59waze52.bin
c:\windows\661zpy9a5e812.exe
c:\windows\6698hackt5ol5zf.cpl
c:\windows\6790thze5229.ocx
c:\windows\6795spazse2608.bin
c:\windows\67c0a5z9are1183.dll
c:\windows\67z195reat16187.dll
c:\windows\68cszyw5r9909.bin
c:\windows\6953steal6z75.exe
c:\windows\69e5vir990z.dll
c:\windows\69eevi5z90.bin
c:\windows\6ae5addwzre2952.exe
c:\windows\6c495iz91.exe
c:\windows\6c4zdo9nl5ader2683.bin
c:\windows\6e48bzckdoo51839.cpl
c:\windows\6fd0dow9zoader2615.bin
c:\windows\6z38a59ware2325.dll
c:\windows\7015izus5519.cpl
c:\windows\7026s5yz149.exe
c:\windows\7096st5zl964.dll
c:\windows\7099h5cktool9c4z.ocx
c:\windows\7255vi9z85.bin
c:\windows\7475spzware9255.bin
c:\windows\7554spzmbo549c.cpl
c:\windows\75a9thi5f26z89.cpl
c:\windows\75b5sparsz9599.cpl
c:\windows\7612spzrs91525.cpl
c:\windows\7666v5r111z9.exe
c:\windows\76bthzef2596.ocx
c:\windows\76c7dz9nl5ader1389.exe
c:\windows\779dowzl9ad5r1205.exe
c:\windows\791dspywzr5339.bin
c:\windows\795s5arsez69.cpl
c:\windows\7a59threz511976.cpl
c:\windows\7a5ds9ywar532z1.cpl
c:\windows\7b2cdownl5ad9z255.dll
c:\windows\7b5ab9ckdooz1501.cpl
c:\windows\7c59ad95zre656.bin
c:\windows\7cf05i931z6.bin
c:\windows\7e54stz9l2729.exe
c:\windows\7z59sparse2964.bin
c:\windows\8038hzc5tool4c9.cpl
c:\windows\8095spz7ac.dll
c:\windows\8299zirus597.dll
c:\windows\83659z5us4b.dll
c:\windows\8532tr9z37a.exe
c:\windows\8864spam9o5z62.exe
c:\windows\8z63wor5f79.cpl
c:\windows\90999t5ojzad.ocx
c:\windows\92751not-a-v5rus63z.exe
c:\windows\9275h5zktool2a.cpl
c:\windows\93759pamzot55b.ocx
c:\windows\939e5hiefz142.exe
c:\windows\9457hz5ktool283.bin
c:\windows\94939wzr5681.ocx
c:\windows\94z65ir53.ocx
c:\windows\9578sz95bot6d7.exe
c:\windows\95915wzrm6b9.bin
c:\windows\9611sp95bot344z.bin
c:\windows\9724t5iez1317.bin
c:\windows\97925hacktool3ze.exe
c:\windows\9899wozm5e5.exe
c:\windows\9926h5cztool98.ocx
c:\windows\99585rzj620.exe
c:\windows\9960hackto5z7e5.cpl
c:\windows\99951zroj3a5.ocx
c:\windows\9a1fvir3195z.dll
c:\windows\9a77tzief15.exe
c:\windows\9c7dbackdooz2522.exe
c:\windows\9czdvi51671.dll
c:\windows\9db25ir321z.ocx
c:\windows\9fb6szyw5re1569.exe
c:\windows\9fdszywa5e1355.cpl
c:\windows\9z27t5ief2951.cpl
c:\windows\9z84wo95517.cpl
c:\windows\9zf5threat7056.dll
c:\windows\9zffaddwar5513.bin
c:\windows\a4bv5r98z9.exe
c:\windows\aadaddz9re845.exe
c:\windows\b9fvir2529z.bin
c:\windows\c94threaz20513.cpl
c:\windows\e9d5parse199z.bin
c:\windows\system32\10109ziru9755.cpl
c:\windows\system32\104z2not9a-5irus73a.cpl
c:\windows\system32\11291troz355.cpl
c:\windows\system32\11596spzmbot7d89.ocx
c:\windows\system32\117815ir9s5ez.ocx
c:\windows\system32\11925troj6z4.cpl
c:\windows\system32\1199h9cktooz385.bin
c:\windows\system32\125005ot-a-vzrus259.dll
c:\windows\system32\129z9w5rm62c.ocx
c:\windows\system32\12be5ownloader2149z.cpl
c:\windows\system32\131035azktool992.dll
c:\windows\system32\13159za5ktool65d.bin
c:\windows\system32\13215zot-a-v9rus341.cpl
c:\windows\system32\13324za9kt5ol607.dll
c:\windows\system32\149z5hief1678.bin
c:\windows\system32\14b9downloade5935z.exe
c:\windows\system32\15359sp59f4z.cpl
c:\windows\system32\1539vir13z5.bin
c:\windows\system32\1555ztroj396.cpl
c:\windows\system32\15915zirus56b.exe
c:\windows\system32\15956vizus97b.bin
c:\windows\system32\15b95rz569.ocx
c:\windows\system32\15z11wor933a.dll
c:\windows\system32\16189hazktool51.bin
c:\windows\system32\16444zpambo9ab5.exe
c:\windows\system32\165btzreat19154.bin
c:\windows\system32\1685sparse1956z.dll
c:\windows\system32\169475acktoolzbf.bin
c:\windows\system32\169z3viru934b5.cpl
c:\windows\system32\169zbackdoor1518.ocx
c:\windows\system32\17dab5c9door2196z.ocx
c:\windows\system32\1829backzoor5671.dll
c:\windows\system32\18599zpy50c5.ocx
c:\windows\system32\18791nzt-a-virus5ad5.dll

dougiefresh504
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-06-02
OS : XP
Points : 27427
# Likes : 0

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by dougiefresh504 on Wed Jun 03, 2009 10:43 pm

c:\windows\system32\18990v5rus1zf.cpl
c:\windows\system32\1900spyez5.bin
c:\windows\system32\19399s9zmbot2b5.ocx
c:\windows\system32\19439spambot3z95.ocx
c:\windows\system32\19525t5oz2ad.cpl
c:\windows\system32\196z2wo59505.ocx
c:\windows\system32\19952sp5290z.exe
c:\windows\system32\1995worm605z.cpl
c:\windows\system32\199dbackd5or1911z.dll
c:\windows\system32\19eczhief5696.cpl
c:\windows\system32\19fd5pywarz28459.bin
c:\windows\system32\19z94viru56a2.exe
c:\windows\system32\1a429i5198z.dll
c:\windows\system32\1a8aba5kdooz1999.bin
c:\windows\system32\1b0cs5ars92z96.exe
c:\windows\system32\1c2addwz951166.dll
c:\windows\system32\1e5dtzief17499.ocx
c:\windows\system32\1eb9c5dooz612.exe
c:\windows\system32\1z158sp9395.dll
c:\windows\system32\1z95thief2299.dll
c:\windows\system32\1ze59ackdoor45.exe
c:\windows\system32\20299spam5oz529.exe
c:\windows\system32\20343ha5ktzol7989.exe
c:\windows\system32\20z56vir9s455.ocx
c:\windows\system32\2138b9ckdzor25085.dll
c:\windows\system32\21518zorm5639.ocx
c:\windows\system32\21562vi5u95dz.bin
c:\windows\system32\2195stealz583.ocx
c:\windows\system32\21a9dwarz1759.bin
c:\windows\system32\22544wzr9396.ocx
c:\windows\system32\2285szars52391.exe
c:\windows\system32\22946spam95tz37.cpl
c:\windows\system32\23303no5-a-vi9us1z0.exe
c:\windows\system32\234z5spam5ot4dd9.cpl
c:\windows\system32\23574sz9mbo51a2.bin
c:\windows\system32\23920hazktool59a9.exe
c:\windows\system32\25154zorm948.cpl
c:\windows\system32\25317zir5s4ed9.ocx
c:\windows\system32\2546zspamb9t1c4.exe
c:\windows\system32\25506spa9bot55z.cpl
c:\windows\system32\2559znot-a-95rus5b2.dll
c:\windows\system32\2563zhack59ol643.dll
c:\windows\system32\2570ztro9668.bin
c:\windows\system32\258zv5r29199.exe
c:\windows\system32\25900trojz99.exe
c:\windows\system32\2595vir1z55.dll
c:\windows\system32\259z5hacktool227.ocx
c:\windows\system32\25es9azse805.exe
c:\windows\system32\265655roj7z9.exe
c:\windows\system32\26f8baz59oor2881.cpl
c:\windows\system32\26z785orm7b59.ocx
c:\windows\system32\26z9ad9ware5595.bin
c:\windows\system32\26zno9-a-vir5s412.cpl
c:\windows\system32\27263hacztool5659.ocx
c:\windows\system32\27271sp9zbe5.bin
c:\windows\system32\27534s9y57z.ocx
c:\windows\system32\27655sp93bz.dll
c:\windows\system32\2797959z-a-virusbf.bin
c:\windows\system32\2854spzmbot1e59.ocx
c:\windows\system32\2857h9cktool5dcz.cpl
c:\windows\system32\288z6s95mbot567.bin
c:\windows\system32\289275acktool2f4z.dll
c:\windows\system32\28959hacktool32z.cpl
c:\windows\system32\28z0ad5ware699.exe
c:\windows\system32\2915zworm18d5.exe
c:\windows\system32\29167spzmbot665.cpl
c:\windows\system32\29176not-a-vir5s4e2z.exe
c:\windows\system32\292z9troj5d95.dll
c:\windows\system32\2940adzware15115.exe
c:\windows\system32\294athiz59231.dll
c:\windows\system32\2952downloaderz665.exe
c:\windows\system32\296zdow9loader5022.ocx
c:\windows\system32\2994s5arsez794.exe
c:\windows\system32\29959teal183z.bin
c:\windows\system32\2d559hief24z5.cpl
c:\windows\system32\2espy9aze8525.dll
c:\windows\system32\2f029hief2z15.bin
c:\windows\system32\2f1f9py5arez271.ocx
c:\windows\system32\2f3zdow59oader1420.dll
c:\windows\system32\2z745hack9ool6ec.cpl
c:\windows\system32\2z8709or5443.cpl
c:\windows\system32\2z959troj215.cpl
c:\windows\system32\2z963hacktool1855.ocx
c:\windows\system32\30129n5t-a-v9rus11z.ocx
c:\windows\system32\30157spambotz259.ocx
c:\windows\system32\30290zpy5b1.exe
c:\windows\system32\30511not-a-viruz393.dll
c:\windows\system32\30685tzoj299.ocx
c:\windows\system32\31569p5zare833.ocx
c:\windows\system32\31599hack9ool5z3.bin
c:\windows\system32\32052spa9boz1e6.ocx
c:\windows\system32\32066s9amzo546c.bin
c:\windows\system32\3353vir99z0.bin
c:\windows\system32\3365spy9zre3098.exe
c:\windows\system32\3375stz5981.exe
c:\windows\system32\3440wozm3529.ocx
c:\windows\system32\34c3dzwnloa5e91307.exe
c:\windows\system32\35377spambo94za.dll
c:\windows\system32\3553not-z-vir9s1a3.bin
c:\windows\system32\3596zh5ef1748.dll
c:\windows\system32\3751addwzre3098.cpl
c:\windows\system32\37z9ha5ktool3ff.dll
c:\windows\system32\380daddz9r52285.exe
c:\windows\system32\3900nzt-9-virus3615.dll
c:\windows\system32\39370spam5zt534.exe
c:\windows\system32\39378zpy158.bin
c:\windows\system32\39379ownload5rz890.ocx
c:\windows\system32\3957z59mbot11b.dll
c:\windows\system32\3a5ca9dware19z7.exe
c:\windows\system32\3bces9zrs565.cpl
c:\windows\system32\3c07addwar5479z.bin
c:\windows\system32\3c95spywa9e187z.cpl
c:\windows\system32\3c9zthre5t19265.cpl
c:\windows\system32\3d51zownloader3962.dll
c:\windows\system32\3df7zhie930605.exe
c:\windows\system32\3e56zhreat29459.ocx
c:\windows\system32\3e59sparse1990z.ocx
c:\windows\system32\3f1z9ddware3025.bin
c:\windows\system32\3z91vir5305.exe
c:\windows\system32\3z92895y301.cpl
c:\windows\system32\40z5thi9f1166.bin
c:\windows\system32\412zvir25529.dll
c:\windows\system32\4155zhreat303719.cpl
c:\windows\system32\43d79iz2535.dll
c:\windows\system32\443eaddwzre9518.cpl
c:\windows\system32\451z5ir2970.cpl
c:\windows\system32\4568thr95tz1048.ocx
c:\windows\system32\4585threa93z95.cpl
c:\windows\system32\45b9sparsez224.dll
c:\windows\system32\4649zteal959.exe
c:\windows\system32\4874spy9zre1575.ocx
c:\windows\system32\4923b5ckdoor18z.dll
c:\windows\system32\4996vi51970z.ocx
c:\windows\system32\49ze5ddw9re1166.bin
c:\windows\system32\4az4bac9d5or1106.exe
c:\windows\system32\4bd9ba5kdozr971.exe
c:\windows\system32\4c99spyware31z75.ocx
c:\windows\system32\4da6bz5kd9or905.cpl
c:\windows\system32\4e82downl5zder1975.ocx
c:\windows\system32\4z90spywar520219.dll
c:\windows\system32\5090addw9re3z7.exe
c:\windows\system32\50d5v59198z.ocx
c:\windows\system32\50d9zownl5ader3095.ocx
c:\windows\system32\50easpy5arez189.cpl
c:\windows\system32\51509roj476z.ocx
c:\windows\system32\517z6worm9db.bin
c:\windows\system32\5196sparse102z.dll
c:\windows\system32\52719orm537z.ocx
c:\windows\system32\5290viz757.ocx
c:\windows\system32\52z19worm7f1.cpl
c:\windows\system32\53039hiez3544.exe
c:\windows\system32\537ctzr9at759.exe
c:\windows\system32\53966viruszcc.dll
c:\windows\system32\539fdoznloader9885.bin
c:\windows\system32\54029pzware125.dll
c:\windows\system32\54289tzo966a.exe
c:\windows\system32\5451ste9z1858.dll
c:\windows\system32\553th95f15z3.exe
c:\windows\system32\5555zp9mbot52.cpl
c:\windows\system32\55653troz4d9.bin
c:\windows\system32\556f9pyzare471.bin
c:\windows\system32\55d3vzr2995.dll
c:\windows\system32\55z39parse3074.dll
c:\windows\system32\5614thzeat19812.dll
c:\windows\system32\561bdownload9r5610z.bin
c:\windows\system32\5798sparz5985.ocx
c:\windows\system32\58a2zteal598.cpl
c:\windows\system32\58basp9ware2512z.exe
c:\windows\system32\59095troj6az.ocx
c:\windows\system32\59289virus32z.dll
c:\windows\system32\59389spy6zb.bin
c:\windows\system32\594z59oj340.ocx
c:\windows\system32\59549spyz0c.dll
c:\windows\system32\5958z9y727.dll
c:\windows\system32\5959stezl2391.exe
c:\windows\system32\598znot-a-vi5us5af.cpl
c:\windows\system32\5990a9dware25z5.ocx
c:\windows\system32\5999zddwar52587.ocx
c:\windows\system32\59z9vir2455.dll
c:\windows\system32\5aa9backdoo5302z.cpl
c:\windows\system32\5b20tzi9f513.cpl
c:\windows\system32\5b29s5arsz3036.dll
c:\windows\system32\5b3download9r2z45.cpl
c:\windows\system32\5ba0s5eal29z9.dll
c:\windows\system32\5bc5stealz090.cpl
c:\windows\system32\5c0adownloadz91726.bin
c:\windows\system32\5c47sparsez5979.bin
c:\windows\system32\5dbdownlozder6849.cpl
c:\windows\system32\5dc6bac9d5or1z55.bin
c:\windows\system32\5ed45a9kdoor1z5.cpl
c:\windows\system32\5eeadow9zoa5er85.dll
c:\windows\system32\5f17zhr9at245.cpl
c:\windows\system32\5f23spzwar530279.cpl
c:\windows\system32\5f54zir2895.ocx
c:\windows\system32\5z28vir2099.exe
c:\windows\system32\60979zdw5re1546.dll
c:\windows\system32\6119zacktoo94b5.exe
c:\windows\system32\611baczdoor2859.dll
c:\windows\system32\619spywarez0559.exe
c:\windows\system32\6345v9zus754.bin
c:\windows\system32\6395stezl2869.dll
c:\windows\system32\645dbackzo9r82.dll
c:\windows\system32\648dzteal5029.bin
c:\windows\system32\64945parsez930.ocx
c:\windows\system32\64c99pa5sz943.cpl
c:\windows\system32\6558b5czd9or227.ocx
c:\windows\system32\6598zir250.exe
c:\windows\system32\65e9szyware1059.exe
c:\windows\system32\65favi911z7.ocx
c:\windows\system32\665bzt59l855.bin
c:\windows\system32\6799v5rus4z8.cpl
c:\windows\system32\685159t-a-virusz8b.ocx
c:\windows\system32\686aadzw95e1482.dll
c:\windows\system32\68b6ba9kdoo5263z.dll
c:\windows\system32\6957spz9se1705.cpl
c:\windows\system32\6d22addwa5ez974.ocx
c:\windows\system32\6f169pywzre26345.bin
c:\windows\system32\6f46bazkdo5r9425.dll
c:\windows\system32\6f57tzrea921484.exe
c:\windows\system32\6fefszar5e1169.bin
c:\windows\system32\6z59downloader9091.dll
c:\windows\system32\6z98thief12165.cpl
c:\windows\system32\6z99worm2c45.dll
c:\windows\system32\701fthief1z935.bin
c:\windows\system32\702zste95465.ocx
c:\windows\system32\703zthie51956.cpl
c:\windows\system32\705baddware393z.dll
c:\windows\system32\7080spazbo9259.exe
c:\windows\system32\718ezpywar52999.cpl
c:\windows\system32\725zthreat32919.ocx
c:\windows\system32\7290vi5us53z.dll
c:\windows\system32\72fbsparsz9905.cpl
c:\windows\system32\73z75ackt9ol384.ocx
c:\windows\system32\7435bzckd9or750.cpl
c:\windows\system32\752z95dware1761.dll
c:\windows\system32\755szea93175.ocx
c:\windows\system32\7594threat10z565.cpl
c:\windows\system32\75f6spywarz18159.ocx
c:\windows\system32\769v952z66.exe
c:\windows\system32\76z35ir295.bin
c:\windows\system32\7782addwaz5299.cpl
c:\windows\system32\78bcbac9door1509z.exe
c:\windows\system32\78dt5iez28809.bin
c:\windows\system32\7912a5dware29z9.cpl
c:\windows\system32\79199hiez8885.dll
c:\windows\system32\7954zir885.exe
c:\windows\system32\7955thief50z2.ocx
c:\windows\system32\795cz9ief2335.ocx
c:\windows\system32\7afzthie9599.dll
c:\windows\system32\7b57downlza95r256.bin
c:\windows\system32\7zb6downloade95715.bin
c:\windows\system32\7ze1st9al564.exe
c:\windows\system32\8057spamb9t5az.dll
c:\windows\system32\849zt9oj5c5.cpl
c:\windows\system32\85z49orm3b5.ocx
c:\windows\system32\87729ot-a-v5rusz5e.ocx
c:\windows\system32\888z5i9usbb.exe

dougiefresh504
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-06-02
OS : XP
Points : 27427
# Likes : 0

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by dougiefresh504 on Wed Jun 03, 2009 10:44 pm

c:\windows\system32\897z95oj6f0.cpl
c:\windows\system32\90z045roj1c6.dll
c:\windows\system32\91295spz768.ocx
c:\windows\system32\9134hackto9l55z.exe
c:\windows\system32\91583noz-a-5irus6a5.cpl
c:\windows\system32\91f5vir284z.bin
c:\windows\system32\9291hacktool1dz5.cpl
c:\windows\system32\92f2spyware5682z.ocx
c:\windows\system32\93a2spazse552.exe
c:\windows\system32\9447hazk9ool524.cpl
c:\windows\system32\9506zspy14f.ocx
c:\windows\system32\9542worz540.cpl
c:\windows\system32\954zviru95695.cpl
c:\windows\system32\9560z5t-9-virus57d.dll
c:\windows\system32\9583zirus397.exe
c:\windows\system32\95f9thizf47.cpl
c:\windows\system32\96d59arse1797z.dll
c:\windows\system32\970cthzea526744.cpl
c:\windows\system32\9790steal5195z.ocx
c:\windows\system32\98073spy52az.dll
c:\windows\system32\9851sparsez328.ocx
c:\windows\system32\9b39zddw5re1258.cpl
c:\windows\system32\9d65downlzader5610.cpl
c:\windows\system32\9d9za5dware389.exe
c:\windows\system32\9db7downloader17z95.cpl
c:\windows\system32\9e25azdware9595.cpl
c:\windows\system32\9e7dvzr2954.bin
c:\windows\system32\9fc5vir2z85.cpl
c:\windows\system32\9z02vir5s351.dll
c:\windows\system32\b98ba5zdoor1346.cpl
c:\windows\system32\c495pywaze2200.dll
c:\windows\system32\da6vir51z9.dll
c:\windows\system32\eabspazs912135.ocx
c:\windows\system32\f975ownloazer33.cpl
c:\windows\system32\z142s5ambot119.ocx
c:\windows\system32\z1952troj206.dll
c:\windows\system32\z245thi9f954.ocx
c:\windows\system32\z2539hackto9l3a05.ocx
c:\windows\system32\z503t95jee.exe
c:\windows\system32\z545vi9us5f0.ocx
c:\windows\system32\z583295rusb9.cpl
c:\windows\system32\z5fbsp9rse595.ocx
c:\windows\system32\z640add5are19719.dll
c:\windows\system32\z6533vi59s334.ocx
c:\windows\system32\z681not-a9vir5s225.cpl
c:\windows\system32\z98vi52094.exe
c:\windows\system32\z999steal2750.dll
c:\windows\system32\z9bavi59059.ocx
c:\windows\system32\z9downl5ader2106.bin
c:\windows\system32\zbdfback9oo5584.ocx
c:\windows\z0085hacktool1c9.exe
c:\windows\z0a85o9nloader1725.bin
c:\windows\z0a9thi592275.bin
c:\windows\z1913vir5s396.dll
c:\windows\z2695spambot334.bin
c:\windows\z3655troj394.bin
c:\windows\z3715spam5ot19c9.bin
c:\windows\z4866hackt95l5c7.ocx
c:\windows\z5d8download5r28259.exe
c:\windows\z7455tro9578.ocx
c:\windows\z7eavir26539.cpl
c:\windows\z8402not-a-9irus53.bin
c:\windows\z86b5pyware9361.cpl
c:\windows\z8a9backdoor9754.exe
c:\windows\z949downloader7985.ocx
c:\windows\z9508vir5s6d5.bin
c:\windows\z950addware1699.dll
c:\windows\z959s5y29e.bin
c:\windows\z9asteal9350.ocx
c:\windows\zec0s9eal357.cpl
c:\windows\zefb9ddware1295.ocx

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-10-13 00:19 . 2009-10-13 00:19 11961 ----a-w- c:\windows\system32\2wo9mz125.dll
2009-06-02 22:53 . 2009-06-02 22:53 -------- d-----w- c:\program files\RogueRemover FREE
2009-06-02 22:06 . 2009-06-03 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-02 22:06 . 2009-06-02 22:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-02 07:00 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-02 07:00 . 2009-04-03 16:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-02 07:00 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-02 07:00 . 2009-06-03 22:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-02 07:00 . 2009-06-02 07:00 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-02 07:00 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-02 07:00 . 2009-06-03 21:53 -------- d-----w- c:\program files\Spyware Doctor
2009-06-02 07:00 . 2009-06-02 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-02 07:00 . 2009-06-02 07:00 -------- d-----w- c:\docume~1\ASKARI~1\APPLIC~1\PC Tools
2009-06-02 02:35 . 2009-06-02 02:35 -------- d-----w- c:\program files\CCleaner
2009-06-02 02:15 . 2009-06-02 02:15 -------- d-----w- c:\program files\Trend Micro
2009-06-02 01:09 . 2009-06-02 01:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-02 00:41 . 2009-06-02 00:41 1164288 ----a-w- c:\windows\system32\tempo-setup2.exe
2009-05-28 23:24 . 2009-05-28 23:24 83088 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-28 17:34 . 2009-05-28 17:34 -------- d-----w- c:\program files\MSECache
2009-05-05 08:00 . 2009-05-05 08:00 -------- d-----w- c:\program files\MSXML 6.0
2009-05-04 23:34 . 2009-05-04 23:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-05-04 23:32 . 2009-05-07 08:35 256 ----a-w- c:\windows\system32\pool.bin
2009-05-04 23:22 . 2009-05-04 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-05-04 23:15 . 2009-05-04 23:15 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-05-04 23:14 . 2009-05-04 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-05-04 23:14 . 2009-05-04 23:16 -------- d-----w- c:\program files\Roxio
2009-05-04 23:14 . 2009-05-04 23:17 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-05-04 23:07 . 2007-01-18 15:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-05-04 23:05 . 2009-05-04 23:06 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-05-04 23:05 . 2009-05-04 23:05 -------- d-----w- c:\program files\Research In Motion
2009-05-04 22:59 . 2009-05-04 22:59 -------- d-sh--w- c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 21:34 . 2008-09-13 12:47 -------- d-----w- c:\docume~1\ASKARI~1\APPLIC~1\LimeWire
2009-06-02 07:05 . 2006-06-09 19:02 -------- d-----w- c:\docume~1\ASKARI~1\APPLIC~1\Yahoo!
2009-06-02 02:46 . 2008-09-13 21:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 00:42 . 2007-04-23 06:29 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-01 22:06 . 2006-07-18 02:17 -------- d-----w- c:\program files\Lx_cats
2009-05-29 20:54 . 2006-06-07 04:31 83088 ----a-w- c:\documents and settings\askari aamir\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-26 18:20 . 2008-09-13 21:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 18:19 . 2008-09-13 21:20 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-18 08:40 . 2006-06-01 20:57 -------- d-----w- c:\program files\Yahoo!
2009-05-15 03:52 . 2007-08-17 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\eFax Messenger 4.3 Output
2009-05-04 23:15 . 2008-12-27 10:03 -------- d-----w- c:\program files\LimeWire
2009-05-02 21:48 . 2009-04-27 06:07 3688 ----a-w- c:\windows\system32\d3d9caps.dat
2009-04-27 06:24 . 2009-03-17 02:21 -------- d-----w- c:\program files\Vuze
2009-04-23 03:44 . 2009-04-23 03:44 -------- d-----w- c:\program files\Microsoft
2009-04-23 03:42 . 2009-04-23 03:42 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-23 03:42 . 2006-06-06 21:49 -------- d-----w- c:\program files\Java
2009-03-06 14:44 . 2003-03-31 19:00 283648 ----a-w- c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL

dougiefresh504
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-06-02
OS : XP
Points : 27427
# Likes : 0

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by dougiefresh504 on Wed Jun 03, 2009 10:45 pm

ok dat should be everything in the log.. it seems to be running normal Hooray!

what else should i do?

dougiefresh504
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-06-02
OS : XP
Points : 27427
# Likes : 0

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by dougiefresh504 on Wed Jun 03, 2009 11:05 pm

should i run combo fix on the other admin user i have?

dougiefresh504
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-06-02
OS : XP
Points : 27427
# Likes : 0

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by Belahzur on Thu Jun 04, 2009 12:44 am

Is the other user infected also?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by dougiefresh504 on Thu Jun 04, 2009 3:03 am

no it looks fine. Thank You!

dougiefresh504
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-06-02
OS : XP
Points : 27427
# Likes : 0

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by Origin on Thu Jun 04, 2009 3:48 am

Now open a new notepad file.
Input this into the notepad file:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Win blue soft has taken over my xp laptop can anyone help me?!

Post by dougiefresh504 on Fri Jun 05, 2009 9:12 am

ok i did it and its running even faster now! but i accidently closed the log i will post it tomo. thanks alot Hooray!

dougiefresh504
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-06-02
OS : XP
Points : 27427
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum