winbluesoft wont go away

View previous topic View next topic Go down

winbluesoft wont go away

Post by gtown283 on Wed Jun 17, 2009 2:45 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:40 PM, on 6/16/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Program Files\Common Files\AOL\1242956320\ee\aolsoftware.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\setup2.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Flock\FLOCK.EXE
C:\Users\James Williams_2\Downloads\Hijack(GP)This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Babya Software Group\Babya Logic\msdxm.ocx (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dldtmon.exe] "C:\Program Files\Dell V305\dldtmon.exe"
O4 - HKLM\..\Run: [dldtamon] "C:\Program Files\Dell V305\dldtamon.exe"
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1242956320\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\System32\setup2.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O13 - Gopher Prefix:
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - [You must be registered and logged in to see this link.]
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{F191681C-8C4A-4A9E-9B9B-66D37CD18A5C}: NameServer = 85.255.112.150,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{FABA0B27-D20A-497E-9280-9134D3C18734}: NameServer = 85.255.112.150,85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.150,85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.150,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.150,85.255.112.69
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlci_device - - C:\Windows\system32\dlcicoms.exe
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe
O23 - Service: dldt_device - - C:\Windows\system32\dldtcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 14141 bytes

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by Belahzur on Wed Jun 17, 2009 12:31 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
    O4 - HKCU\..\Run: [setup2.exe] C:\Windows\System32\setup2.exe
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F191681C-8C4A-4A9E-9B9B-66D37CD18A5C}: NameServer = 85.255.112.150,85.255.112.69
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FABA0B27-D20A-497E-9280-9134D3C18734}: NameServer = 85.255.112.150,85.255.112.69
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.150,85.255.112.69
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.150,85.255.112.69
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.150,85.255.112.69
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Next,

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (AVG8)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

C:combofix.txt

Post by gtown283 on Wed Jun 17, 2009 6:54 pm

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10490spzmb59734.bin
c:\windows\10556hac9toolzeb.ocx
c:\windows\105z5troj927.ocx
c:\windows\10907s5ambot6zf.exe
c:\windows\10d5pywaze2099.ocx
c:\windows\11645worz3669.dll
c:\windows\12219spambot2z59.dll
c:\windows\12239spamb595z9.ocx
c:\windows\123599roj258z.bin
c:\windows\12790not9z-virus67c5.ocx
c:\windows\127z5wo9m18.ocx
c:\windows\12959z9cktool512.cpl
c:\windows\12b5spywar5z539.ocx
c:\windows\1303az59are1790.cpl
c:\windows\135z0wo59418.cpl
c:\windows\135z25pambot66a9.exe
c:\windows\13af5iz991.ocx
c:\windows\14274not-9-5irus7z5.ocx
c:\windows\14358wo9maz.cpl
c:\windows\14z1sp9m5ot5b2.dll
c:\windows\1500zhi9f3526.dll
c:\windows\1515s5ywa9z380.dll
c:\windows\15315vir5szf9.bin
c:\windows\1551backd9or7z9.dll
c:\windows\15550spamz9t21c.dll
c:\windows\1588zvirus195.ocx
c:\windows\15d2virz19.dll
c:\windows\15z5bac9door1655.exe
c:\windows\15z62w9r5bf.exe
c:\windows\15z8troj349.cpl
c:\windows\16450not9a-viruscez.dll
c:\windows\16757vi9uszfe.ocx
c:\windows\16990szy567.exe
c:\windows\171sp9mbot7z5.cpl
c:\windows\17775hac9tozl747.bin
c:\windows\17845sp5zbotc9.exe
c:\windows\17f9b9ck5oor2413z.exe
c:\windows\18403hacktool985z.dll
c:\windows\18a1s5eaz20999.bin
c:\windows\18z615py3089.cpl
c:\windows\1934zt5al9155.bin
c:\windows\193fa5dware2083z.dll
c:\windows\1950vi911z05.cpl
c:\windows\19584z95ktool7d.dll
c:\windows\195945acztool930.dll
c:\windows\1973zsp9215.dll
c:\windows\19832spam9ot1z45.ocx
c:\windows\199735orm51z.cpl
c:\windows\19997spazbot752.ocx
c:\windows\1c4espzwa95100.bin
c:\windows\1c92do5nloadzr1399.bin
c:\windows\1e5e9zwnloader2749.dll
c:\windows\1f45ad9zare1355.dll
c:\windows\1f9bsp5zare1241.cpl
c:\windows\1fc9addwa5ez133.bin
c:\windows\1z1569ackto5l337.dll
c:\windows\1z275not-a-vir9s406.dll
c:\windows\20179s5ambotz9a.dll
c:\windows\20293tzo9350.bin
c:\windows\2051spyw9ze191.dll
c:\windows\2054t9zef816.bin
c:\windows\20568v5ru969z.bin
c:\windows\20599hiefz813.bin
c:\windows\20915ot-a9virzs61f.exe
c:\windows\213695zy2d4.cpl
c:\windows\21567s5y3z19.dll
c:\windows\21585viru92z5.exe
c:\windows\2165695ojz1c.ocx
c:\windows\22009hac59zol2dd.dll
c:\windows\22477s5azbot9ec.exe
c:\windows\22525vi5uszd9.exe
c:\windows\22819spam9otzeb5.ocx
c:\windows\22aste59670z.cpl
c:\windows\23573vi9zs37.bin
c:\windows\237a9parze3785.dll
c:\windows\23921ha9k5ozl240.cpl
c:\windows\24053wo9m7az.ocx
c:\windows\24409pambot425z.ocx
c:\windows\2448spambo51z29.dll
c:\windows\24529spy9z.dll
c:\windows\247985orm3z9.cpl
c:\windows\24916not-a-viruz5e.bin
c:\windows\249hi5f6z.bin
c:\windows\24cspywaz91145.dll
c:\windows\25194worz529.exe
c:\windows\25439viruz6899.dll
c:\windows\2548not-a-virus79z.cpl
c:\windows\25492not5a-virzs17c.cpl
c:\windows\25552not-a-zirus987.ocx
c:\windows\25563vz9us216.bin
c:\windows\25995virzsff.ocx
c:\windows\259z7spy859.cpl
c:\windows\25a9addwzre370.ocx
c:\windows\26529troz632.bin
c:\windows\26548n5t9a-vzruscc.cpl
c:\windows\26f1tzreat279195.ocx
c:\windows\26zha9ktool650.bin
c:\windows\275159orm2z5.cpl
c:\windows\27935irz421.bin
c:\windows\27d9a9dzare29115.exe
c:\windows\28105roz209.bin
c:\windows\28141szambot529.cpl
c:\windows\28351tzoj7569.bin
c:\windows\28554not-a-vir9s41z.ocx
c:\windows\292z7not-a-5irus7bb.exe
c:\windows\29500troz2a5.bin
c:\windows\29899troj4z15.bin
c:\windows\29929not-a-9ir5z3da.dll
c:\windows\29949hackto5l3z.ocx
c:\windows\29985spy69z.ocx
c:\windows\29d0addware2z54.cpl
c:\windows\29d5baczdoor90465.exe
c:\windows\2b0fsp5z9re1576.dll
c:\windows\2esp5wa9e10z8.dll
c:\windows\2z05not-a-v59us138.cpl
c:\windows\2z076sp5391.ocx
c:\windows\2z330not-a-9irusc5.dll
c:\windows\2z4639pam5ot228.cpl
c:\windows\30753vzrus64e9.cpl
c:\windows\309089zrus25d5.exe
c:\windows\30z6sparse359.exe
c:\windows\30z98spambo539f9.cpl
c:\windows\311z35ot-a-virus7659.exe
c:\windows\31290v9rzs552.cpl
c:\windows\31b5a5zware509.bin
c:\windows\31f6zownload9r7895.dll
c:\windows\32175hacktzo93c8.dll
c:\windows\32179teaz2257.ocx
c:\windows\33a89par5e2z27.cpl
c:\windows\35195tezl1580.ocx
c:\windows\35356h9cztool4a6.bin
c:\windows\35695w9zm1fa.ocx
c:\windows\3580vzr3299.dll
c:\windows\35f5thre9tz9866.cpl
c:\windows\36f6backdooz2395.bin
c:\windows\3791not-a-vzrus559.dll
c:\windows\37bzhr5a921885.bin
c:\windows\37f0s5ywarz9997.dll
c:\windows\3955spambot60z5.exe
c:\windows\3955zot-a-vir9s5ee.bin
c:\windows\39despywaze565.bin
c:\windows\39e0s5y9aze2560.bin
c:\windows\3ba9vir165z.cpl
c:\windows\3c5aad9w5ze481.bin
c:\windows\3cfcsteal295z5.exe
c:\windows\3d9avi5z5269.dll
c:\windows\3dczspy9a5e2181.cpl
c:\windows\3dd5downz5a9er1174.cpl
c:\windows\3e835ir3z19.ocx
c:\windows\3f0fth5e95z4.ocx
c:\windows\3z0dsteal2559.dll
c:\windows\3z996spambo5345.ocx
c:\windows\4195s9amboz253.cpl
c:\windows\428zs9a5se3248.cpl
c:\windows\4295thze52055.exe
c:\windows\4334zroj97d5.cpl
c:\windows\450doznl59der1428.cpl
c:\windows\4578doznloader790.ocx
c:\windows\469e9h5eat14552z.cpl
c:\windows\47z3not-a-5ir9s5b0.bin
c:\windows\494backzo9r3225.dll
c:\windows\4959zparse29695.ocx
c:\windows\49e7thz5at24981.dll
c:\windows\4a2cback9oor235z5.ocx
c:\windows\4az6sp9rse205.exe
c:\windows\4cbc5ddw9re2994z.ocx
c:\windows\4cc35pazs92934.bin
c:\windows\4cz5addware9901.ocx
c:\windows\4e57spyzare2796.ocx
c:\windows\5000worm91z.exe
c:\windows\50569hrzat22207.exe
c:\windows\50799szy49a9.cpl
c:\windows\51053viru91z0.exe
c:\windows\5118dow5z9ader474.exe
c:\windows\5128spamb5z909.cpl
c:\windows\5155virz699.dll
c:\windows\516zs9arse27545.cpl
c:\windows\5198stza5550.ocx
c:\windows\51z85ac9tool1a3.exe
c:\windows\5239zvirus3c2.cpl
c:\windows\52595zy292.dll
c:\windows\52t9zj153.bin
c:\windows\5333backdoor9004z.exe
c:\windows\54499troj4a4z.cpl
c:\windows\5539threzt9122.dll
c:\windows\5553t9oj5zf.bin
c:\windows\556eazd9are586.exe
c:\windows\5583downloade9z927.exe
c:\windows\55941zroj58a9.exe
c:\windows\55e6stealz965.dll
c:\windows\5609tr59193z.exe
c:\windows\5622th9eat135z8.ocx
c:\windows\562zs9eal958.dll
c:\windows\563fstz9l521.dll
c:\windows\5659szyware299.exe
c:\windows\565ethrea5z963.exe
c:\windows\56c2d9wnlo5dzr2541.exe
c:\windows\56e15ddwa9e22z9.bin
c:\windows\57099zief1941.dll
c:\windows\57754spz6aa9.cpl
c:\windows\579et9rzat15585.dll
c:\windows\57a0sp9rse69z5.ocx
c:\windows\584bvir5992z.bin
c:\windows\5859ba5kdoor2739z.cpl
c:\windows\585addwzr93045.bin
c:\windows\58f5b9ckdozr775.dll
c:\windows\59095spyz5f.cpl
c:\windows\590fthrezt2787.dll
c:\windows\5924vir58z.cpl
c:\windows\5952t5oz5159.dll
c:\windows\5958addwarz9765.dll
c:\windows\5959adzware1060.ocx
c:\windows\595bac5dzor278.dll
c:\windows\5970notza5vi9us36a.ocx
c:\windows\5a9zs9eal2541.bin
c:\windows\5baz9ie596.bin
c:\windows\5c1a9ir2z395.cpl
c:\windows\5d26spyw5re1z609.exe
c:\windows\5d53thrz5919160.bin
c:\windows\5e8s9ealz215.bin
c:\windows\5ez0th9ef2354.dll
c:\windows\5f0z5o9nloader1765.ocx
c:\windows\5z17spar9e2950.exe
c:\windows\5z26vir21869.exe
c:\windows\5z67spa9bot3cf5.exe
c:\windows\5zbv9r5855.cpl
c:\windows\5zecaddwar92979.dll
c:\windows\5zf5vir11259.bin
c:\windows\6035spz989.dll
c:\windows\60959zt-a-virus549.exe
c:\windows\60d7tzreat9593.bin
c:\windows\60fdthrez94695.exe
c:\windows\6107d95zloader2618.cpl
c:\windows\6269zroj1ef5.ocx
c:\windows\626s9amb5t76z.cpl
c:\windows\6357no95a-zirus312.cpl
c:\windows\6493spyw9r59z4.cpl
c:\windows\652cvirz92.exe
c:\windows\6540zhi9f570.dll
c:\windows\6697wzrm5fe.ocx
c:\windows\67639ownzoader2519.exe
c:\windows\6807spam9ot75fz.dll
c:\windows\68cb5zckdo9r768.ocx
c:\windows\68f1spaz5e1969.exe
c:\windows\6936szeal2528.exe
c:\windows\699ed5wnzoader3091.ocx
c:\windows\69afbackdoo5281z.dll
c:\windows\69c5downloaderz328.exe
c:\windows\6be9steaz905.exe
c:\windows\6c26back5ooz5209.ocx
c:\windows\6e60sp9waze3175.cpl
c:\windows\6e95do9nloadez1835.cpl
c:\windows\6z3as5yware9571.bin
c:\windows\7094worm75z.dll
c:\windows\72z4threat575099.bin
c:\windows\737bac5doo9z758.cpl
c:\windows\73b5s5arse1z469.exe
c:\windows\742ado9nlozde51233.cpl
c:\windows\7555stea9525z.cpl
c:\windows\76b09parse1z45.dll
c:\windows\76edspzr5e1419.bin
c:\windows\77925zrmb4.bin
c:\windows\779ct5reat27912z.dll
c:\windows\7845spambo9559z.exe
c:\windows\7a9fd5wnloader24z0.ocx
c:\windows\7c905zarse999.ocx
c:\windows\7da59dzware1481.ocx
c:\windows\7fd5addware139z.exe
c:\windows\806zt59j7e0.cpl
c:\windows\82965orm9z.cpl
c:\windows\837spamzo559e.dll
c:\windows\8795virus1b6z.cpl
c:\windows\8869spamb5t1aez.bin
c:\windows\90075pazb9t5fa.bin
c:\windows\901ztr5j590.bin
c:\windows\91108hacktool65z.cpl
c:\windows\91325orm13z.dll
c:\windows\91415hief2z48.ocx
c:\windows\9175spyware1625z.cpl
c:\windows\9235zownloader2985.bin
c:\windows\92734notza-virus7a5.cpl
c:\windows\9300vzru52a5.dll
c:\windows\9304vir311z5.cpl
c:\windows\931sp5z29.bin
c:\windows\932z5w5rm366.dll
c:\windows\935s5y95z.bin
c:\windows\94361hacktooz659.cpl
c:\windows\94z5spar5e459.cpl
c:\windows\951szarse5.exe
c:\windows\9557thzef2523.ocx
c:\windows\9594z9oj33e.dll
c:\windows\95z35troj5c5.dll
c:\windows\9746zhief5155.bin
c:\windows\97519nzt-a-viru56b6.bin
c:\windows\978ztroj453.cpl
c:\windows\9895not-a-vi9uz40a5.exe
c:\windows\9913spamb5t1cz.cpl
c:\windows\9957not-a-zirus638.cpl
c:\windows\9b50threzt22572.bin
c:\windows\9c4zbackdoor5194.cpl
c:\windows\9cfzvir5053.dll
c:\windows\9z9evi52555.exe
c:\windows\az9thief5984.bin
c:\windows\b03downzoader21905.cpl
c:\windows\c4bv953101z.exe
c:\windows\ce9vi52589z.bin
c:\windows\d10zp9rse1159.bin
c:\windows\d65t9zeat5566.dll
c:\windows\db0vir5z929.cpl
c:\windows\ed3b5zkdoor972.dll
c:\windows\f2ezteal19855.ocx
c:\windows\system32\10619zro55bc.cpl
c:\windows\system32\10703not-a-vi5us59z.ocx
c:\windows\system32\10951ha59tool3zb.dll
c:\windows\system32\109zb9ckdoor16985.ocx
c:\windows\system32\11089s9y51z.dll
c:\windows\system32\11095ackdooz2194.exe
c:\windows\system32\11474troz159.bin
c:\windows\system32\115189pambotz3c.bin
c:\windows\system32\11559spambzt59a.exe
c:\windows\system32\11959zarse3164.cpl
c:\windows\system32\11z2sp5m9ot16d.ocx
c:\windows\system32\12054viru9351z.bin
c:\windows\system32\12218n9t-a-vizu56b3.ocx
c:\windows\system32\1251stza9177.ocx
c:\windows\system32\12750tzoj6a59.dll
c:\windows\system32\12995trojz8d.dll
c:\windows\system32\12bdzp5w9re880.dll
c:\windows\system32\12z70viru53249.exe
c:\windows\system32\13314not-a95iruz57f.bin
c:\windows\system32\13923wor5z5.ocx
c:\windows\system32\13949wor523z.ocx
c:\windows\system32\13985vzru52f5.cpl
c:\windows\system32\1430not-a-virus9z95.bin
c:\windows\system32\14593worm75z.dll
c:\windows\system32\14z63hac9tool29d5.exe
c:\windows\system32\1545zs9y6d5.exe
c:\windows\system32\15595zroj46.exe
c:\windows\system32\155z9ir1575.bin
c:\windows\system32\155zspy95d.dll
c:\windows\system32\1563s9ywarez348.ocx
c:\windows\system32\15729szy761.bin
c:\windows\system32\15962not-a-vir9z7b5.cpl
c:\windows\system32\15987hacktool5ez9.bin
c:\windows\system32\15ezownloader9107.dll
c:\windows\system32\15ezvir9855.dll
c:\windows\system32\160759ot-azvirus506.exe
c:\windows\system32\165cad9waze451.dll
c:\windows\system32\1679trz592b.ocx
c:\windows\system32\16937vi59s29z.dll
c:\windows\system32\17055hackto9l25fz.ocx
c:\windows\system32\17415spazbo945a.dll
c:\windows\system32\17bfspywar9520z.cpl
c:\windows\system32\1858not-a-virzs1c9.ocx
c:\windows\system32\18623no5-a-virzs39a.bin
c:\windows\system32\186b9pyw5re207z.ocx
c:\windows\system32\187cthre9z22524.ocx
c:\windows\system32\18cds9azse5392.dll
c:\windows\system32\18z9st9al2257.cpl
c:\windows\system32\19105rojz66.dll
c:\windows\system32\191709ot-a-vi5us74z.dll
c:\windows\system32\19195ddware37z.dll
c:\windows\system32\192t5oj1z9.cpl
c:\windows\system32\195cdzwnloader366.dll
c:\windows\system32\19645p9zse506.ocx
c:\windows\system32\1974vir935z.bin
c:\windows\system32\1979zt5ojdd.ocx
c:\windows\system32\19c9zpy59re2926.dll
c:\windows\system32\19e2thr5at43z9.exe
c:\windows\system32\19ezthief8995.exe
c:\windows\system32\1c295hze9t24447.ocx
c:\windows\system32\1c3c5irz995.ocx
c:\windows\system32\1df9szars51333.cpl
c:\windows\system32\1e30add5a9e936z.bin
c:\windows\system32\1e91thzeat25295.ocx
c:\windows\system32\1f77add95rz196.dll
c:\windows\system32\1z1895orm54b9.bin
c:\windows\system32\1z6769i5us40f.cpl
c:\windows\system32\1z69spambo56c5.exe
c:\windows\system32\1z859tr5j648.cpl
c:\windows\system32\1zeespy59re304.exe
c:\windows\system32\1zf9backdoo51572.ocx
c:\windows\system32\20155not-a-virus15z9.ocx
c:\windows\system32\20581spamz9t5c35.exe
c:\windows\system32\20905hacktzol4ec.cpl
c:\windows\system32\20zfthief5493.ocx
c:\windows\system32\21275not9a-virus637z.cpl
c:\windows\system32\21390hacktzo5608.ocx
c:\windows\system32\21499spzm5ot1c3.dll
c:\windows\system32\215z8spy289.exe
c:\windows\system32\21bcdo5nloa9er1z92.exe
c:\windows\system32\21cbzir1579.exe
c:\windows\system32\22436hazk9oo515b.ocx
c:\windows\system32\22499not-a-virus2z59.cpl
c:\windows\system32\225zbackdoo53987.ocx
c:\windows\system32\22665z95j76f.exe
c:\windows\system32\229255roj32bz.cpl
c:\windows\system32\22z35virus169.bin
c:\windows\system32\22z75hacktoo936.dll
c:\windows\system32\231759iruz58b5.exe
c:\windows\system32\23f7zpywa9e456.bin
c:\windows\system32\23z60s9y3175.exe
c:\windows\system32\246405py194z.dll
c:\windows\system32\2464zackdo5r3699.dll
c:\windows\system32\24e5d9wnlzader2738.dll
c:\windows\system32\drivers\gxvxcrfdcinxwrptpxxsqoboxtukieibrpnta.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcwqxrnwxvpmerxpbgtclsnrsdmmubnrnv.dll
c:\windows\system32\gxvxcxwalsvrccosdbcrqvkjlqaqtqctpqitp.dll
c:\windows\system32\jgaw400.dll
c:\windows\system32\setup2.exe
c:\windows\z0109w9rm59b.dll
c:\windows\z0495no9-a-vi5us2b9.dll
c:\windows\z0est5a93258.cpl
c:\windows\z1309ddw5re1873.ocx
c:\windows\z15fthr9at26551.bin
c:\windows\z1623not-9-vi5us73a.cpl
c:\windows\z255vir2098.exe
c:\windows\z25addwar51921.cpl
c:\windows\z519steal1027.ocx
c:\windows\z595addware2402.dll
c:\windows\z5979w9rm515.dll
c:\windows\z6036hackt5o92d7.bin
c:\windows\z645vir9s551.cpl
c:\windows\z675thief9959.cpl
c:\windows\z715th9ef1693.cpl
c:\windows\z89979py25a.exe
c:\windows\z92995orm1a5.cpl
c:\windows\z99495ot-a-virus5b6.cpl
c:\windows\z9969ownload5r448.dll
c:\windows\z99spa5se1544.bin
c:\windows\zd3759eal1457.exe
c:\windows\zf8et5ie91246.cpl
c:\windows\zf915i93186.bin
c:\windows\zfd9thi592888.exe

.
.

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Wed Jun 17, 2009 6:54 pm

------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-17 14:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-17 14:47
ComboFix-quarantined-files.txt 2009-06-17 18:47

Pre-Run: 97,971,478,528 bytes free
Post-Run: 99,253,579,776 bytes free

748 --- E O F --- 2009-05-15 10:55

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Wed Jun 17, 2009 6:55 pm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe [11/22/2008 6:14 AM 73728]
R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [9/24/2008 12:09 AM 155648]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/27/2007 5:22 AM 345432]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/27/2007 5:22 AM 923216]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [11/22/2008 4:51 AM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/27/2007 5:22 AM 566872]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [11/22/2008 6:15 AM 111616]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [11/22/2008 6:15 AM 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [11/22/2008 6:15 AM 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [11/22/2008 6:15 AM 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [11/22/2008 6:15 AM 277440]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\System32\drivers\TM_CFW.sys [11/22/2008 4:51 AM 280392]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\dldtserv.exe [2/25/2008 5:38 PM 99568]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/22/2008 4:50 AM 30192]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\System32\drivers\tj2knd5.sys [5/25/2009 12:14 PM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\System32\drivers\tj2kunic.sys [5/25/2009 12:13 PM 69680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Recordpad - c:\program files\NCH Swift Sound\Recordpad\recordpad.exe
HKLM-Run-WinBlueSoft - c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Wed Jun 17, 2009 6:55 pm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7E98E1EE-0D97-4E48-AD58-AFB224D32606}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{1A690072-2B94-4B96-BD05-2ABBDCA3DAE9}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{CB0073B7-D67B-45DF-9631-3EAE86A416DD}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{F941A0A8-11AD-42B6-844D-45BF2F8D8168}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{818FEA4B-244E-463F-B827-D12D0829BF50}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{8C40712C-124E-4A12-89EE-5006A3BD6A57}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{E088A383-01F3-4859-AA58-5252C3235F97}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{05B5AB04-D7E3-4995-ABD6-24EEFDFD10F2}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F15C6AFB-2B39-41F8-A455-0FD0085E4F31}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A270C37D-CF63-4D81-B7DD-880D3BF2297C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2D979AD3-3162-4081-8491-A89B3D9F5AF7}"= UDP:c:\program files\Dell V305\dldtamon.exe:Dell Device Monitor
"{68CA02B8-E1E0-42AF-BA74-E3A771BF063C}"= TCP:c:\program files\Dell V305\dldtamon.exe:Dell Device Monitor
"{0E3BD90B-3283-416F-84EB-4067E2A94E15}"= UDP:c:\program files\Dell V305\frun.exe:Dell Imaging Toolbox
"{A8C53F17-4181-4452-8B0C-973EF0F9CADD}"= TCP:c:\program files\Dell V305\frun.exe:Dell Imaging Toolbox
"{A7451A10-F7F8-471B-B962-2029B6E6BAD4}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{08575818-4B96-4180-ACE6-3AA275A604DB}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{7DF05405-931E-46B5-87CC-EBD7C6A325ED}"= UDP:c:\program files\Dell V305\dldtmon.exe:Printer Device Monitor
"{6384988E-20E8-4737-9F11-58487160FF38}"= TCP:c:\program files\Dell V305\dldtmon.exe:Printer Device Monitor
"{C86A5773-D497-444C-B729-4932193B812D}"= UDP:c:\windows\System32\dldtcoms.exe:Lexmark Communications System
"{AB3C388F-C1A0-4C56-AD91-B5F42A1767C4}"= TCP:c:\windows\System32\dldtcoms.exe:Lexmark Communications System
"{068FFBE2-52D0-4A39-A81B-548572A19296}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"{611D736A-CD86-44E9-BCE5-3D994F36B73A}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"{3BE49610-21A0-4BA0-A02A-2507B9A664B3}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dldttime.exe:Time Executable
"{68D0193A-32B4-4571-964A-507F173F1EE1}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dldttime.exe:Time Executable
"{823434F2-C974-4051-BEB9-0C3E3CA01435}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dldtjswx.exe:Job Status Window Interface
"{6C0B27C4-0EF7-4255-9571-C1F81763845D}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dldtjswx.exe:Job Status Window Interface
"{832D5E6D-15BD-46AA-B143-D54EF85A9AC5}"= UDP:c:\windows\System32\dlcicoms.exe:Dell 946 Server
"{CF4B1FAF-0230-489A-AA47-3FA9E1640555}"= TCP:c:\windows\System32\dlcicoms.exe:Dell 946 Server
"{A970F9FD-7D45-4755-9FA8-F4ADC5D105CF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{37E3B7A7-F7AA-4984-8DD2-5945C8DEAC48}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4BE6CCE9-FC80-460B-B5BD-A703EBBC9741}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{951A06AE-E746-4D4F-9E9B-4F86A39F51EF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A9967349-4112-498A-8743-3BE08232562D}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{BFDC91F5-5DF4-47E7-8ECD-C052C5C48460}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{E9DBCE7F-084F-4FF7-8ABB-D1FC29849AD4}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{7376C104-C9E4-4AEC-B915-A72A3B66A820}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{A77A88A9-73BC-4B1D-B049-0BD0F49D03DB}"= UDP:990:LocalSubnet:LocalSubnet|IF={97EA40B6-82BD-4E63-80F4-DFBDFF00F736}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{D81722AA-F4F2-4FEC-975D-8C57B7EFB092}"= UDP:c:\program files\Common Files\AOL\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{0401743A-EF7F-42A6-BDF3-28023D356842}"= TCP:c:\program files\Common Files\AOL\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{03D1DD4D-B024-4B35-BE1B-25599C394057}"= UDP:c:\program files\Common Files\AOL\acs\AOLacsd.exe:AOL Connectivity Service
"{89607905-C3CA-4DE3-A58F-133019CE8D07}"= TCP:c:\program files\Common Files\AOL\acs\AOLacsd.exe:AOL Connectivity Service
"{BAB018C8-CD1F-4DE9-A5BE-F55A506A4162}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{2BCF0F2E-8EF4-445D-8FC1-A1B0E16F8058}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{07FF080E-59F8-4AF9-9CD3-FB598BF045E5}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{BEA8A453-6217-4809-AA38-4A39D456C698}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{4E155F3A-C887-4557-BD30-C6C90C92FE5A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{18E6036B-F65F-4609-A26A-A526A321486C}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{19B71611-8C29-4909-A421-65A062ABBE6E}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{75695D55-8C2B-4AEE-842C-60F080DFBD80}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{9ED15ADD-5C48-4082-8204-2D12652DD189}"= UDP:c:\program files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{429FF43A-4FBA-490F-A971-058C5E202FD3}"= TCP:c:\program files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{B0B9BC3F-D5D3-4C0B-AE86-1C7A82D20A8C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1B78D340-1671-4D08-AA4B-5996370B55E7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Wed Jun 17, 2009 6:55 pm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EarthLink Installer"="/C" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-25 442467]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-13 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-13 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-22 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2007-08-27 1807696]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
"DLCICATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
"HostManager"="c:\program files\Common Files\AOL\1242956320\ee\AOLSoftware.exe" [2006-09-26 50736]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-05-24 26112]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

c:\users\James Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

c:\users\James Williams_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-22 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-5-2 1211472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-22 09:07 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Wed Jun 17, 2009 6:56 pm

((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-12-15 12:10 . 2009-12-15 12:10 9099 ----a-w- c:\windows\system32\5b26backdooz15659.bin
2009-12-13 11:47 . 2009-12-13 11:47 14440 ----a-w- c:\windows\system32\5f85steal29z3.bin
2009-12-08 12:42 . 2009-12-08 12:42 14712 ----a-w- c:\windows\system32\554zvirus699.dll
2009-11-25 21:07 . 2009-11-25 21:07 12018 ----a-w- c:\windows\system32\5290ztroj439.exe
2009-11-13 22:31 . 2009-11-13 22:31 15357 ----a-w- c:\windows\system32\6704s9amzo576e.exe
2009-11-13 08:34 . 2009-11-13 08:34 12567 ----a-w- c:\windows\system32\29905irus7z5.bin
2009-10-27 13:28 . 2009-10-27 13:28 3525 ----a-w- c:\windows\system32\60edsz5a9550.dll
2009-10-22 19:23 . 2009-10-22 19:23 3099 ----a-w- c:\windows\system32\28112nzt-a-viru53b9.exe
2009-10-16 17:04 . 2009-10-16 17:04 17814 ----a-w- c:\windows\system32\955troj6az9.bin
2009-10-16 07:22 . 2009-10-16 07:22 5031 ----a-w- c:\windows\system32\5da9azdwar51559.exe
2009-10-15 06:57 . 2009-10-15 06:57 16177 ----a-w- c:\windows\system32\5z951virusb2.dll
2009-09-15 08:09 . 2009-09-15 08:09 16331 ----a-w- c:\windows\system32\5836znot-a-virus696.dll
2009-09-14 19:36 . 2009-09-14 19:36 14558 ----a-w- c:\windows\system32\z0655troj7e9.exe
2009-09-13 06:56 . 2009-09-13 06:56 5178 ----a-w- c:\windows\system32\a8th59f1278z.dll
2009-09-03 09:39 . 2009-09-03 09:39 10835 ----a-w- c:\windows\system32\5945s9ambot3ze.bin
2009-09-02 22:02 . 2009-09-02 22:02 10020 ----a-w- c:\windows\system32\31255szy509.dll
2009-09-01 20:43 . 2009-09-01 20:43 8200 ----a-w- c:\windows\system32\459cdownl5ader3089z.exe
2009-09-01 05:04 . 2009-09-01 05:04 7066 ----a-w- c:\windows\system32\z566759oj60c.exe
2009-08-15 09:19 . 2009-08-15 09:19 9014 ----a-w- c:\windows\system32\31z599acktool785.bin
2009-08-04 20:27 . 2009-08-04 20:27 4665 ----a-w- c:\windows\system32\2z032hackto955ed.exe
2009-08-02 02:25 . 2009-08-02 02:25 2541 ----a-w- c:\windows\system32\z758backdoor2669.exe
2009-07-25 13:47 . 2009-07-25 13:47 5838 ----a-w- c:\windows\system32\4953tro5265z.bin
2009-07-16 21:56 . 2009-07-16 21:56 14330 ----a-w- c:\windows\system32\dc9zack5oor15699.exe
2009-07-06 02:33 . 2009-07-06 02:33 7478 ----a-w- c:\windows\system32\z199not-5-virus115.bin
2009-06-27 20:40 . 2009-06-27 20:40 7081 ----a-w- c:\windows\system32\5545spy1f9z.dll
2009-06-24 13:11 . 2009-06-24 13:11 12229 ----a-w- c:\windows\system32\9291downl5zder754.exe
2009-06-22 07:39 . 2009-06-22 07:39 16033 ----a-w- c:\windows\system32\47d7addzar517659.bin
2009-06-20 14:05 . 2009-06-20 14:05 11864 ----a-w- c:\windows\system32\755bazkdoor24889.exe
2009-06-19 00:42 . 2009-06-19 00:42 16796 ----a-w- c:\windows\system32\b26thzeat525329.exe
2009-06-18 13:37 . 2009-06-18 13:37 14739 ----a-w- c:\windows\system32\5cz0downlo9d5r3272.dll
2009-06-17 18:45 . 2009-06-17 18:45 -------- d-----w- c:\users\James Williams_2\AppData\Local\temp
2009-06-17 18:45 . 2009-06-17 18:45 -------- d-----w- c:\users\James Williams\AppData\Local\temp
2009-06-17 18:45 . 2009-06-17 18:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-06-16 17:36 . 2009-06-16 17:36 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-16 17:33 . 2009-06-16 17:33 -------- d-----w- c:\program files\AVG
2009-06-14 18:10 . 2009-06-14 18:10 16566 ----a-w- c:\windows\system32\f3ezteal29359.bin
2009-06-14 03:48 . 2009-06-14 03:48 -------- d-----w- c:\program files\Game Rival
2009-06-13 11:56 . 2009-06-13 11:56 2708 ----a-w- c:\windows\system32\599downloaderz539.exe
2009-06-06 15:52 . 2009-06-06 15:52 15424 ----a-w- c:\windows\system32\3166thr59t26223z.dll
2009-06-06 04:06 . 2009-06-06 04:06 -------- d-----w- c:\program files\iPod
2009-06-06 04:06 . 2009-06-06 04:07 -------- d-----w- c:\program files\iTunes
2009-06-06 03:56 . 2009-06-06 03:56 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 14:01 . 2009-06-03 14:01 10781 ----a-w- c:\windows\system32\32647z5ambot298.bin
2009-06-02 20:59 . 2009-06-02 20:59 16 ----a-w- c:\windows\popcinfo.dat
2009-06-02 20:17 . 2009-06-02 20:18 -------- d-----w- c:\program files\Bejeweled 2
2009-06-02 20:17 . 2009-06-02 20:17 -------- d-----w- c:\program files\bfgclient
2009-06-02 20:16 . 2009-06-02 20:17 -------- d-----w- C:\BigFishGamesCache
2009-06-02 02:19 . 2009-02-24 22:22 589824 ----a-w- c:\users\James Williams\AppData\Roaming\Flock\Browser\Profiles\fb4pfu1w.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
2009-06-01 19:48 . 2009-06-01 19:48 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\Flock
2009-06-01 19:48 . 2009-06-01 19:48 -------- d-----w- c:\users\James Williams_2\AppData\Local\Flock
2009-06-01 01:19 . 2009-06-01 01:19 -------- d-----w- c:\users\James Williams\AppData\Roaming\Flock
2009-06-01 01:19 . 2009-06-01 01:19 -------- d-----w- c:\users\James Williams\AppData\Local\Flock
2009-06-01 01:19 . 2009-06-17 02:19 -------- d-----w- c:\program files\Flock
2009-06-01 01:17 . 2007-09-17 14:34 136528 ------w- c:\programdata\AOL\UserProfiles\All Users\SUDS\CACHE\4397.2.4\radioupd.exe
2009-05-24 14:52 . 2009-05-24 14:53 -------- d-----w- c:\program files\Common Files\aolback
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\Install ICQ
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\Install iTunes
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\Install AOL Communicator
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\AOL Instant Messenger
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\aolextras
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\programdata\Pure Networks
2009-05-24 14:51 . 1999-04-17 05:06 10752 ----a-w- c:\windows\system32\aamd532.dll
2009-05-24 14:51 . 2001-11-21 14:15 102400 ----a-w- c:\windows\system32\SimpleRegistry.dll
2009-05-24 14:51 . 1998-04-24 04:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-05-24 14:51 . 2009-05-31 20:18 -------- d-----w- c:\program files\Pure Networks
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\users\James Williams\AppData\Roaming\You've Got Pictures Screensaver
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\windows\occache
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\program files\Learn2.com
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\programdata\Viewpoint
2009-05-24 14:50 . 2009-05-24 14:51 -------- d-----w- c:\program files\Viewpoint
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-05-24 14:49 . 2009-05-24 14:49 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- C:\My Music
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\4Media
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\Real
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\Common Files\Real
2009-05-24 14:47 . 2004-05-07 20:54 65536 ----a-w- c:\windows\system32\jgsh400.dll
2009-05-24 14:47 . 2004-05-07 20:54 45568 ----a-w- c:\windows\system32\jgsd400.dll
2009-05-24 14:47 . 2004-05-07 20:54 35840 ----a-w- c:\windows\system32\jgmd400.dll
2009-05-24 14:46 . 2009-05-24 14:46 -------- d-----w- c:\programdata\AOL Downloads
2009-05-23 05:52 . 2009-05-23 05:52 -------- d-----w- c:\users\James Williams\AppData\Local\AOL
2009-05-22 01:39 . 2006-11-01 20:18 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys
2009-05-22 01:38 . 2009-06-01 01:14 -------- d-----w- c:\programdata\AOL
2009-05-22 01:38 . 2009-06-01 01:14 -------- d-----w- c:\program files\Common Files\AOL
2009-05-22 01:38 . 2009-06-01 01:09 -------- d--h--w- C:\TEMP
2009-05-21 03:30 . 2009-05-21 03:30 -------- d-----w- c:\users\James Williams_2\AppData\Local\Stardock_Corporation
2009-05-21 03:19 . 2009-05-21 03:19 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\Talkback
2009-05-21 03:18 . 2009-05-21 03:18 -------- d-----w- c:\users\James Williams_2\AppData\Local\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 03:48 . 2008-12-05 00:54 -------- d-----w- c:\program files\Oberon Media
2009-06-13 23:14 . 2008-12-14 20:06 -------- d-----w- c:\programdata\Dl_cats
2009-06-06 04:06 . 2008-11-26 15:48 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 04:04 . 2008-11-26 15:49 -------- d-----w- c:\program files\QuickTime
2009-06-05 19:37 . 2008-12-11 19:56 -------- d-----w- c:\programdata\Microsoft Help
2009-06-01 01:15 . 2009-06-01 01:10 -------- d-----w- c:\program files\AOL 9.0
2009-06-01 01:14 . 2009-05-24 14:59 -------- d-----w- c:\users\James Williams\AppData\Roaming\AOL
2009-06-01 01:13 . 2009-06-01 01:10 -------- d-----w- c:\program files\Common Files\aolshare
2009-05-29 01:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-29 01:00 . 2009-02-17 02:13 -------- d-----w- c:\program files\DivX
2009-05-26 00:12 . 2009-05-26 00:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-05-25 16:07 . 2009-05-25 16:07 -------- d-----w- c:\program files\Terayon
2009-05-25 16:07 . 2008-11-22 08:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 15:57 . 2009-05-25 15:57 -------- d---a-w- c:\program files\Connection Wizard
2009-05-25 15:57 . 2009-05-25 15:56 -------- d-----w- c:\program files\NetZeroInstaller
2009-05-24 14:46 . 2009-01-01 23:30 335 ----a-w- c:\windows\nsreg.dat
2009-05-16 02:43 . 2009-03-10 01:07 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\DivX
2009-05-14 07:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-11 11:26 . 2009-05-11 11:26 8439 ----a-w- c:\windows\system32\91918hazktool35c.bin
2009-05-11 05:42 . 2009-05-11 05:42 12509 ----a-w- c:\windows\system32\9787zot9a-virus657.bin
2009-05-08 12:39 . 2009-05-08 12:39 -------- d-----w- c:\programdata\Roxio
2009-05-08 12:39 . 2009-05-08 12:39 -------- d-----w- c:\users\James Williams\AppData\Roaming\Roxio
2009-04-30 20:50 . 2009-03-11 20:44 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\Audacity
2009-04-27 17:32 . 2009-04-27 17:32 12043 ----a-w- c:\windows\system32\7319t5r9atz0313.bin
2009-04-24 20:02 . 2009-04-24 20:01 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-04-14 21:59 . 2009-04-14 21:59 3303 ----a-w- c:\windows\system32\3115ztr5j229.exe
2009-04-11 02:37 . 2009-04-11 02:37 69632 ----a-r- c:\users\James Williams_2\AppData\Roaming\Microsoft\Installer\{66F49D6A-E999-4DB0-ADB6-EE546806E340}\NewShortcut2_33D628D2DE174DBC9E7D9A4B4649EF81.exe
2009-04-08 23:23 . 2009-04-08 23:23 10438 ----a-w- c:\windows\system32\5784v5r9s57dz.exe
2009-03-31 20:26 . 2009-03-31 20:26 554880 ----a-w- c:\users\Public\MyWebTattoo.exe
2009-03-19 20:32 . 2009-04-07 15:27 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2007-01-12 21:49 . 2009-02-11 02:22 25770 ----a-w- c:\program files\SFX Machine Pro Read Me.rtf
2008-11-22 08:50 . 2009-01-02 00:28 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-11-22 09:01 . 2008-11-22 09:01 76 --sh--r- c:\windows\CT4CET.bin
2008-11-22 09:59 . 2008-11-22 09:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 17:37 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-22 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Wed Jun 17, 2009 6:56 pm

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Wed Jun 17, 2009 6:57 pm

ComboFix 09-06-16.05 - James Williams_2 06/17/2009 14:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1024 [GMT -4:00]
Running from: c:\users\James Williams_2\Downloads\combo-fix.exe
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
SP: PC-cillin Internet Security - Spyware Protection *disabled* (Outdated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by Belahzur on Wed Jun 17, 2009 7:16 pm

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\5b26backdooz15659.bin
c:\windows\system32\5f85steal29z3.bin
c:\windows\system32\554zvirus699.dll
c:\windows\system32\5290ztroj439.exe
c:\windows\system32\6704s9amzo576e.exe
c:\windows\system32\29905irus7z5.bin
c:\windows\system32\60edsz5a9550.dll
c:\windows\system32\28112nzt-a-viru53b9.exe
c:\windows\system32\955troj6az9.bin
c:\windows\system32\5da9azdwar51559.exe
c:\windows\system32\5z951virusb2.dll
c:\windows\system32\5836znot-a-virus696.dll
c:\windows\system32\z0655troj7e9.exe
c:\windows\system32\a8th59f1278z.dll
c:\windows\system32\5945s9ambot3ze.bin
c:\windows\system32\31255szy509.dll
c:\windows\system32\459cdownl5ader3089z.exe
c:\windows\system32\z566759oj60c.exe
c:\windows\system32\31z599acktool785.bin
c:\windows\system32\2z032hackto955ed.exe
c:\windows\system32\z758backdoor2669.exe
c:\windows\system32\4953tro5265z.bin
c:\windows\system32\dc9zack5oor15699.exe
c:\windows\system32\z199not-5-virus115.bin
c:\windows\system32\5545spy1f9z.dll
c:\windows\system32\9291downl5zder754.exe
c:\windows\system32\47d7addzar517659.bin
c:\windows\system32\755bazkdoor24889.exe
c:\windows\system32\b26thzeat525329.exe
c:\windows\system32\5cz0downlo9d5r3272.dll
c:\windows\system32\f3ezteal29359.bin
c:\windows\system32\599downloaderz539.exe
c:\windows\system32\3166thr59t26223z.dll
c:\windows\system32\32647z5ambot298.bin
c:\windows\system32\91918hazktool35c.bin
c:\windows\system32\9787zot9a-virus657.bin
c:\windows\system32\5784v5r9s57dz.exe
c:\windows\system32\3115ztr5j229.exe

Folder::
c:\programdata\Viewpoint
c:\program files\Viewpoint

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Thu Jun 18, 2009 12:48 am

ComboFix 09-06-16.05 - James Williams_2 06/17/2009 20:30.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.883 [GMT -4:00]
Running from: c:\users\James Williams_2\Downloads\combo-fix.exe
Command switches used :: c:\users\James Williams_2\Desktop\CFScript.txt
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
SP: PC-cillin Internet Security - Spyware Protection *disabled* (Outdated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\28112nzt-a-viru53b9.exe"
"c:\windows\system32\29905irus7z5.bin"
"c:\windows\system32\2z032hackto955ed.exe"
"c:\windows\system32\3115ztr5j229.exe"
"c:\windows\system32\31255szy509.dll"
"c:\windows\system32\3166thr59t26223z.dll"
"c:\windows\system32\31z599acktool785.bin"
"c:\windows\system32\32647z5ambot298.bin"
"c:\windows\system32\459cdownl5ader3089z.exe"
"c:\windows\system32\47d7addzar517659.bin"
"c:\windows\system32\4953tro5265z.bin"
"c:\windows\system32\5290ztroj439.exe"
"c:\windows\system32\5545spy1f9z.dll"
"c:\windows\system32\554zvirus699.dll"
"c:\windows\system32\5784v5r9s57dz.exe"
"c:\windows\system32\5836znot-a-virus696.dll"
"c:\windows\system32\5945s9ambot3ze.bin"
"c:\windows\system32\599downloaderz539.exe"
"c:\windows\system32\5b26backdooz15659.bin"
"c:\windows\system32\5cz0downlo9d5r3272.dll"
"c:\windows\system32\5da9azdwar51559.exe"
"c:\windows\system32\5f85steal29z3.bin"
"c:\windows\system32\5z951virusb2.dll"
"c:\windows\system32\60edsz5a9550.dll"
"c:\windows\system32\6704s9amzo576e.exe"
"c:\windows\system32\755bazkdoor24889.exe"
"c:\windows\system32\91918hazktool35c.bin"
"c:\windows\system32\9291downl5zder754.exe"
"c:\windows\system32\955troj6az9.bin"
"c:\windows\system32\9787zot9a-virus657.bin"
"c:\windows\system32\a8th59f1278z.dll"
"c:\windows\system32\b26thzeat525329.exe"
"c:\windows\system32\dc9zack5oor15699.exe"
"c:\windows\system32\f3ezteal29359.bin"
"c:\windows\system32\z0655troj7e9.exe"
"c:\windows\system32\z199not-5-virus115.bin"
"c:\windows\system32\z566759oj60c.exe"
"c:\windows\system32\z758backdoor2669.exe"
.

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Thu Jun 18, 2009 12:49 am

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint
c:\programdata\Viewpoint
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
c:\programdata\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-672059697.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-681648789.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-716026614.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1588488936.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1697589072.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1024896942.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1136233701.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\290547230.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-207333975.mtx
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\346840136.mtx
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\648662744.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-299234580.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-347626359.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\2091149108.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx
c:\programdata\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9\FLFBootStrap.mtx
c:\programdata\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus\FLFBootStrap.mtx
c:\windows\system32\24z6downloade92195.ocx

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Thu Jun 18, 2009 12:49 am

c:\windows\system32\2511zvi9us311.dll
c:\windows\system32\25130zp970d.dll
c:\windows\system32\25396nzt9a-virus197.bin
c:\windows\system32\25416ha9ztoo552.cpl
c:\windows\system32\25516spambzt592.cpl
c:\windows\system32\2561spyzare27259.bin
c:\windows\system32\2569steaz600.exe
c:\windows\system32\25843v5rzs23b9.cpl
c:\windows\system32\259z95roj50.dll
c:\windows\system32\25cfzhreat99491.ocx
c:\windows\system32\25d9addw9rez209.cpl
c:\windows\system32\26339spy5cbz.bin
c:\windows\system32\26599noz-a-virusa4.exe
c:\windows\system32\26f4zd9ware125.exe
c:\windows\system32\273ebz9kdoor7985.cpl
c:\windows\system32\28112nzt-a-viru53b9.exe
c:\windows\system32\285909ro5z7c.ocx
c:\windows\system32\285b95r33z.cpl
c:\windows\system32\28e39pyzare24905.dll
c:\windows\system32\28z93w5rm3c6.cpl
c:\windows\system32\2911s95az984.cpl
c:\windows\system32\29163not-azvi5us979.cpl
c:\windows\system32\291zspa5se2405.exe
c:\windows\system32\29392not-a-vir5s115z.exe
c:\windows\system32\29789zp5mb9t1cb.bin
c:\windows\system32\29905irus7z5.bin
c:\windows\system32\299ebackd5or2z12.bin
c:\windows\system32\2a915hreat1z71.ocx
c:\windows\system32\2e98thrzat25072.ocx
c:\windows\system32\2ef5virz669.exe
c:\windows\system32\2z0199roj745.bin
c:\windows\system32\2z032hackto955ed.exe
c:\windows\system32\2z573virus7119.exe
c:\windows\system32\30259vizu9599.ocx
c:\windows\system32\30340troj957z.exe
c:\windows\system32\30949zpamb5t39d.exe
c:\windows\system32\31019hac9too5z9.cpl
c:\windows\system32\310965pamboz93b.bin
c:\windows\system32\3115ztr5j229.exe
c:\windows\system32\31255szy509.dll
c:\windows\system32\312z5t9oj5bc.ocx
c:\windows\system32\3166thr59t26223z.dll
c:\windows\system32\31z599acktool785.bin
c:\windows\system32\323355pamz9t2cd.cpl
c:\windows\system32\32544n5t-z-virus697.bin
c:\windows\system32\32647z5ambot298.bin
c:\windows\system32\3271spazbot7895.bin
c:\windows\system32\3273baczdoo52496.ocx
c:\windows\system32\3307bac5doo9z79.exe
c:\windows\system32\335caddz5re17759.ocx
c:\windows\system32\335zthreat282859.dll
c:\windows\system32\34409ot-a-vz5us325.exe
c:\windows\system32\3546sparsez9615.bin
c:\windows\system32\355zroj1945.ocx
c:\windows\system32\35a2th9ea521z47.cpl
c:\windows\system32\35dea5dzar9753.exe
c:\windows\system32\35z9steal459.exe
c:\windows\system32\36b9vzr155.exe
c:\windows\system32\37a9vir2z45.ocx
c:\windows\system32\3802spyware17z95.ocx
c:\windows\system32\3871tr5jza9.cpl
c:\windows\system32\3875threat127z49.cpl
c:\windows\system32\39036not-a-zi5us172.ocx
c:\windows\system32\3967sz5al3226.ocx
c:\windows\system32\3980thr9at503z7.ocx
c:\windows\system32\3a99addw5ze14929.ocx
c:\windows\system32\3aadthi5f399z.cpl
c:\windows\system32\3c99z5r1641.bin
c:\windows\system32\3z05pyw9re2618.bin
c:\windows\system32\4098tr5jzd9.cpl
c:\windows\system32\4259roz35f.dll
c:\windows\system32\42z7s5y23f9.cpl
c:\windows\system32\446zthreat22595.dll
c:\windows\system32\449bszarse2541.cpl
c:\windows\system32\4513wo9m16z.ocx
c:\windows\system32\455zba9kdoor914.bin
c:\windows\system32\459cdownl5ader3089z.exe
c:\windows\system32\45d5addwzre24049.exe
c:\windows\system32\45z7sp9535.cpl
c:\windows\system32\45zdthreat6395.cpl
c:\windows\system32\46fzaddware35139.exe
c:\windows\system32\47d7addzar517659.bin
c:\windows\system32\47e3thie525z19.ocx
c:\windows\system32\4909bazkdo5r3192.exe
c:\windows\system32\4953tro5265z.bin
c:\windows\system32\495e5teaz1241.dll
c:\windows\system32\49bzdownloa5er979.dll
c:\windows\system32\4a86b5ckdoor3z9.dll
c:\windows\system32\4a969parze2565.dll
c:\windows\system32\4abz5ownloader2619.ocx
c:\windows\system32\4adf5ackdoor30z9.exe
c:\windows\system32\4az2v59921.cpl
c:\windows\system32\4czbth5ef2592.ocx
c:\windows\system32\4f74spyware25z95.ocx
c:\windows\system32\4z63s5y99c.cpl
c:\windows\system32\5002zhief25759.cpl
c:\windows\system32\5047spywzre2953.exe
c:\windows\system32\50a7szar5e16889.ocx
c:\windows\system32\50z9vir95.dll
c:\windows\system32\51575ir1609z.exe
c:\windows\system32\5158vzr9753.ocx
c:\windows\system32\51969viruszd1.dll
c:\windows\system32\51aav9r53z9.cpl
c:\windows\system32\51e5baz9door2981.ocx
c:\windows\system32\5239zhackt9ol20d.exe
c:\windows\system32\52848szy129.ocx
c:\windows\system32\5290ztroj439.exe
c:\windows\system32\529139zy1ad.exe
c:\windows\system32\52c9downloade5295z9.ocx
c:\windows\system32\52z9thief592.cpl
c:\windows\system32\52zavi52927.ocx
c:\windows\system32\539zthreat11818.exe
c:\windows\system32\541zwo9md5.dll
c:\windows\system32\5428s9y5ez.cpl
c:\windows\system32\551aviz897.dll
c:\windows\system32\552fdownload9r3165z.dll
c:\windows\system32\5545spy1f9z.dll
c:\windows\system32\554zvirus699.dll
c:\windows\system32\5556th9ez438.cpl
c:\windows\system32\555bz5arse49.bin
c:\windows\system32\55624not-z-v9rus2c.ocx
c:\windows\system32\5576a9zware1186.cpl
c:\windows\system32\5599backdoor1917z.exe
c:\windows\system32\55z4sparse2991.dll
c:\windows\system32\5615ackzoor6359.ocx
c:\windows\system32\5626hackto9l55z.bin
c:\windows\system32\569athief2z29.cpl
c:\windows\system32\569cvi9314z.dll
c:\windows\system32\569z49py53a.ocx
c:\windows\system32\56z7spy5cf9.dll
c:\windows\system32\5784v5r9s57dz.exe
c:\windows\system32\5795zackd9or877.dll
c:\windows\system32\57acdown59ader12z9.ocx
c:\windows\system32\58015zpy90f.ocx
c:\windows\system32\5836znot-a-virus696.dll
c:\windows\system32\589cs5y9zre25.dll
c:\windows\system32\59139zo9-a-virus275.cpl
c:\windows\system32\5921spz9bot52.cpl
c:\windows\system32\5941zir554.exe
c:\windows\system32\5945s9ambot3ze.bin
c:\windows\system32\59555tr9j7z9.exe
c:\windows\system32\595athiez9349.bin
c:\windows\system32\595zn9t-a-v5rus1b.exe
c:\windows\system32\5988zi51947.exe
c:\windows\system32\59929ormd2z.ocx
c:\windows\system32\5998downloader7z2.bin
c:\windows\system32\599downloaderz539.exe
c:\windows\system32\59d1zir3089.dll
c:\windows\system32\59z6v9r5s610.dll
c:\windows\system32\5a9cv9r294z.exe
c:\windows\system32\5b0a9hre5tz0578.dll
c:\windows\system32\5b26backdooz15659.bin
c:\windows\system32\5bf5bazkdo9r1017.cpl
c:\windows\system32\5c06th5eat22z96.exe
c:\windows\system32\5caaszarse1950.exe
c:\windows\system32\5ce9stea51597z.bin
c:\windows\system32\5cz0downlo9d5r3272.dll
c:\windows\system32\5cz0downloader983.cpl
c:\windows\system32\5da9azdwar51559.exe
c:\windows\system32\5efzspa9s5986.dll
c:\windows\system32\5ez6addwar91738.cpl
c:\windows\system32\5f85steal29z3.bin
c:\windows\system32\5fa1zdd9are31365.ocx
c:\windows\system32\5z36back9oor604.ocx
c:\windows\system32\5z57add5ar92055.exe
c:\windows\system32\5z5dsparse619.exe
c:\windows\system32\5z85t5ie9459.bin
c:\windows\system32\5z951virusb2.dll
c:\windows\system32\6058s9ywarez95.ocx
c:\windows\system32\607c9i5335z.cpl
c:\windows\system32\60edsz5a9550.dll
c:\windows\system32\613ea9dwar5220z.cpl
c:\windows\system32\63e25ir25z89.ocx
c:\windows\system32\6694addwa5ez11.dll
c:\windows\system32\66f49ddwar5550z.cpl
c:\windows\system32\6704s9amzo576e.exe
c:\windows\system32\6755not-a-v9rus185z.bin
c:\windows\system32\6760spzmbo95d45.ocx
c:\windows\system32\6953addware10z5.ocx
c:\windows\system32\6955spy6e6z.bin
c:\windows\system32\69b1spzrse27925.bin
c:\windows\system32\69c759dware3z5.bin
c:\windows\system32\6ab9bzckdo5r2505.exe
c:\windows\system32\6c6ds5ezl27519.cpl
c:\windows\system32\6c7f9teal265z.ocx
c:\windows\system32\6cb0spa9ze1252.exe
c:\windows\system32\6z07ad9ware2953.cpl
c:\windows\system32\6zb5backdoor2971.ocx
c:\windows\system32\6zbathi592724.ocx
c:\windows\system32\704bspzwa9e5718.ocx
c:\windows\system32\7319t5r9atz0313.bin
c:\windows\system32\75505ot-a-9iruz2cb.ocx
c:\windows\system32\7555tzief98.ocx
c:\windows\system32\755bazkdoor24889.exe
c:\windows\system32\7585spamb9tcbz.cpl
c:\windows\system32\7585zteal984.dll
c:\windows\system32\759zsp5ware2364.ocx
c:\windows\system32\7653ste9l504z.cpl
c:\windows\system32\76935iz2609.cpl
c:\windows\system32\76dado9nloaze51509.dll
c:\windows\system32\77fcspa9sz5965.cpl
c:\windows\system32\78azthief8975.ocx
c:\windows\system32\793spar5e1545z.dll
c:\windows\system32\7947nzt-a-vir5sd2.dll
c:\windows\system32\7b7vi9957z.ocx
c:\windows\system32\7b9zb9ckdoor19895.ocx
c:\windows\system32\7c8sparse59z9.cpl
c:\windows\system32\7cdd9parse575z.ocx
c:\windows\system32\7cz6st5al19959.ocx
c:\windows\system32\7d685teal89z.ocx
c:\windows\system32\7daezhi9f553.bin
c:\windows\system32\7f83th9ef52z9.ocx
c:\windows\system32\7fz9bac5door773.dll
c:\windows\system32\8491h5zktool22c.cpl
c:\windows\system32\8536hack9o5l5z7.exe
c:\windows\system32\8z60spa5botac9.cpl
c:\windows\system32\8z7addw5re26309.cpl
c:\windows\system32\902z9roj78f5.cpl
c:\windows\system32\9039spy565z.exe
c:\windows\system32\9089ackt5zl342.bin
c:\windows\system32\911z5spy58c.cpl
c:\windows\system32\91918hazktool35c.bin
c:\windows\system32\92172z5rm6cf.ocx
c:\windows\system32\9291downl5zder754.exe
c:\windows\system32\92cathreaz32652.bin
c:\windows\system32\92dbackdoo5z443.exe
c:\windows\system32\93056szy2395.ocx
c:\windows\system32\93095acktool47z.ocx
c:\windows\system32\9394not5a-virus6z.cpl
c:\windows\system32\93z52troj11a5.ocx
c:\windows\system32\9527sp5791z.cpl
c:\windows\system32\955troj6az9.bin
c:\windows\system32\95652viru554z.exe
c:\windows\system32\9577thief2z00.ocx
c:\windows\system32\95785worm60bz.bin
c:\windows\system32\95dath5ef3162z.bin
c:\windows\system32\95dv9z20.ocx
c:\windows\system32\95e0thiefz52.cpl
c:\windows\system32\95e7zhreat8619.exe
c:\windows\system32\96161viruszaf5.ocx
c:\windows\system32\9787zot9a-virus657.bin
c:\windows\system32\9843s5arse23z5.ocx
c:\windows\system32\9845spy137z.cpl
c:\windows\system32\99c5pywarez227.exe
c:\windows\system32\9a12downloader506z.exe
c:\windows\system32\9a3aspywaze365.bin
c:\windows\system32\9b53th5eat2z379.dll
c:\windows\system32\9f75vir25z8.bin
c:\windows\system32\9z79hac5tool4a0.bin
c:\windows\system32\9zfdown5oader2008.bin
c:\windows\system32\a5v9z551.dll
c:\windows\system32\a8th59f1278z.dll
c:\windows\system32\b26thzeat525329.exe
c:\windows\system32\c565ddwarz595.ocx
c:\windows\system32\c6fdownlo5d9z741.dll
c:\windows\system32\cbc5p9ware676z.cpl
c:\windows\system32\cfddownlzad9r13995.cpl
c:\windows\system32\d36thre5t8z97.exe
c:\windows\system32\d7dzownloade52299.bin
c:\windows\system32\d7zste5l9505.bin
c:\windows\system32\dc9zack5oor15699.exe
c:\windows\system32\dcc5t9al1974z.bin
c:\windows\system32\e39steal2957z.ocx
c:\windows\system32\e74threa93561z.ocx
c:\windows\system32\f3ezteal29359.bin
c:\windows\system32\z0565s9yb8.dll
c:\windows\system32\z0655troj7e9.exe
c:\windows\system32\z0812w5rm54a9.ocx
c:\windows\system32\z1152worm5e9.cpl
c:\windows\system32\z155spyw9re2492.dll
c:\windows\system32\z1765spy7679.ocx
c:\windows\system32\z199not-5-virus115.bin
c:\windows\system32\z1b1back9oor14555.ocx
c:\windows\system32\z2298tr5j450.exe
c:\windows\system32\z26dthief2591.cpl
c:\windows\system32\z349th5ef2436.ocx
c:\windows\system32\z46359orm46.cpl
c:\windows\system32\z4699sp56a39.cpl
c:\windows\system32\z4739h5ef823.dll
c:\windows\system32\z5095not9a-virus770.cpl
c:\windows\system32\z566759oj60c.exe
c:\windows\system32\z5799spy5f4.dll
c:\windows\system32\z6192w5rm750.bin
c:\windows\system32\z619tr5j7ac.ocx
c:\windows\system32\z61dth59f2277.dll
c:\windows\system32\z6769hacktoo57c9.dll
c:\windows\system32\z758backdoor2669.exe
c:\windows\system32\z75eaddware199.bin
c:\windows\system32\z769v5rus9ea.cpl
c:\windows\system32\z8936spambo57c6.dll
c:\windows\system32\z9069no9-a-viru529e.ocx
c:\windows\system32\zb0dst9al555.bin
c:\windows\system32\zf54thief14945.dll

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Thu Jun 18, 2009 12:50 am

((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.

2009-06-18 00:36 . 2009-06-18 00:40 -------- d-----w- c:\users\James Williams_2\AppData\Local\temp
2009-06-18 00:36 . 2009-06-18 00:36 -------- d-----w- c:\users\James Williams\AppData\Local\temp
2009-06-16 17:36 . 2009-06-16 17:36 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-16 17:33 . 2009-06-16 17:33 -------- d-----w- c:\program files\AVG
2009-06-14 03:48 . 2009-06-14 03:48 -------- d-----w- c:\program files\Game Rival
2009-06-06 04:06 . 2009-06-06 04:06 -------- d-----w- c:\program files\iPod
2009-06-06 04:06 . 2009-06-06 04:07 -------- d-----w- c:\program files\iTunes
2009-06-06 03:56 . 2009-06-06 03:56 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-02 20:59 . 2009-06-02 20:59 16 ----a-w- c:\windows\popcinfo.dat
2009-06-02 20:17 . 2009-06-02 20:18 -------- d-----w- c:\program files\Bejeweled 2
2009-06-02 20:17 . 2009-06-02 20:17 -------- d-----w- c:\program files\bfgclient
2009-06-02 20:16 . 2009-06-02 20:17 -------- d-----w- C:\BigFishGamesCache
2009-06-02 02:19 . 2009-02-24 22:22 589824 ----a-w- c:\users\James Williams\AppData\Roaming\Flock\Browser\Profiles\fb4pfu1w.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
2009-06-01 19:48 . 2009-06-01 19:48 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\Flock
2009-06-01 19:48 . 2009-06-01 19:48 -------- d-----w- c:\users\James Williams_2\AppData\Local\Flock
2009-06-01 01:19 . 2009-06-01 01:19 -------- d-----w- c:\users\James Williams\AppData\Roaming\Flock
2009-06-01 01:19 . 2009-06-01 01:19 -------- d-----w- c:\users\James Williams\AppData\Local\Flock
2009-06-01 01:19 . 2009-06-17 02:19 -------- d-----w- c:\program files\Flock
2009-06-01 01:17 . 2007-09-17 14:34 136528 ------w- c:\programdata\AOL\UserProfiles\All Users\SUDS\CACHE\4397.2.4\radioupd.exe
2009-05-24 14:52 . 2009-05-24 14:53 -------- d-----w- c:\program files\Common Files\aolback
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\Install ICQ
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\Install iTunes
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\Install AOL Communicator
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\AOL Instant Messenger
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\aolextras
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\programdata\Pure Networks
2009-05-24 14:51 . 1999-04-17 05:06 10752 ----a-w- c:\windows\system32\aamd532.dll
2009-05-24 14:51 . 2001-11-21 14:15 102400 ----a-w- c:\windows\system32\SimpleRegistry.dll
2009-05-24 14:51 . 1998-04-24 04:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-05-24 14:51 . 2009-05-31 20:18 -------- d-----w- c:\program files\Pure Networks
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\users\James Williams\AppData\Roaming\You've Got Pictures Screensaver
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\windows\occache
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\program files\Learn2.com
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-05-24 14:49 . 2009-05-24 14:49 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- C:\My Music
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\4Media
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\Real
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\Common Files\Real
2009-05-24 14:47 . 2004-05-07 20:54 65536 ----a-w- c:\windows\system32\jgsh400.dll
2009-05-24 14:47 . 2004-05-07 20:54 45568 ----a-w- c:\windows\system32\jgsd400.dll
2009-05-24 14:47 . 2004-05-07 20:54 35840 ----a-w- c:\windows\system32\jgmd400.dll
2009-05-24 14:46 . 2009-05-24 14:46 -------- d-----w- c:\programdata\AOL Downloads
2009-05-23 05:52 . 2009-05-23 05:52 -------- d-----w- c:\users\James Williams\AppData\Local\AOL
2009-05-22 01:39 . 2006-11-01 20:18 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys
2009-05-22 01:38 . 2009-06-01 01:14 -------- d-----w- c:\programdata\AOL
2009-05-22 01:38 . 2009-06-01 01:14 -------- d-----w- c:\program files\Common Files\AOL
2009-05-22 01:38 . 2009-06-01 01:09 -------- d--h--w- C:\TEMP
2009-05-21 03:30 . 2009-05-21 03:30 -------- d-----w- c:\users\James Williams_2\AppData\Local\Stardock_Corporation
2009-05-21 03:19 . 2009-05-21 03:19 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\Talkback
2009-05-21 03:18 . 2009-05-21 03:18 -------- d-----w- c:\users\James Williams_2\AppData\Local\Mozilla

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Thu Jun 18, 2009 12:51 am

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 03:48 . 2008-12-05 00:54 -------- d-----w- c:\program files\Oberon Media
2009-06-13 23:14 . 2008-12-14 20:06 -------- d-----w- c:\programdata\Dl_cats
2009-06-06 04:06 . 2008-11-26 15:48 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 04:04 . 2008-11-26 15:49 -------- d-----w- c:\program files\QuickTime
2009-06-05 19:37 . 2008-12-11 19:56 -------- d-----w- c:\programdata\Microsoft Help
2009-06-01 01:15 . 2009-06-01 01:10 -------- d-----w- c:\program files\AOL 9.0
2009-06-01 01:14 . 2009-05-24 14:59 -------- d-----w- c:\users\James Williams\AppData\Roaming\AOL
2009-06-01 01:13 . 2009-06-01 01:10 -------- d-----w- c:\program files\Common Files\aolshare
2009-05-29 01:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-29 01:00 . 2009-02-17 02:13 -------- d-----w- c:\program files\DivX
2009-05-26 00:12 . 2009-05-26 00:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-05-25 16:07 . 2009-05-25 16:07 -------- d-----w- c:\program files\Terayon
2009-05-25 16:07 . 2008-11-22 08:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 15:57 . 2009-05-25 15:57 -------- d---a-w- c:\program files\Connection Wizard
2009-05-25 15:57 . 2009-05-25 15:56 -------- d-----w- c:\program files\NetZeroInstaller
2009-05-24 14:46 . 2009-01-01 23:30 335 ----a-w- c:\windows\nsreg.dat
2009-05-16 02:43 . 2009-03-10 01:07 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\DivX
2009-05-14 07:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-08 12:39 . 2009-05-08 12:39 -------- d-----w- c:\programdata\Roxio
2009-05-08 12:39 . 2009-05-08 12:39 -------- d-----w- c:\users\James Williams\AppData\Roaming\Roxio
2009-04-30 20:50 . 2009-03-11 20:44 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\Audacity
2009-04-24 20:02 . 2009-04-24 20:01 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-04-11 02:37 . 2009-04-11 02:37 69632 ----a-r- c:\users\James Williams_2\AppData\Roaming\Microsoft\Installer\{66F49D6A-E999-4DB0-ADB6-EE546806E340}\NewShortcut2_33D628D2DE174DBC9E7D9A4B4649EF81.exe
2009-03-31 20:26 . 2009-03-31 20:26 554880 ----a-w- c:\users\Public\MyWebTattoo.exe
2007-01-12 21:49 . 2009-02-11 02:22 25770 ----a-w- c:\program files\SFX Machine Pro Read Me.rtf
2008-11-22 08:50 . 2009-01-02 00:28 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-11-22 09:01 . 2008-11-22 09:01 76 --sh--r- c:\windows\CT4CET.bin
2008-11-22 09:59 . 2008-11-22 09:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18248_none_f34a4cecba3fd10b\mshtmler.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18248_none_ae0ee83906df1e56\admparse.dll
+ 2008-11-22 10:08 . 2008-11-22 10:08 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\WininetPlugin.dll
+ 2008-01-21 01:58 . 2009-06-18 00:40 44526 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-18 00:40 80396 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-26 15:01 . 2009-06-18 00:38 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-26 15:01 . 2009-06-17 18:34 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-26 15:01 . 2009-06-18 00:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-26 15:01 . 2009-06-17 18:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-26 15:01 . 2009-06-17 18:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-26 15:01 . 2009-06-18 00:38 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:25 . 2008-01-21 02:25 6656 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18254_none_33f7ddc1da1f1d8a\McrMgr.dll
+ 2008-11-26 21:26 . 2009-06-18 00:36 2890 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-11-26 21:26 . 2009-06-06 04:11 2890 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-03-04 20:31 . 2009-06-18 00:40 5970 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-635421117-3193100926-2788871618-1001_UserData.bin
- 2009-06-17 18:34 . 2009-06-17 18:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-18 00:38 . 2009-06-18 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-18 00:38 . 2009-06-18 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-17 18:34 . 2009-06-17 18:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-01-21 02:24 . 2008-01-21 02:24 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18248_none_647f330bae383e13\ieui.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18248_none_478070c58c9d650d\sqmapi.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18248_none_ae0ee83906df1e56\ieakui.dll
+ 2008-11-26 16:29 . 2009-06-18 00:21 364340 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-06-17 19:05 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-17 18:45 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-17 19:05 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-06-17 18:45 101350 c:\windows\System32\perfc009.dat
+ 2009-05-13 10:44 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22435_none_f2f64e4f84abbcec\OESpamFilter.dat
+ 2009-05-13 10:44 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18259_none_f25b10ee6b9abd39\OESpamFilter.dat
+ 2009-05-13 10:44 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21056_none_f0fb46578794b34f\OESpamFilter.dat
+ 2009-05-13 10:44 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16860_none_f060ffc26e84642a\OESpamFilter.dat
+ 2008-01-21 02:24 . 2008-01-21 02:24 2455488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21046_none_fa10127687d0d070\ieapfltr.dat
+ 2008-01-21 02:24 . 2008-01-21 02:24 2455488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16851_none_f976cc2b6ebf9aa2\ieapfltr.dat
+ 2006-11-02 10:22 . 2009-06-18 00:37 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-06-02 01:54 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-06-18 00:28 . 2009-06-18 00:28 6328320 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-05-01 07:01 . 2009-06-17 23:19 68822149 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Thu Jun 18, 2009 12:51 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 17:37 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-22 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EarthLink Installer"="/C" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-25 442467]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-13 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-13 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-22 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2007-08-27 1807696]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
"DLCICATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
"HostManager"="c:\program files\Common Files\AOL\1242956320\ee\AOLSoftware.exe" [2006-09-26 50736]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-05-24 26112]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

c:\users\James Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

c:\users\James Williams_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-22 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-5-2 1211472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-22 09:07 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Thu Jun 18, 2009 12:51 am

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7E98E1EE-0D97-4E48-AD58-AFB224D32606}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{1A690072-2B94-4B96-BD05-2ABBDCA3DAE9}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{CB0073B7-D67B-45DF-9631-3EAE86A416DD}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{F941A0A8-11AD-42B6-844D-45BF2F8D8168}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{818FEA4B-244E-463F-B827-D12D0829BF50}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{8C40712C-124E-4A12-89EE-5006A3BD6A57}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{E088A383-01F3-4859-AA58-5252C3235F97}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{05B5AB04-D7E3-4995-ABD6-24EEFDFD10F2}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F15C6AFB-2B39-41F8-A455-0FD0085E4F31}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A270C37D-CF63-4D81-B7DD-880D3BF2297C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2D979AD3-3162-4081-8491-A89B3D9F5AF7}"= UDP:c:\program files\Dell V305\dldtamon.exe:Dell Device Monitor
"{68CA02B8-E1E0-42AF-BA74-E3A771BF063C}"= TCP:c:\program files\Dell V305\dldtamon.exe:Dell Device Monitor
"{0E3BD90B-3283-416F-84EB-4067E2A94E15}"= UDP:c:\program files\Dell V305\frun.exe:Dell Imaging Toolbox
"{A8C53F17-4181-4452-8B0C-973EF0F9CADD}"= TCP:c:\program files\Dell V305\frun.exe:Dell Imaging Toolbox
"{A7451A10-F7F8-471B-B962-2029B6E6BAD4}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{08575818-4B96-4180-ACE6-3AA275A604DB}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{7DF05405-931E-46B5-87CC-EBD7C6A325ED}"= UDP:c:\program files\Dell V305\dldtmon.exe:Printer Device Monitor
"{6384988E-20E8-4737-9F11-58487160FF38}"= TCP:c:\program files\Dell V305\dldtmon.exe:Printer Device Monitor
"{C86A5773-D497-444C-B729-4932193B812D}"= UDP:c:\windows\System32\dldtcoms.exe:Lexmark Communications System
"{AB3C388F-C1A0-4C56-AD91-B5F42A1767C4}"= TCP:c:\windows\System32\dldtcoms.exe:Lexmark Communications System
"{068FFBE2-52D0-4A39-A81B-548572A19296}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"{611D736A-CD86-44E9-BCE5-3D994F36B73A}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"{3BE49610-21A0-4BA0-A02A-2507B9A664B3}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dldttime.exe:Time Executable
"{68D0193A-32B4-4571-964A-507F173F1EE1}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dldttime.exe:Time Executable
"{823434F2-C974-4051-BEB9-0C3E3CA01435}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dldtjswx.exe:Job Status Window Interface
"{6C0B27C4-0EF7-4255-9571-C1F81763845D}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dldtjswx.exe:Job Status Window Interface
"{832D5E6D-15BD-46AA-B143-D54EF85A9AC5}"= UDP:c:\windows\System32\dlcicoms.exe:Dell 946 Server
"{CF4B1FAF-0230-489A-AA47-3FA9E1640555}"= TCP:c:\windows\System32\dlcicoms.exe:Dell 946 Server
"{A970F9FD-7D45-4755-9FA8-F4ADC5D105CF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{37E3B7A7-F7AA-4984-8DD2-5945C8DEAC48}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4BE6CCE9-FC80-460B-B5BD-A703EBBC9741}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{951A06AE-E746-4D4F-9E9B-4F86A39F51EF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A9967349-4112-498A-8743-3BE08232562D}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{BFDC91F5-5DF4-47E7-8ECD-C052C5C48460}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{E9DBCE7F-084F-4FF7-8ABB-D1FC29849AD4}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{7376C104-C9E4-4AEC-B915-A72A3B66A820}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{A77A88A9-73BC-4B1D-B049-0BD0F49D03DB}"= UDP:990:LocalSubnet:LocalSubnet|IF={97EA40B6-82BD-4E63-80F4-DFBDFF00F736}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{D81722AA-F4F2-4FEC-975D-8C57B7EFB092}"= UDP:c:\program files\Common Files\AOL\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{0401743A-EF7F-42A6-BDF3-28023D356842}"= TCP:c:\program files\Common Files\AOL\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{03D1DD4D-B024-4B35-BE1B-25599C394057}"= UDP:c:\program files\Common Files\AOL\acs\AOLacsd.exe:AOL Connectivity Service
"{89607905-C3CA-4DE3-A58F-133019CE8D07}"= TCP:c:\program files\Common Files\AOL\acs\AOLacsd.exe:AOL Connectivity Service
"{BAB018C8-CD1F-4DE9-A5BE-F55A506A4162}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{2BCF0F2E-8EF4-445D-8FC1-A1B0E16F8058}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{07FF080E-59F8-4AF9-9CD3-FB598BF045E5}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{BEA8A453-6217-4809-AA38-4A39D456C698}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{4E155F3A-C887-4557-BD30-C6C90C92FE5A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{18E6036B-F65F-4609-A26A-A526A321486C}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{19B71611-8C29-4909-A421-65A062ABBE6E}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{75695D55-8C2B-4AEE-842C-60F080DFBD80}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{9ED15ADD-5C48-4082-8204-2D12652DD189}"= UDP:c:\program files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{429FF43A-4FBA-490F-A971-058C5E202FD3}"= TCP:c:\program files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{B0B9BC3F-D5D3-4C0B-AE86-1C7A82D20A8C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1B78D340-1671-4D08-AA4B-5996370B55E7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Thu Jun 18, 2009 12:52 am

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe [11/22/2008 6:14 AM 73728]
R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [9/24/2008 12:09 AM 155648]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/27/2007 5:22 AM 345432]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/27/2007 5:22 AM 923216]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [11/22/2008 4:51 AM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/27/2007 5:22 AM 566872]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [11/22/2008 6:15 AM 111616]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [11/22/2008 6:15 AM 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [11/22/2008 6:15 AM 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [11/22/2008 6:15 AM 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [11/22/2008 6:15 AM 277440]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\System32\drivers\TM_CFW.sys [11/22/2008 4:51 AM 280392]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\dldtserv.exe [2/25/2008 5:38 PM 99568]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/22/2008 4:50 AM 30192]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\System32\drivers\tj2knd5.sys [5/25/2009 12:14 PM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\System32\drivers\tj2kunic.sys [5/25/2009 12:13 PM 69680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-17 20:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\TEMP\TMP00000001FB51FEC235BF6EAF 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\windows\System32\wlanext.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\dlcicoms.exe
c:\windows\System32\dldtcoms.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\progra~1\TRENDM~1\INTERN~1\pccguide.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Dell V305\dldtmsdmon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-18 20:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-18 00:44
ComboFix2.txt 2009-06-17 18:47

Pre-Run: 100,166,864,896 bytes free
Post-Run: 100,056,252,416 bytes free

722 --- E O F --- 2009-06-17 23:17

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by Belahzur on Thu Jun 18, 2009 1:00 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: winbluesoft wont go away

Post by gtown283 on Thu Jun 18, 2009 3:11 am

running like new...thanks alot for your help and i will try to donate.

gtown283
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-06-17
OS OS : vista
Points Points : 27298
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum