Win Blue Soft got my computer too! D: please help

View previous topic View next topic Go down

Win Blue Soft got my computer too! D: please help

Post by panda_bear2 on 8th June 2009, 1:12 am

No matter what I do I can't get Win Blue Soft off my computer, so I need some help, please and thank youz Smile! . I ran hijackthis and this is the logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:30 PM, on 6/7/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Zune\ZuneLauncher.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\setup2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - [You must be registered and logged in to see this link.]
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - [You must be registered and logged in to see this link.]
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11772 bytes

panda_bear2
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-08
OS OS : Vista
Points Points : 27417
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win Blue Soft got my computer too! D: please help

Post by Belahzur on 8th June 2009, 5:02 pm

Hello.
Before doing any removal, I want to get an uninstall list.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

the uninstall list

Post by panda_bear2 on 9th June 2009, 12:22 am

this is the uninstall list!

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Color Common Settings
Adobe Color Common Settings
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Shockwave Player
AIM 6
AppCore
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AviSynth 2.5
BitComet 0.59
ccCommon
Compatibility Pack for the 2007 Office system
Component Framework
CyberLink DVD Suite Deluxe
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Enhanced Multimedia Keyboard Solution
Episode Downloader
Google Updater
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 10.0
HP Easy Setup - Frontend
HP Imaging Device Functions 10.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.5
HP Picasso Media Center Add-In
HP Smart Web Printing
HP Solution Center 10.0
HP Total Care Advisor
HP Update
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LabelPrint
LightScribe System Software 1.10.16.1
LightScribe Template Labeler
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft VC9 runtime libraries
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
MP3 Player Utilities 3.81
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
OpenOffice.org Installer 1.0
Paint.NET v3.36
PaintTool SAI Ver.1
PC Connectivity Solution
Pen Tablet
Power2Go
PowerDirector
Prism Video Converter
Python 2.5
QuickTime
Rainlendar2 (remove only)
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Shop for HP Supplies
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
Sony Media Manager 2.2
Sony Vegas 7.0
SPBBC 32bit
Spelling Dictionaries Support For Adobe Reader 8
SQL Server System CLR Types
TipCam 2.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VeohTV BETA
Viewpoint Media Player
WeatherBug Gadget
Winamp
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Live installer
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
WinRAR archiver
Zune
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

panda_bear2
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-08
OS OS : Vista
Points Points : 27417
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win Blue Soft got my computer too! D: please help

Post by Belahzur on 9th June 2009, 5:39 pm

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following

    Adobe Flash Player 10 Plugin
    Ask Toolbar
    Java(TM) 6 Update 11
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Now post a NEW Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

:)

Post by panda_bear2 on 10th June 2009, 12:32 am

okay, here's the logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:30 PM, on 6/7/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Zune\ZuneLauncher.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\setup2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - [You must be registered and logged in to see this link.]
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - [You must be registered and logged in to see this link.]
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11772 bytes

panda_bear2
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-08
OS OS : Vista
Points Points : 27417
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win Blue Soft got my computer too! D: please help

Post by Belahzur on 10th June 2009, 1:04 am

Hello.
Are you sure you removed the Ask Toolbar, and Viewpoit? because they are still present in that log. Either that, or you posted an older log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win Blue Soft got my computer too! D: please help

Post by panda_bear2 on 10th June 2009, 2:21 am

I rebooted the computer and ran hijackthis again:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:38 PM, on 09/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; Tablet PC 2.0; Zune 3.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.miniclip.com/games/age-of-speed-2/en/"
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.81\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.81\MediaManager\grab.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - [You must be registered and logged in to see this link.]
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - [You must be registered and logged in to see this link.]
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11915 bytes

panda_bear2
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-08
OS OS : Vista
Points Points : 27417
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win Blue Soft got my computer too! D: please help

Post by Belahzur on 10th June 2009, 2:02 pm

That worked, they are gone this time.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
    O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll (file missing)
    O4 - HKLM\..\Policies\Explorer\Run: [] 
    O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win Blue Soft got my computer too! D: please help

Post by panda_bear2 on 10th June 2009, 11:50 pm

: ( I did checked the boxes and did as you said, but when I ran malwarebytes, it didn't find anything infected so there were no results or anything. Here's the log, though:

Malwarebytes' Anti-Malware 1.37
Database version: 2226
Windows 6.0.6001 Service Pack 1

10/06/2009 7:32:59 AM
mbam-log-2009-06-10 (07-32-59).txt

Scan type: Quick Scan
Objects scanned: 91573
Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

panda_bear2
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-08
OS OS : Vista
Points Points : 27417
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win Blue Soft got my computer too! D: please help

Post by Belahzur on 11th June 2009, 12:25 am

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

whoopsies

Post by panda_bear2 on 11th June 2009, 1:05 am

Yikes oops, looks like I was on my account when I did that. My account isn't affected by Win Blue Soft, it's only the other one. I'll be right back with the log from the infected account!

panda_bear2
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-08
OS OS : Vista
Points Points : 27417
# Likes # Likes : 0

View user profile

Back to top Go down

well that didn't work...

Post by panda_bear2 on 11th June 2009, 2:32 am

I ran malwarebytes on the infected account but it didn't make any difference. -.-

Malwarebytes' Anti-Malware 1.37
Database version: 2226
Windows 6.0.6001 Service Pack 1

6/10/2009 7:29:17 PM
mbam-log-2009-06-10 (19-29-17).txt

Scan type: Quick Scan
Objects scanned: 91114
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

panda_bear2
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-08
OS OS : Vista
Points Points : 27417
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win Blue Soft got my computer too! D: please help

Post by panda_bear2 on 11th June 2009, 2:33 am

win soft blue is still there....

panda_bear2
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-08
OS OS : Vista
Points Points : 27417
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win Blue Soft got my computer too! D: please help

Post by Belahzur on 11th June 2009, 3:54 pm

Hello.

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Symantec)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

combofix log part one

Post by panda_bear2 on 13th June 2009, 9:26 pm

erm, the first log accidently got deleted but I ran combofix again so here's the second one:
oh and it doesn't look like the virus is there anymore!! no more annoying "you've got a viruss!!" popups! : ) I've got a question though, our Norton is going to expire in 2 days and I don't have anything else installed the computer to protect it. do you have any recommendations for some good antivirus programs..?

ComboFix 09-06-11.06 - Nadine 06/13/2009 14:08.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2942.1895 [GMT -7:00]
Running from: c:\users\Nadine\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 21:09 . 2009-06-13 21:09 -------- d-----w- c:\users\sarah\AppData\Local\temp
2009-06-13 21:00 . 2009-06-13 21:10 -------- d-----w- c:\users\Nadine\AppData\Local\temp
2009-06-11 02:53 . 2009-06-11 02:53 -------- d-----w- c:\users\Nadine\AppData\Roaming\SYSTEMAX Software Development
2009-06-10 03:38 . 2008-10-06 17:53 15656 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2009-06-08 00:58 . 2009-06-08 00:58 -------- d-----w- c:\program files\Trend Micro
2009-06-07 22:04 . 2009-04-15 20:16 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\NAVENG.SYS
2009-06-07 22:04 . 2009-04-15 20:16 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\NAVEX15.SYS
2009-06-07 22:04 . 2009-04-15 20:16 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\EECTRL.SYS
2009-06-07 22:04 . 2009-04-15 20:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\ECMSVR32.DLL
2009-06-07 22:04 . 2009-04-15 20:16 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\CCERASER.DLL
2009-06-07 22:04 . 2009-04-15 20:16 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\NAVENG32.DLL
2009-06-07 22:04 . 2009-04-15 20:16 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\NAVEX32A.DLL
2009-06-07 22:04 . 2009-04-15 20:16 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\ERASER.SYS
2009-06-05 04:40 . 2009-04-15 20:16 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVEX15.SYS
2009-06-05 04:40 . 2009-04-15 20:16 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVEX32A.DLL
2009-06-05 04:40 . 2009-04-15 20:16 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVENG.SYS
2009-06-05 04:40 . 2009-04-15 20:16 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\EECTRL.SYS
2009-06-05 04:40 . 2009-04-15 20:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\ECMSVR32.DLL
2009-06-05 04:40 . 2009-04-15 20:16 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\CCERASER.DLL
2009-06-05 04:40 . 2009-04-15 20:16 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVENG32.DLL
2009-06-05 04:40 . 2009-04-15 20:16 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\ERASER.SYS
2009-06-04 03:20 . 2009-06-08 01:44 -------- d-----w- c:\users\Nadine\AppData\Local\Microsoft Games
2009-06-04 03:16 . 2009-06-04 03:16 -------- d-----w- c:\users\Nadine\AppData\Roaming\Malwarebytes
2009-06-04 02:26 . 2009-06-04 02:26 -------- d-----w- c:\users\sarah\AppData\Roaming\Malwarebytes
2009-06-04 02:26 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 02:26 . 2009-06-04 02:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 02:26 . 2009-06-04 02:26 -------- d-----w- c:\programdata\Malwarebytes
2009-06-04 02:26 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-30 04:28 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\Scxpx86.dll
2009-05-30 04:28 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSvix86.sys
2009-05-30 04:28 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSCo.sys
2009-05-30 04:28 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSxpx86.dll
2009-05-30 04:28 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSI.dll
2009-05-30 04:28 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSviA64.sys
2009-05-30 04:28 . 2007-08-07 15:25 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDS9xx86.dll
2009-05-25 00:27 . 2009-06-13 21:05 -------- d-----w- c:\users\sarah\.rainlendar2
2009-05-25 00:27 . 2009-05-25 00:27 -------- d-----w- c:\program files\Rainlendar2
2009-05-24 23:59 . 2009-05-25 02:08 -------- d-----w- c:\users\sarah\AppData\Roaming\Winamp
2009-05-24 23:59 . 2009-05-25 00:01 -------- d-----w- c:\program files\Winamp
2009-05-24 22:12 . 2009-05-24 22:13 -------- d-----w- c:\users\sarah\AppData\Roaming\muvee Technologies
2009-05-22 04:43 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090519.005\Scxpx86.dll
2009-05-22 04:43 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090519.005\IDSvix86.sys
2009-05-22 04:43 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090519.005\SymIDSCo.sys
2009-05-22 04:43 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090519.005\IDSxpx86.dll
2009-05-22 04:43 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090519.005\SymIDSI.dll
2009-05-22 04:43 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090519.005\IDSviA64.sys
2009-05-22 04:43 . 2007-08-07 15:25 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090519.005\IDS9xx86.dll
2009-05-18 23:12 . 2009-05-18 23:12 239865 ----a-w- c:\users\sarah\gunslingngeisha-sakuraimgpack.zip
2009-05-18 21:50 . 2009-05-18 21:50 -------- d-----w- c:\users\sarah\AppData\Roaming\SYSTEMAX Software Development
2009-05-18 21:50 . 2009-05-18 21:50 -------- d-----w- c:\programdata\SYSTEMAX Software Development

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 21:06 . 2008-06-18 15:29 -------- d-----w- c:\users\Nadine\AppData\Roaming\WTablet
2009-06-13 21:05 . 2008-06-18 00:37 -------- d-----w- c:\users\sarah\AppData\Roaming\WTablet
2009-06-13 17:04 . 2008-09-12 02:00 -------- d-----w- c:\programdata\Google Updater
2009-06-13 02:37 . 2008-04-08 01:56 316 ----a-w- c:\users\sarah\AppData\Roaming\wklnhst.dat
2009-06-10 03:43 . 2008-06-18 00:33 -------- d-----w- c:\program files\Tablet
2009-06-10 00:26 . 2009-05-09 00:15 -------- d-----w- c:\programdata\Viewpoint
2009-06-10 00:26 . 2007-12-06 18:33 -------- d-----w- c:\program files\Java
2009-06-04 14:28 . 2008-06-17 21:22 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-04 14:27 . 2008-10-02 02:34 -------- d-----w- c:\programdata\HP Product Assistant
2009-06-04 14:27 . 2007-12-06 18:34 -------- d-----w- c:\program files\Microsoft Works
2009-06-04 14:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-04 05:31 . 2008-08-22 04:32 -------- d-----w- c:\programdata\Microsoft Help
2009-06-04 00:01 . 2008-04-20 19:46 71872 ----a-w- c:\users\Nadine\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-25 03:29 . 2007-12-06 18:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 03:29 . 2008-06-14 02:30 -------- d-----w- c:\program files\Conduit
2009-05-24 22:41 . 2008-04-06 01:57 71872 ----a-w- c:\users\sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-24 22:15 . 2009-04-19 04:36 -------- d-----w- c:\program files\ConsoleClassix.com
2009-05-24 22:08 . 2008-06-17 20:58 -------- d-----w- c:\program files\Veoh Networks
2009-05-24 22:07 . 2009-04-19 17:15 -------- d-----w- c:\program files\StepMania
2009-05-24 22:05 . 2008-04-06 18:33 -------- d-----w- c:\program files\LimeWire
2009-05-09 20:19 . 2008-04-06 18:34 -------- d-----w- c:\users\sarah\AppData\Roaming\LimeWire
2009-05-09 00:17 . 2009-05-09 00:15 -------- d-----w- c:\programdata\AOL OCP
2009-05-09 00:16 . 2009-05-09 00:16 -------- d-----w- c:\users\sarah\AppData\Roaming\acccore
2009-05-09 00:16 . 2009-05-09 00:14 -------- d-----w- c:\program files\AIM6
2009-05-09 00:15 . 2009-05-09 00:15 -------- d-----w- c:\programdata\acccore
2009-05-09 00:15 . 2009-05-09 00:15 -------- d-----w- c:\programdata\AOL
2009-05-09 00:14 . 2009-05-09 00:14 -------- d-----w- c:\program files\Common Files\AOL
2009-04-25 03:06 . 2007-12-06 18:43 -------- d-----w- c:\programdata\Symantec
2009-04-15 20:16 . 2009-05-06 18:33 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG.SYS
2009-04-15 20:16 . 2009-05-06 18:33 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX15.SYS
2009-04-15 20:16 . 2009-05-06 18:33 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\EECTRL.SYS
2009-04-15 20:16 . 2009-05-06 18:33 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ECMSVR32.DLL
2009-04-15 20:16 . 2009-05-06 18:33 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\CCERASER.DLL
2009-04-15 20:16 . 2009-05-06 18:33 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG32.DLL
2009-04-15 20:16 . 2009-05-06 18:33 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX32A.DLL
2009-04-15 20:16 . 2009-05-06 18:33 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.SYS
2009-04-11 23:06 . 2009-04-11 23:06 483 ----a-w- c:\windows\eReg.dat
2009-04-11 15:47 . 2009-03-06 03:47 227 ----a-w- c:\windows\PowerReg.dat
2009-04-07 03:02 . 2009-04-07 03:02 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-06 02:23 . 2008-12-07 21:04 340953 ----a-w- c:\users\sarah\wmv-1-2676.zip
2009-03-19 23:32 . 2009-04-07 03:06 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 23:32 . 2009-03-19 23:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-06-04 04:40 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-06-04 04:40 24064 ----a-w- c:\windows\system32\amxread.dll
1999-07-07 00:00 . 1999-07-07 00:00 6 --sh--r- c:\windows\@@desktop.dat
2007-12-06 17:46 . 2007-12-06 17:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

panda_bear2
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-08
OS OS : Vista
Points Points : 27417
# Likes # Likes : 0

View user profile

Back to top Go down

combofix log part two

Post by panda_bear2 on 13th June 2009, 9:27 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-04 1783136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-12 39408]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2008-06-10 54672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-07 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-07 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-25 4702208]

c:\users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{56003BC7-3DDA-47BB-B4E8-BDB7963A64D2}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{122AE162-43DB-4075-B2AD-894D3821DBFC}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{14C0E179-EA93-4B3D-A4DB-E844DADCC7DF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{791F28B9-F3AC-44EE-9FDE-99ADC02706C3}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4257C6E7-9FD7-43F1-9217-65802D6D8D64}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{AB4E53F4-AC2A-42ED-8D9E-03A388668925}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0C5FB2D3-D9A2-48BF-868F-D69CAB56D03B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A8D86C0E-5E12-489E-9B9E-E5B5E595053A}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C9CCB2B8-7648-4AB2-8789-84ACC0A9928B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0EC50BD2-15B9-4D96-899F-992FD3497E8C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{80BDB808-255C-44BD-B811-5F6C72C40EDC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4CAD35FB-BD64-4A6B-9E18-E22A87FFE0E7}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{370C2A54-6338-4F51-B609-0D936ACAB107}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{243A282A-6BFB-4BCE-8919-4D1AB15ECF8A}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{42AB4590-E7EA-408E-8363-DC812B18587F}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{10A35FB6-71B5-4264-98F6-62F5FCA35FB1}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{CF6F2F68-3E0C-4C06-9DD4-B07C4784DA30}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{775775BB-E3C2-482D-8E86-D511BE18BE83}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{67F55EDC-8A44-403B-97DC-204BAC99664E}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{3AAF511B-B8B9-4180-B051-376DA20ECE1C}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{FC47DD7A-57BA-4F43-9773-8800A6BDDE2E}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{84A118A6-0337-481A-BA1D-2D0DD020867A}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{EA5DE8E4-78B5-4015-8911-F9FCC40E8F7B}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{4F689862-5462-4214-86B6-5B8937A8EF8B}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{19B40683-3E25-49CB-A8AF-FB260DCD129D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{C69111F1-2553-4FCE-8892-020ECA71DA16}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{B599BE38-6D5C-481B-BE80-9B63C66F5743}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{53F04B4F-1C7B-44E1-9342-83028B157B50}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{D4280AC8-DACC-460D-ABCF-19C9DEDEF522}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{9472FB11-A968-4B65-B32C-A6ED41CF8C2D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{6F7DAF62-CE7D-460D-91FC-64808E205E5E}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{1C1010DA-7448-40FC-9EC1-6CB4FA9624BC}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{40F8B060-1AE4-4374-922D-4992866B358D}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{A21903C4-9BF9-442B-A421-FF405DCB1FF8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{26ED806F-26F4-4B2A-8C6D-7BE9101E0DB7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{E51D7623-94AA-40D7-BD33-EDDD7D00262D}"= Disabled:UDP:c:\users\Nadine\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{4C334C8C-1A6A-4863-8DB0-2E7EBF67BA9C}"= Disabled:TCP:c:\users\Nadine\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{0C9D982F-5F46-4109-BB54-E05BB9F50CF4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1F94F44D-C83B-46D5-98E2-1499684FC9C1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{D2631415-6757-493D-9532-EC0F80864A7B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D838310E-E13A-44EF-9108-F924A2743760}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{19885278-23AF-4321-9048-D13AA7D6A2DA}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{26969480-85E8-48B1-954D-37A30C39C58E}"= TCP:c:\program files\AIM6\aim6.exe:AIM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090528.001\IDSvix86.sys [5/29/2009 9:28 PM 272432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [11/17/2008 6:27 PM 149352]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [6/17/2008 5:34 PM 2749736]
R3 dfmirage;dfmirage;c:\windows\System32\drivers\dfmirage.sys [3/26/2008 12:31 PM 34128]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/6/2009 8:01 PM 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 12:31 PM 41008]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [6/9/2009 8:38 PM 15656]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [5/28/2007 11:55 PM 23888]
S3 XDva143;XDva143;c:\windows\System32\XDva143.sys [7/26/2008 10:49 PM 39808]

panda_bear2
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-08
OS OS : Vista
Points Points : 27417
# Likes # Likes : 0

View user profile

Back to top Go down

combofix log part three!

Post by panda_bear2 on 13th June 2009, 9:28 pm

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-12 00:01]

2009-05-19 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - sarah.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 11:19]

2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{47FF7EE2-3727-421C-8C35-F0DEBED05E88}.job
- c:\windows\system32\msfeedssync.exe [2008-07-28 07:33]

2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{CCD2C4F0-7327-43D0-B964-7D30389D04EF}.job
- c:\windows\system32\msfeedssync.exe [2008-07-28 07:33]

2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{EEFD4860-6165-43EC-94CC-6C4C34FFBFD4}.job
- c:\windows\system32\msfeedssync.exe [2008-07-28 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-13 14:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5028)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2009-06-13 14:11
ComboFix-quarantined-files.txt 2009-06-13 21:10

Pre-Run: 364,437,622,784 bytes free
Post-Run: 365,115,961,344 bytes free

268 --- E O F --- 2009-06-08 18:52

panda_bear2
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-06-08
OS OS : Vista
Points Points : 27417
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win Blue Soft got my computer too! D: please help

Post by Belahzur on 13th June 2009, 9:30 pm

Hello.
Still having winblue problems?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Win Blue Soft got my computer too! D: please help

Post by Origin on 13th June 2009, 9:32 pm

Everything looks good. I would recommend using Avira free:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum