Remove WinBlueSoft

View previous topic View next topic Go down

Remove WinBlueSoft

Post by lakers34kb on Fri Jun 12, 2009 10:03 pm

I need this off my computer, and nothing has worked. I'm not able to install Anti-Malware software, because when I click on the download link. It comes up as like its not a site even, something with an error.

Here are my hijackthis logs


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:47 PM, on 6/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Owner\Downloads\Hijack(GP)This.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{4143ED64-F2B3-4CCF-AE10-9232F0329D28}: NameServer = 85.255.112.25,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF915CC9-97A0-4700-BA18-0AB31D1F14E2}: NameServer = 85.255.112.25,85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.25,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.25,85.255.112.165
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8482 bytes


thank you for your help. Thank You!

lakers34kb
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-12
OS : Vista

View user profile

Back to top Go down

Re: Remove WinBlueSoft

Post by Belahzur on Fri Jun 12, 2009 10:12 pm

Hello.

Please disable Ad-Watch, as it may hinder the removal of some HijackThis entries. You can re-enable it after your computer is clean. Please see here for instructions on how to disable it:

1. Right-click on the Ad-Watch icon in the system tray (located down by the system clock for most configurations)
2. Choose *Settings* from the dropdown menu
3. Under the *General Settings* tab turn OFF (red x) the option to "Load Ad-Watch at Startup" (if enabled)

4. Click on the *Status* button in the left hand menu
5. Turn OFF (red x) the option for *Regshield*
6. Close that window, then right-click on the Ad-Watch icon shield again down in the system tray next to the clock.
7. Choose *Turn off Ad-Watch* from the drop menu

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4143ED64-F2B3-4CCF-AE10-9232F0329D28}: NameServer = 85.255.112.25,85.255.112.165
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BF915CC9-97A0-4700-BA18-0AB31D1F14E2}: NameServer = 85.255.112.25,85.255.112.165
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.25,85.255.112.165
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.25,85.255.112.165


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Remove WinBlueSoft

Post by lakers34kb on Fri Jun 12, 2009 11:59 pm

I got to this step:

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.


It didn't load the page, it came up with this error.

Address Not Found
Firefox can't find the server at [You must be registered and logged in to see this link.]


The browser could not find the host server for the provided address.

lakers34kb
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-12
OS : Vista

View user profile

Back to top Go down

Re: Remove WinBlueSoft

Post by Belahzur on Sat Jun 13, 2009 12:19 am


1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (ESET NOD32)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Remove WinBlueSoft

Post by lakers34kb on Sat Jun 13, 2009 12:49 am

I'm currently on my other computer typing this up.

I ran combo fix, after a few minutes it came up with this box.

ComboFix has detected the presence of rootkit activity and needs to reboot the machine
Kindly note down on paper, the name of each file. We may need it later

C:\\Windows\system32\drivers\MSIVXunysippnxqttjmdpymvvpxivvmuqafhs.sys
C:\Windows\system32\MSIVXtriosptdxyprwwecitoqreybxtqrwxvd.dll
C:\Windows\system32\MSIVXeptkwnklkdasknxmvarcbyqeaqmhxaxx.dll



I pressed ok and its now restarting.

lakers34kb
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-12
OS : Vista

View user profile

Back to top Go down

Re: Remove WinBlueSoft

Post by lakers34kb on Sat Jun 13, 2009 1:18 am

Here is the Combofix.txt


ComboFix 09-06-12.02 - Owner 06/12/2009 19:51.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1997 [GMT -5:00]
Running from: c:\users\Owner\Desktop\Combo-Fix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\1003295z517.dll
c:\windows\10523virzs2569.dll
c:\windows\10829spamz5t29c.exe
c:\windows\10961vizus6945.cpl
c:\windows\11099rzj751.exe
c:\windows\115zdownload9r885.dll
c:\windows\11961worm951z.ocx
c:\windows\11zad5wa9e246.exe
c:\windows\123z3hack59ol18c.exe
c:\windows\12505trzj949.cpl
c:\windows\125dvzr1209.ocx
c:\windows\12923v59uz2cc.exe
c:\windows\12959wor985z.exe
c:\windows\1322zhrea959516.cpl
c:\windows\13857haczto5l5f89.bin
c:\windows\13954not-a-vir5s19az.cpl
c:\windows\13z41viru9855.exe
c:\windows\13z82not-a-virus4995.ocx
c:\windows\1432zs9y570.cpl
c:\windows\1454wo9z1df.exe
c:\windows\14758noz95-virus2de.exe
c:\windows\1539zh9cktool3dc.dll
c:\windows\1544zhacktoo9675.exe
c:\windows\15509worm559z.dll
c:\windows\15889vi9us4z5.exe
c:\windows\159zvir695.exe
c:\windows\15e9backd5or253z.ocx
c:\windows\161zsp9r5e2314.cpl
c:\windows\169e9pywaz52740.dll
c:\windows\1722zwor9538.bin
c:\windows\1759backdo5rz804.bin
c:\windows\178239roz555.dll
c:\windows\17852vizus59d.bin
c:\windows\179z5n9t5a-virus56b.cpl
c:\windows\182dzhief18459.exe
c:\windows\18644worz359.cpl
c:\windows\189ebackdoor5160z.ocx
c:\windows\18z53worm7809.ocx
c:\windows\19395t5zjd9.bin
c:\windows\19485hackt5ol4zb.dll
c:\windows\1957wor9zac5.exe
c:\windows\195fspazse5611.bin
c:\windows\197655roz692.bin
c:\windows\19955hazk5ool5e6.ocx
c:\windows\19z31s9y4625.cpl
c:\windows\19z99hr5at16989.cpl
c:\windows\1a26zhi9f28595.cpl
c:\windows\1a2edownlozder29145.cpl
c:\windows\1a4b5hreat25299z.dll
c:\windows\1b8czh5ef999.cpl
c:\windows\1cbb9ck5oorz33.bin
c:\windows\1cedzpa5se2948.bin
c:\windows\1d97threzt25982.bin
c:\windows\1e1avi9514z.cpl
c:\windows\1e915tezl2941.exe
c:\windows\1fzbbackd5or2994.dll
c:\windows\1z056viru923b.bin
c:\windows\1z106spy2459.cpl
c:\windows\1z20sp5ware1569.exe
c:\windows\1z9485orm3799.ocx
c:\windows\1z995not5a-virus16a.exe
c:\windows\20992zo5-a-virus302.ocx
c:\windows\20bcspazse859.ocx
c:\windows\20z25viru959a.bin
c:\windows\2110bazkd59r2910.bin
c:\windows\21zadd5are9843.ocx
c:\windows\2298zhacktoo53859.ocx
c:\windows\229zbackdo5r3269.exe
c:\windows\23283ha5k9ooz698.dll
c:\windows\23865h5cktzol5529.cpl
c:\windows\23909wo5mzd7.cpl
c:\windows\241219ot-a-5zrus5b5.exe
c:\windows\2434spy9a5e2698z.bin
c:\windows\247z559rmc2.exe
c:\windows\2485spzrse1599.bin
c:\windows\2492not-azv5ru94ec.exe
c:\windows\250bbackdoorz959.dll
c:\windows\2544d9wnlozder392.dll
c:\windows\25487spyzf19.dll
c:\windows\25689viruz493.ocx
c:\windows\25755s95mbotz7b.bin
c:\windows\258z29i5us16c.dll
c:\windows\262975zy589.ocx
c:\windows\26505hacktzol9c.ocx
c:\windows\26518v5rusz93.ocx
c:\windows\26569ackdoo51035z.cpl
c:\windows\26625zckdoo91674.ocx
c:\windows\266z65ir9s557.cpl
c:\windows\26f99pywz5e655.dll
c:\windows\271edownloazer52219.exe
c:\windows\28256z9ru517f.dll
c:\windows\28479hackt95lz30.exe
c:\windows\28bzste592604.dll
c:\windows\2905zir1710.cpl
c:\windows\29553wzrm2c3.exe
c:\windows\29580hacktozl565.dll
c:\windows\295czhief9589.ocx
c:\windows\29613hacktoo5z15.bin
c:\windows\2b9at95ezt15260.bin
c:\windows\2be0t9ief2573z.cpl
c:\windows\2c59vir2z15.ocx
c:\windows\2c64spywaze895.bin
c:\windows\2z585not9a-vir5s19b.ocx
c:\windows\2z905worm39c.exe
c:\windows\2z9355py2d8.ocx
c:\windows\2zf09hi5f2356.dll
c:\windows\3084zworm4795.bin
c:\windows\30f9adzware1035.bin
c:\windows\312079roz5c8.cpl
c:\windows\31319no5-a-vzrus904.exe
c:\windows\319855py57z.ocx
c:\windows\32295wor52z9.cpl
c:\windows\324109acktool4z5.dll
c:\windows\32429sp55e5z.bin
c:\windows\32551ha5ktoo972z.cpl
c:\windows\32bethie5925z.cpl
c:\windows\32dzaddwa9e8585.bin
c:\windows\349bvzr5726.ocx
c:\windows\35395z896.ocx
c:\windows\353estea92827z.exe
c:\windows\3547s9yw5ze2567.bin
c:\windows\35z8v9r335.dll
c:\windows\3895stzal2773.bin
c:\windows\3901s5yware1z15.dll
c:\windows\39094spyz355.ocx
c:\windows\390bz5r909.dll
c:\windows\3991thr5at1z724.bin
c:\windows\3c56zddware5009.exe
c:\windows\3dc5addzare5319.dll
c:\windows\3e5a5hrea913z38.bin
c:\windows\3f2bback5zo9282.cpl
c:\windows\3z485not9a-virus1c5.bin
c:\windows\3z999pyware354.cpl
c:\windows\3zd4th9ef2055.exe
c:\windows\4025tzie91012.exe
c:\windows\43e29hreaz213135.cpl
c:\windows\449bzparse1115.ocx
c:\windows\44afspar5e269z9.bin
c:\windows\45z9parse2596.exe
c:\windows\46s9am5ot4ze.dll
c:\windows\4825threat2989z.ocx
c:\windows\4893s5azse1883.bin
c:\windows\492bb5ckdoorz459.exe
c:\windows\4a2eback9oorz4685.bin
c:\windows\4a3bzparse96875.dll
c:\windows\4b315zy9are2495.exe
c:\windows\4bcbt9ie51z34.dll
c:\windows\4bfdzhief5093.ocx
c:\windows\4c35spywar9z309.cpl
c:\windows\4d17thiefz59.ocx
c:\windows\4fd5s9zware1366.dll
c:\windows\50489zroj5a2.cpl
c:\windows\51592hacktool98fz.cpl
c:\windows\51easpyware10z9.ocx
c:\windows\51f4spywar9121z.cpl
c:\windows\52549wozm18e.dll
c:\windows\52652hacktool6a9z.ocx
c:\windows\5281zhief3969.cpl
c:\windows\5359hreaz31657.cpl
c:\windows\53f29py5arez597.cpl
c:\windows\544baczdoor39175.cpl
c:\windows\545ath5ef9z56.ocx
c:\windows\5482troj4z69.exe
c:\windows\5495zspy7a.bin
c:\windows\549athzef2334.bin
c:\windows\55207hacktzo9522.dll
c:\windows\5591spywzr9695.bin
c:\windows\5594spywaze1096.exe
c:\windows\5595backdooz998.dll
c:\windows\55995hrzat19970.cpl
c:\windows\55a5do9zloader1528.cpl
c:\windows\55c9zhie51712.bin
c:\windows\55cfsp9ware219z.ocx
c:\windows\5698azdw5re548.exe
c:\windows\56abackdooz99215.bin
c:\windows\56ds5azse1499.ocx
c:\windows\56e5spyzar9565.ocx
c:\windows\57345vi9usfz.ocx
c:\windows\57747not-z-viru94ad.exe
c:\windows\57d9steal198z.dll
c:\windows\57zfthie93237.cpl
c:\windows\5829pazse2937.bin
c:\windows\58979ot-a-zi5us151.bin
c:\windows\5927bacz5oor369.bin
c:\windows\5929downloa5er1z26.dll
c:\windows\5939hacktzo95f9.dll
c:\windows\5941th5ef310z.bin
c:\windows\594fdownzoa5er2079.bin
c:\windows\5981ba9kdoor5048z.cpl
c:\windows\5a99backdoor2175z.cpl
c:\windows\5abfaddw9rez8295.dll
c:\windows\5b71zi5593.bin
c:\windows\5ba1azd95re51.ocx
c:\windows\5c589azkdoor1704.ocx
c:\windows\5de5spzrse2904.dll
c:\windows\5e559pzrse411.ocx
c:\windows\5eddzhreat15890.ocx
c:\windows\5f09sp5rsez429.ocx
c:\windows\5f29addwarz5089.bin
c:\windows\5fez9hief754.cpl
c:\windows\5z10b9ckdoor92.dll
c:\windows\5z1as95al702.dll
c:\windows\5zcfvi510699.ocx
c:\windows\5zdthief5749.dll
c:\windows\613c5hr9az31099.bin
c:\windows\617steal59z.ocx
c:\windows\6188h5cztool91a.cpl
c:\windows\61czs59al2258.dll
c:\windows\620ds5arse895z.exe
c:\windows\635csparsz9579.ocx
c:\windows\6429steaz3185.exe
c:\windows\6449spywaz5802.exe
c:\windows\6479spyware1159z.exe
c:\windows\64ddsp95sez201.dll
c:\windows\650zspars91506.ocx
c:\windows\65c9szyware1529.exe
c:\windows\65eszarse1927.ocx
c:\windows\6642t5o972az.ocx
c:\windows\6692thizf28495.exe
c:\windows\6695thiefz597.bin
c:\windows\6755bzckdoor2909.ocx
c:\windows\67c3addwar527z9.exe
c:\windows\67zbad95are1358.ocx
c:\windows\6860ste9z25695.ocx
c:\windows\68z1t59j412.dll
c:\windows\695tz5j119.ocx
c:\windows\69z9st95l866.cpl
c:\windows\6a31tzre9t14553.bin
c:\windows\6ac3addwaze13965.exe
c:\windows\6f38sze95198.cpl
c:\windows\6z1695ief220.dll
c:\windows\7055dow9loader210z.bin
c:\windows\70a1d9wnloader2z05.bin
c:\windows\7141s5azse7879.dll
c:\windows\7229downl5ader2z58.bin
c:\windows\72z9vir985.exe
c:\windows\74a75ackdooz297.ocx
c:\windows\74d9bazkdoor1785.exe
c:\windows\758cste9z2502.bin
c:\windows\759zh5ef654.cpl
c:\windows\7850a9dwzre556.cpl
c:\windows\78795izus73f.ocx
c:\windows\789fd5znloade92410.bin
c:\windows\7974ad5wzr91757.exe
c:\windows\79e5steal5570z.ocx
c:\windows\7ae5steaz23449.exe
c:\windows\7c40zhre5t1499.cpl
c:\windows\7e69thre9t302z5.dll
c:\windows\7f32do9n5zader3087.exe
c:\windows\7f59downloader10z.ocx
c:\windows\7fzestea9506.bin
c:\windows\8230sp5m9ot1zf.bin
c:\windows\82z9spy359.cpl
c:\windows\8569s9az5ot2cb.dll
c:\windows\90040sp5z0.cpl
c:\windows\90284sp5mbotz13.ocx
c:\windows\90d6zte5l2152.ocx
c:\windows\913spam5ot6az.exe
c:\windows\9162spz258.dll
c:\windows\91f3ste5z16.exe
c:\windows\93493spamzot65d5.bin
c:\windows\9379sp5105z.dll
c:\windows\9385zhie53005.cpl
c:\windows\9392zspy175.bin
c:\windows\9398troj5z3.ocx
c:\windows\93d6zparse565.dll
c:\windows\93dzsteal30725.bin
c:\windows\9466t9oj5az.bin
c:\windows\94754ha5ktooz4cd.ocx
c:\windows\9515tzoj1d0.dll
c:\windows\95172spy9fz.bin
c:\windows\951caddware1z81.exe
c:\windows\95359spy1dz.exe
c:\windows\9540w5rm3z4.dll
c:\windows\9548worm6f9z.exe
c:\windows\9553dowzloader2274.bin
c:\windows\95558hacktool55z.exe
c:\windows\9555v9zus656.bin
c:\windows\9556downl5adzr557.cpl
c:\windows\9566s9y5fz.exe
c:\windows\957faddware2543z.ocx
c:\windows\95876zackt5ol655.dll
c:\windows\95a8vzr557.exe
c:\windows\95fadd59rz1866.ocx
c:\windows\96697sp5za9.exe
c:\windows\9799vi5us62z.exe
c:\windows\99903no5-a-virus5z4.cpl
c:\windows\9a3tzr59t12920.exe
c:\windows\9aad5teal1z33.bin
c:\windows\9c27addwar5326z.exe
c:\windows\9dzb5ckdoor3199.exe
c:\windows\9facad5ware608z.cpl
c:\windows\9g2234wesdf3dfgjf23
c:\windows\9z02tr5j46d9.ocx
c:\windows\9z64spa5se1869.dll
c:\windows\af5steal9208z.exe
c:\windows\b04back5o9r370z.dll
c:\windows\c9sp5rse250z.dll
c:\windows\e59downlzader775.exe
c:\windows\ecdsp9waz591.exe
c:\windows\f795pyw9rez859.ocx
c:\windows\system32\1007b5ckz9or734.dll
c:\windows\system32\10169worm53z.bin
c:\windows\system32\10505not-a-viz9s1a7.cpl
c:\windows\system32\10915hacztoo9496.bin
c:\windows\system32\10952viruz55d9.bin
c:\windows\system32\10z835pa9bot4bd.ocx
c:\windows\system32\11099zor57b9.dll
c:\windows\system32\11454wo9m7a0z.bin
c:\windows\system32\1145addwaze906.cpl
c:\windows\system32\114955py95z.dll
c:\windows\system32\11870not-z-vi5us7689.exe
c:\windows\system32\121785ro91zb.bin
c:\windows\system32\12258hzckto9l24d.exe
c:\windows\system32\1259zroj69a5.dll
c:\windows\system32\12951vizu53e5.exe
c:\windows\system32\1385thief5z39.exe
c:\windows\system32\13967wo5m2b9z.cpl
c:\windows\system32\13a09zyware29965.cpl
c:\windows\system32\14065n9t-a-vz5us667.cpl
c:\windows\system32\145689ackzool16.exe
c:\windows\system32\1484ztro5579.ocx
c:\windows\system32\15066not-z-virus956.bin
c:\windows\system32\150back9oorz775.cpl
c:\windows\system32\15592zroj399.bin
c:\windows\system32\155z5wor9336.dll
c:\windows\system32\15613t9o57acz.dll
c:\windows\system32\15778spazbo5699.bin
c:\windows\system32\15820sp5mbotz91.dll
c:\windows\system32\158529izus4e4.bin
c:\windows\system32\15896s9z769.exe
c:\windows\system32\1597viz895.dll
c:\windows\system32\15z41wo5934a.ocx
c:\windows\system32\15z69no5-a-vi9us1b.dll
c:\windows\system32\16516no59azvirus4b5.cpl
c:\windows\system32\168675acktool3z09.dll
c:\windows\system32\1692spyw9r560z.ocx
c:\windows\system32\16f9spa5sz139.exe
c:\windows\system32\16z45hr9at31207.dll
c:\windows\system32\16z52hackt5ol67f9.bin
c:\windows\system32\1752downl9ader25z3.cpl

lakers34kb
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-12
OS : Vista

View user profile

Back to top Go down

Re: Remove WinBlueSoft

Post by lakers34kb on Sat Jun 13, 2009 1:20 am

c:\windows\system32\17544zo5-a-9irus3bf.bin
c:\windows\system32\1769spyware1z59.dll
c:\windows\system32\177fst59l162z.ocx
c:\windows\system32\178209zckto5la2.ocx
c:\windows\system32\1799vzr596.dll
c:\windows\system32\17d9downloadzr9075.ocx
c:\windows\system32\17z95worm6d1.cpl
c:\windows\system32\18929h5cktozl6199.dll
c:\windows\system32\18z595ot-a-virus4c5.bin
c:\windows\system32\1905wor56zb.exe
c:\windows\system32\19093not-a-z5r9s1b2.dll
c:\windows\system32\1919vz51916.cpl
c:\windows\system32\19456wzrm479.ocx
c:\windows\system32\19542n9t-a-viruz544.bin
c:\windows\system32\195685pa9bot5f7z.exe
c:\windows\system32\19651hackto5z1ac.ocx
c:\windows\system32\19711viz5s112.bin
c:\windows\system32\1975stz5l323.bin
c:\windows\system32\19800sz51c3.dll
c:\windows\system32\19823zp5395.exe
c:\windows\system32\19827not-a-vzr5s71b.exe
c:\windows\system32\19942tro5z06.dll
c:\windows\system32\1b7bvzr1956.bin
c:\windows\system32\1d5zs5ar9e1241.cpl
c:\windows\system32\1f9edow59oader12z.dll
c:\windows\system32\1z19not-5-virus1939.exe
c:\windows\system32\1z469virus6535.cpl
c:\windows\system32\1z55th59f2150.exe
c:\windows\system32\1z92steal15175.cpl
c:\windows\system32\1z957vir9s458.cpl
c:\windows\system32\1zbdownlo9der2159.ocx
c:\windows\system32\20559ha9zt5ol505.dll
c:\windows\system32\21751n9t-z-virus23d.exe
c:\windows\system32\2192zi52064.exe
c:\windows\system32\21990hac5zool3489.bin
c:\windows\system32\2205addzare3919.bin
c:\windows\system32\223975irusz99.bin
c:\windows\system32\225zthief899.dll
c:\windows\system32\2291no9-a-viruz259.bin
c:\windows\system32\23310tro955bz.cpl
c:\windows\system32\23cbvir5z9.ocx
c:\windows\system32\24197n59-a-virus1zc.ocx
c:\windows\system32\24295woz56b9.ocx
c:\windows\system32\2429vzr20005.dll
c:\windows\system32\242z9troj1915.ocx
c:\windows\system32\24327ha5k9oolzf2.ocx
c:\windows\system32\24862zir591b9.ocx
c:\windows\system32\25003hac5zool691.bin
c:\windows\system32\25013zr5968.dll
c:\windows\system32\25159t5oj9zf.dll
c:\windows\system32\25183not-a-v9rz52c5.cpl
c:\windows\system32\25254wormz9.ocx
c:\windows\system32\2529zteal23255.cpl
c:\windows\system32\25343n9t-z-virus763.bin
c:\windows\system32\25580tr9z73b.exe
c:\windows\system32\25629n9tza-virus1735.ocx
c:\windows\system32\2567a9dwarez65.bin
c:\windows\system32\25z6threat49489.cpl
c:\windows\system32\25z97w5rm163.bin
c:\windows\system32\26162noz5a-virus19e.cpl
c:\windows\system32\26zbdownloade51956.dll
c:\windows\system32\270aspy5zre18919.dll
c:\windows\system32\2737hacktool5ez9.cpl
c:\windows\system32\27e9s9zal2955.ocx
c:\windows\system32\28599spzmbot4495.exe
c:\windows\system32\285threatz25549.ocx
c:\windows\system32\2870znot5a9virus645.ocx
c:\windows\system32\287et59eat24z9.bin
c:\windows\system32\28955zr5j20.ocx
c:\windows\system32\28z32tr9j359.dll
c:\windows\system32\29014s5y29z.bin
c:\windows\system32\29174nzt-a-virus158.bin
c:\windows\system32\29271not-a-vi95s3z8.exe
c:\windows\system32\29493s5azbot12.bin
c:\windows\system32\299115iruz275.exe
c:\windows\system32\2998th5eaz296.exe
c:\windows\system32\29ezstea5857.cpl
c:\windows\system32\29z3v5r9177.dll
c:\windows\system32\2afeth5zat226379.ocx
c:\windows\system32\2baez5ywa9e2608.dll
c:\windows\system32\2c98thr5zt29869.bin
c:\windows\system32\2c9fsp5ware781z.exe
c:\windows\system32\2e9cdz5nloader326.ocx
c:\windows\system32\2ebf5zr949.ocx
c:\windows\system32\2f4f95ief2198z.exe
c:\windows\system32\2fdca9dware1z54.ocx
c:\windows\system32\2z2159acktool55c.cpl
c:\windows\system32\2z25th9ef939.exe
c:\windows\system32\2zcfth9e52977.ocx
c:\windows\system32\30110viz951c6.bin
c:\windows\system32\3054ztr9j495.exe
c:\windows\system32\30735zot-a-vi9us205.cpl
c:\windows\system32\30z27not-5-viru9d.cpl
c:\windows\system32\31084hzck5ool790.bin
c:\windows\system32\311315pzmbo9614.exe
c:\windows\system32\31150zpa5bot3739.bin
c:\windows\system32\31176h95kzool12d.bin
c:\windows\system32\31559zb3.ocx
c:\windows\system32\31566not-9zvirus32e.dll
c:\windows\system32\32155not-a-vzru51039.exe
c:\windows\system32\3266zs9amb5t6bf.bin
c:\windows\system32\326zthi9f2445.cpl
c:\windows\system32\32bbdo9nloader556z.ocx
c:\windows\system32\3359t9r5at2992z.dll
c:\windows\system32\338faddwa5ez0449.dll
c:\windows\system32\3392zo9m45b.dll
c:\windows\system32\33979py75z.dll
c:\windows\system32\33z4b9ckdoor2255.ocx
c:\windows\system32\349bvir9z15.bin
c:\windows\system32\3509s9zal2097.ocx
c:\windows\system32\3515spzmbot93b.ocx
c:\windows\system32\351z8not-a-vi9us359.dll
c:\windows\system32\3546d5wnl9adez1486.bin
c:\windows\system32\3789tr5jz8c.bin
c:\windows\system32\3899not9a5virusz4d.exe
c:\windows\system32\3946vir597z.cpl
c:\windows\system32\3954hacktool612z.dll
c:\windows\system32\3955spzmbot93.exe
c:\windows\system32\39c5thre9t291z1.ocx
c:\windows\system32\3ac5bac9door139z.bin
c:\windows\system32\3cz09p5rse2088.ocx
c:\windows\system32\3dba9pywa5ez573.ocx
c:\windows\system32\3dc8stzal1599.dll
c:\windows\system32\3dz5ddw9re1997.ocx
c:\windows\system32\3e82sparsz29495.dll
c:\windows\system32\3z04vir1959.exe
c:\windows\system32\3z266wo5m9cc.bin
c:\windows\system32\3z8addwar9850.exe
c:\windows\system32\417e9ddwaz51244.cpl
c:\windows\system32\432zv9r1514.exe
c:\windows\system32\43z2s5eal2298.ocx
c:\windows\system32\4416s9z7f5.bin
c:\windows\system32\4499sp9rsz5050.exe
c:\windows\system32\44z4worm9225.dll
c:\windows\system32\4551thizf1955.exe
c:\windows\system32\459thief295z.exe
c:\windows\system32\45cbthz9at15654.exe
c:\windows\system32\45e95zreat9141.exe
c:\windows\system32\464bdownlo5derz4419.bin
c:\windows\system32\465zdownload9r5052.bin
c:\windows\system32\469bz9y5are2512.exe
c:\windows\system32\47b9adzware5189.bin
c:\windows\system32\47c7szy5a9e847.dll
c:\windows\system32\495ezhre9t22934.exe
c:\windows\system32\498da5zware3063.exe
c:\windows\system32\49f2do5nzoad9r98.dll
c:\windows\system32\4b6atzief26859.exe
c:\windows\system32\4c50spzr9e1549.cpl
c:\windows\system32\4dz5threat75239.exe
c:\windows\system32\4e9dviz6559.cpl
c:\windows\system32\4eezs59rse206.ocx
c:\windows\system32\4fb7thi9f475z.ocx
c:\windows\system32\4z5a9ir5932.ocx
c:\windows\system32\4z99vir30255.exe
c:\windows\system32\4zadsp9ware575.exe
c:\windows\system32\5073zorm39b9.ocx
c:\windows\system32\5119z9py471.dll
c:\windows\system32\51315not-a-vi9zs1a0.bin
c:\windows\system32\51375oz9loader2215.exe
c:\windows\system32\5159hazktoo9258.cpl
c:\windows\system32\51e1d9wnl5aderz47.dll
c:\windows\system32\522b9hreaz50057.exe
c:\windows\system32\523e5zr21609.bin
c:\windows\system32\52829zrus30.ocx
c:\windows\system32\52za5hief2951.cpl
c:\windows\system32\5324a95warz2909.dll
c:\windows\system32\53299pyzf5.bin
c:\windows\system32\53587hack9ool4z3.cpl
c:\windows\system32\536et5z9f244.exe
c:\windows\system32\5389s5yzare993.ocx
c:\windows\system32\53d95tzal9693.bin
c:\windows\system32\5434s9ea52z23.dll
c:\windows\system32\5487viruszf49.dll
c:\windows\system32\549ezir2196.dll
c:\windows\system32\54e8v5r24z9.cpl
c:\windows\system32\55000spy3z9.dll
c:\windows\system32\5519addwarz1945.exe
c:\windows\system32\55bcd5wnlozder1229.exe
c:\windows\system32\55bdvir319z.dll
c:\windows\system32\55z8addware2799.exe
c:\windows\system32\55z9virus9a.dll
c:\windows\system32\564ds9ywarez648.cpl
c:\windows\system32\56533spyz95.exe
c:\windows\system32\56689ot-a-virusz4f.bin
c:\windows\system32\5679sp5warez5779.cpl
c:\windows\system32\57035iz1996.exe
c:\windows\system32\5765thr9zt14710.dll
c:\windows\system32\5796addware3085z.cpl
c:\windows\system32\57fthief100z9.exe
c:\windows\system32\582zspy296.cpl
c:\windows\system32\58d2addwar95459z.exe
c:\windows\system32\58e5downlzader1597.ocx
c:\windows\system32\58fczhie9944.exe
c:\windows\system32\58z1vir9s55b.ocx
c:\windows\system32\5905tzreat11285.bin
c:\windows\system32\5916backdoor2z5.dll
c:\windows\system32\59276tzoj409.bin
c:\windows\system32\592zvir2653.cpl
c:\windows\system32\59505ownlozder2759.dll
c:\windows\system32\5951zir14.bin
c:\windows\system32\59637zpambot902.bin
c:\windows\system32\59995parse193z.exe
c:\windows\system32\59a8spars53219z.exe
c:\windows\system32\59acaddwarz2427.dll
c:\windows\system32\59zevir3157.dll
c:\windows\system32\5a1zthrea596009.dll
c:\windows\system32\5a5badzwa9e1749.bin
c:\windows\system32\5b49spyzare1878.bin
c:\windows\system32\5b93stezl8105.exe
c:\windows\system32\5bbeszyware2925.dll
c:\windows\system32\5bs95alz02.cpl
c:\windows\system32\5c97backdzo52257.dll
c:\windows\system32\5e39st5al1z49.cpl
c:\windows\system32\5e61back5oor829z.dll
c:\windows\system32\5e85o9nloader1396z.bin
c:\windows\system32\5f8zteal2954.dll
c:\windows\system32\5z19addwar91065.bin
c:\windows\system32\5z31t5i9f922.cpl
c:\windows\system32\5z37ba9kdoor5981.bin
c:\windows\system32\5z39backdoor156.exe
c:\windows\system32\5z65t9ief2811.ocx
c:\windows\system32\5z96thie92015.cpl
c:\windows\system32\5za4backdoo9343.exe
c:\windows\system32\5ze9threat3581.exe
c:\windows\system32\618zspy5are2129.exe
c:\windows\system32\6193zp9567.ocx
c:\windows\system32\6195azdware901.cpl
c:\windows\system32\61bzi9525.ocx
c:\windows\system32\6220vzrus5059.ocx
c:\windows\system32\6465zpy5are9599.dll
c:\windows\system32\649zspy7d15.dll
c:\windows\system32\65439parse5681z.exe
c:\windows\system32\6543thzef25519.cpl
c:\windows\system32\6555n9t-a-viruz53b.ocx
c:\windows\system32\655z9ir1080.cpl
c:\windows\system32\660dspa9sez6955.dll
c:\windows\system32\6687t5ief9520z.exe
c:\windows\system32\66a8backdzor24895.cpl
c:\windows\system32\6921az5war92372.exe
c:\windows\system32\69z8d9wn5oader290.exe
c:\windows\system32\6ba2azdware956.cpl
c:\windows\system32\6baba9kdoor305z.ocx
c:\windows\system32\6c259pzware896.bin
c:\windows\system32\6d75spyware9647z.ocx
c:\windows\system32\6dedow5loazer9427.ocx
c:\windows\system32\6e53backd59r32z.ocx
c:\windows\system32\6e88th5eatz3249.cpl
c:\windows\system32\6f04dow9loaderz526.ocx
c:\windows\system32\6z1aspars923105.exe
c:\windows\system32\6za0s9eal9125.cpl
c:\windows\system32\7159ste5l925z.bin
c:\windows\system32\72559pyzare2239.cpl
c:\windows\system32\7450zackdo9r575.exe
c:\windows\system32\74c5thiez2913.exe
c:\windows\system32\7575dd9zre2771.exe
c:\windows\system32\75e9steal3z83.cpl
c:\windows\system32\75ecaddwzre22945.cpl
c:\windows\system32\760zhackt95l138.cpl
c:\windows\system32\7693thrzat20459.dll
c:\windows\system32\77385or96bz.cpl
c:\windows\system32\77509parsz510.cpl
c:\windows\system32\776s5eal32z9.exe
c:\windows\system32\785zthief2197.exe
c:\windows\system32\78f6zackdo9r658.exe
c:\windows\system32\7967spar5z2032.exe
c:\windows\system32\7bz9ad5ware39.cpl
c:\windows\system32\7ea95hzeat23244.exe
c:\windows\system32\7z465roj9c9.ocx
c:\windows\system32\7z91addw5re2331.dll
c:\windows\system32\7zbdspywa5e394.ocx
c:\windows\system32\81785pa9bot72z.dll
c:\windows\system32\8658vir9s5z5.exe
c:\windows\system32\8z85virus49f.ocx
c:\windows\system32\9028b5zkdoor75.dll
c:\windows\system32\90477s5ambotf4z.dll
c:\windows\system32\9154zpy3529.exe
c:\windows\system32\91601zot-a5virusf9.dll
c:\windows\system32\92006w5rmb4z.cpl
c:\windows\system32\92179w5zm58d.cpl
c:\windows\system32\9218virzs555.exe
c:\windows\system32\9309hac5toz95f4.exe
c:\windows\system32\9355baczdoor634.ocx
c:\windows\system32\93853vizus648.exe
c:\windows\system32\941a5pazse1950.cpl
c:\windows\system32\9493vi5usz3a.ocx
c:\windows\system32\95054spy7z0.cpl
c:\windows\system32\9542downloader288z.bin
c:\windows\system32\955wz9m195.exe
c:\windows\system32\9595spy27z5.ocx
c:\windows\system32\95a7vir180z.exe
c:\windows\system32\95cdzwnlo5der795.cpl
c:\windows\system32\963z5rm110.bin
c:\windows\system32\96712wozm6d5.cpl
c:\windows\system32\972c5hiefz158.dll
c:\windows\system32\975dvzr1787.dll
c:\windows\system32\9781zhackt5ol505.bin
c:\windows\system32\98395zy437.cpl
c:\windows\system32\98z0threat3256.exe
c:\windows\system32\99095irus28az.bin
c:\windows\system32\990evi5z196.dll
c:\windows\system32\99229hacktool4z5.dll
c:\windows\system32\9988ha5ktooz69c.cpl
c:\windows\system32\9996tr5j50z.exe
c:\windows\system32\9bf0s5eal102z.bin
c:\windows\system32\9c7dsparsz5838.bin
c:\windows\system32\9f6sz5rse209.exe
c:\windows\system32\9f82th5ef7z7.cpl
c:\windows\system32\9f8espyware1z955.bin
c:\windows\system32\a56steal93z9.cpl
c:\windows\system32\a6stea9z955.exe
c:\windows\system32\ba5thzeat99155.cpl
c:\windows\system32\c19a9dwarz28955.ocx
c:\windows\system32\c9zba59door2999.cpl
c:\windows\system32\d699ir5z9.bin
c:\windows\system32\d7dzpyw9re1542.dll
c:\windows\system32\drivers\MSIVXunysippnxqttjmdpymvvpxivvmuqafhs.sys
c:\windows\system32\f89tzrea525709.cpl
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXeptkwnklkdasknxmvarcbyqeaqmhxaxx.dll
c:\windows\system32\MSIVXtriosptdxyprwwecitoqreybxtqrwxvd.dll
c:\windows\system32\setup2.exe
c:\windows\system32\z0311hac5to9l396.exe
c:\windows\system32\z0542worm7c9.exe
c:\windows\system32\z071tr59e5.exe
c:\windows\system32\z0855wor965e.ocx
c:\windows\system32\z36099py62f5.cpl
c:\windows\system32\z37t5ief1449.cpl
c:\windows\system32\z495t9o5c4.ocx
c:\windows\system32\z5088wo9m4c2.ocx
c:\windows\system32\z5099s9am5ot7c3.dll
c:\windows\system32\z532not-a-v9ru565.dll
c:\windows\system32\z579vir5549.bin
c:\windows\system32\z590thre5t10892.bin
c:\windows\system32\z5b5s9arse1846.bin
c:\windows\system32\z6558not-a-vir9s4fa.bin
c:\windows\system32\z6994w95m504.dll
c:\windows\system32\z6b5sparse9004.cpl
c:\windows\system32\z7753t9oj499.exe
c:\windows\system32\z777h9ckt5ol649.exe
c:\windows\system32\z884spar9e13885.dll
c:\windows\system32\z899spa5se611.dll
c:\windows\system32\z905ir2592.bin
c:\windows\system32\z9462t5o92d6.exe
c:\windows\system32\z9c2downl5ader2086.bin
c:\windows\system32\z9f9bac5door253.cpl
c:\windows\system32\zddethi592776.ocx
c:\windows\system32\ze95threat28441.dll
c:\windows\system32\ze9csteal2518.bin
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\z130not-a9v5rus4da.dll
c:\windows\z14da9dw5re1599.cpl
c:\windows\z49evir22095.ocx
c:\windows\z539th5ef996.ocx
c:\windows\z5585not-a-virus7c9.exe
c:\windows\z568thi9f1635.dll
c:\windows\z569do5nloader811.bin
c:\windows\z656w9rm374.exe
c:\windows\z65929orm1b45.exe
c:\windows\z671spa9se955.ocx
c:\windows\z7320viru5139.ocx
c:\windows\z7775hief179.exe
c:\windows\z7926wor579b.exe
c:\windows\z7975n5t-a-9irus324.exe
c:\windows\z8251troj956.cpl
c:\windows\z851do9nloader5270.ocx
c:\windows\z8687hackt5ol729.bin
c:\windows\z885ad9ware2186.ocx
c:\windows\z909spy59f.cpl
c:\windows\z9546virus455.dll
c:\windows\z9800sp5mbot225.bin
c:\windows\zc1t5i9f2041.dll
c:\windows\zdb9thief5936.dll
c:\windows\zddathie92508.exe
D:\Desktop.ini

lakers34kb
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-12
OS : Vista

View user profile

Back to top Go down

Re: Remove WinBlueSoft

Post by lakers34kb on Sat Jun 13, 2009 1:21 am

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 01:13 . 2009-06-13 01:13 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-06-13 00:51 . 2009-06-13 00:51 -------- d-----w- c:\users\Owner\AppData\Local\ESET
2009-06-12 21:45 . 2009-06-12 21:45 -------- d-----w- c:\program files\Trend Micro
2009-06-12 21:35 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-12 21:35 . 2009-04-03 16:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-12 21:35 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-12 21:35 . 2009-06-12 21:36 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-12 21:35 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-12 21:35 . 2009-06-12 21:36 -------- d-----w- c:\program files\Spyware Doctor
2009-06-12 21:35 . 2009-06-12 21:35 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Tools
2009-06-12 21:35 . 2009-06-12 21:35 -------- d-----w- c:\programdata\PC Tools
2009-06-12 21:18 . 2009-06-12 21:18 680 ----a-w- c:\users\Owner\AppData\Local\d3d9caps.dat
2009-06-12 19:50 . 2009-01-18 21:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-12 19:39 . 2009-06-12 19:39 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-12 19:39 . 2009-01-18 21:30 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-12 19:38 . 2009-01-18 21:43 2892112 -c--a-w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-06-12 19:38 . 2009-06-12 19:38 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-12 19:37 . 2009-06-12 19:39 -------- d-----w- c:\programdata\Lavasoft
2009-06-12 19:37 . 2009-06-12 19:37 -------- d-----w- c:\program files\Lavasoft
2009-06-12 08:48 . 2009-06-12 08:48 2 ---h--w- c:\windows\ro122458.dat
2009-06-11 21:34 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-06-10 19:44 . 2009-06-12 10:12 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2009-06-10 06:50 . 2009-06-10 06:50 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla
2009-06-10 06:16 . 2009-06-10 21:35 -------- d-----w- c:\users\Owner\AppData\Local\Hewlett-Packard
2009-06-10 06:00 . 2009-06-10 06:00 -------- d-----w- c:\programdata\acccore
2009-06-10 05:01 . 2009-06-10 05:01 -------- d-----w- c:\users\Owner\AppData\Roaming\acccore
2009-06-10 05:01 . 2009-06-10 05:01 -------- d-----w- c:\users\Owner\AppData\Local\AOL OCP
2009-06-10 05:01 . 2009-06-10 05:01 -------- d-----w- c:\users\Owner\AppData\Local\AOL
2009-06-09 21:08 . 2009-06-09 21:08 -------- d-----w- c:\program files\ESET
2009-06-01 22:03 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-01 21:56 . 2009-06-01 21:56 -------- d-----w- c:\program files\MSXML 4.0
2009-05-22 14:34 . 2008-12-05 04:32 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-05-22 14:34 . 2008-12-05 04:32 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-05-22 14:33 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-05-22 14:33 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-05-22 14:33 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-05-22 14:31 . 2008-04-26 08:26 891448 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-05-22 14:31 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-05-22 14:31 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-05-22 14:31 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-05-22 14:31 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-05-22 14:31 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-05-22 14:29 . 2009-02-13 08:49 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-05-22 14:16 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-22 14:16 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-22 14:16 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-22 14:16 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-05-22 14:16 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-22 14:16 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-22 14:16 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-05-22 14:16 . 2008-10-16 19:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-05-22 14:16 . 2008-10-16 18:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-05-21 22:25 . 2003-06-18 22:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-05-21 22:24 . 2009-05-21 22:24 -------- d-----w- c:\program files\Common Files\L&H
2009-05-21 22:23 . 2009-05-21 22:23 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-21 22:22 . 2009-05-21 22:22 -------- d-----w- c:\windows\PCHEALTH
2009-05-21 22:22 . 2009-05-21 22:22 -------- d-----w- c:\program files\Microsoft.NET
2009-05-21 22:21 . 2009-05-21 22:21 -------- d--h--r- C:\MSOCache
2009-05-21 20:22 . 2009-06-12 21:16 -------- d-----w- C:\Temp
2009-05-21 19:12 . 2009-06-10 21:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Hewlett-Packard
2009-05-21 19:12 . 2009-05-21 19:12 -------- d-----w- c:\users\Owner\AppData\Roaming\Symantec
2009-05-21 19:11 . 2009-05-21 19:11 44 ----a-w- c:\windows\system\hpsysdrv.dat
2009-05-21 19:10 . 2009-06-10 05:01 -------- d-----w- c:\users\Owner\AppData\Local\VirtualStore
2009-05-21 19:06 . 2009-05-22 14:11 106552 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-21 19:00 . 2009-05-21 19:00 -------- d-----w- c:\users\Owner\AppData\Roaming\HP TCS
2009-05-21 18:59 . 2009-06-10 06:00 -------- d-----w- c:\programdata\Viewpoint
2009-05-21 18:59 . 2009-05-21 19:00 -------- d-----w- c:\program files\Viewpoint
2009-05-21 18:59 . 2009-06-10 05:02 -------- d-----w- c:\programdata\AOL OCP
2009-05-21 18:59 . 2009-05-21 18:59 -------- d-----w- c:\programdata\AOL
2009-05-21 18:59 . 2009-05-21 18:59 -------- d-----w- c:\program files\Common Files\AOL
2009-05-21 18:59 . 2009-06-11 23:31 -------- d-----w- c:\program files\AIM6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 21:35 . 2008-06-27 18:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-10 21:34 . 2008-06-27 17:49 -------- d-----w- c:\programdata\Hewlett-Packard
2009-06-10 04:48 . 2008-06-27 17:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-09 21:03 . 2008-06-27 17:24 -------- d-----w- c:\programdata\Symantec
2009-06-01 22:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-21 22:23 . 2008-06-27 18:04 -------- d-----w- c:\program files\Microsoft Works
2009-05-21 22:16 . 2008-06-27 18:28 -------- d-----w- c:\programdata\Microsoft Help
2009-05-21 18:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-21 18:57 . 2009-05-21 18:57 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_G50 Notebook PC_Y5335KV_0U_Q2CE9129H70_E480012-001_4A_I360B_SWistron_V09.50_F.35_T090304_WV3-1_L409_M3003_J250_7Intel_86FD_92.17_#090401_N10EC8136;168C001C_(NW067UA#ABA)_XMOBILE_CN10_Z_2F.35.MRK
2009-04-24 16:05 . 2009-06-10 04:56 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-10 04:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-10 04:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-10 04:56 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 04:56 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 04:56 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-03-31 20:35 . 2009-06-10 21:29 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 22:30 . 2009-06-10 21:29 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-17 03:38 . 2009-05-22 14:29 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-05-22 14:29 24064 ----a-w- c:\windows\system32\amxread.dll
2008-06-27 16:02 . 2008-06-27 16:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

lakers34kb
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-12
OS : Vista

View user profile

Back to top Go down

Re: Remove WinBlueSoft

Post by lakers34kb on Sat Jun 13, 2009 1:21 am

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-11 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C0EA8201-8DF2-460B-8FA0-CA6DF34E6153}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{8454C891-500E-4F2E-B082-21ED4AB360D5}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{5D500A14-07EB-4251-995C-A11A6DB4967B}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{587846ED-2948-470E-9137-F37EF73A7765}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4B863293-D703-4A63-AFAB-628AC1FDB3AA}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{014DE51E-DF88-4DD2-8DC2-39A0B9F53A85}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6F00454D-0C8E-46F4-AE85-CC2B7E17BD8E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{EE1F8A82-A706-4C5D-95F3-0BFB9317FE65}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{483C7465-B391-47B4-BC84-E3FB3577DE92}"= TCP:c:\program files\AIM6\aim6.exe:AIM

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [6/12/2009 2:39 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [6/12/2009 4:35 PM 130936]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [3/13/2008 4:52 PM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/13/2008 4:49 PM 472320]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 921936]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [6/27/2008 1:46 PM 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/21/2009 2:00 PM 24652]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [6/4/2008 12:54 PM 113664]
S2 podmena;podmena;c:\windows\system32\svchost.exe -k podmena [1/20/2008 9:23 PM 21504]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6/27/2008 12:46 PM 193840]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/12/2009 4:35 PM 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
podmena REG_MULTI_SZ podmena
.
Contents of the 'Scheduled Tasks' folder

2009-06-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

2009-06-12 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-06-27 03:03]

2009-06-12 c:\windows\Tasks\User_Feed_Synchronization-{56A5D8AE-0650-49D9-9654-3F8826E131EC}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6pv1t1ks.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-12 20:13
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-13 20:14
ComboFix-quarantined-files.txt 2009-06-13 01:14

Pre-Run: 193,760,022,528 bytes free
Post-Run: 193,935,560,704 bytes free

935 --- E O F --- 2009-06-12 07:09

lakers34kb
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-12
OS : Vista

View user profile

Back to top Go down

Re: Remove WinBlueSoft

Post by lakers34kb on Sat Jun 13, 2009 1:23 am

I'm not sure if thats all I have to do? I haven't seen anything pop up yet, and it changed my wallpaper.

I'll keep you updated, let me know if there is anything further I was suppose to do.

thank you for your help.

lakers34kb
Novice
Novice

Status :
Online
Offline

Posts : 14
Joined : 2009-06-12
OS : Vista

View user profile

Back to top Go down

Re: Remove WinBlueSoft

Post by Belahzur on Sat Jun 13, 2009 1:15 pm

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
podmena
Viewpoint Manager Service

Folder::
c:\programdata\Viewpoint
c:\program files\Viewpoint

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum