WinBlueSoft

View previous topic View next topic Go down

WinBlueSoft

Post by younana on 19th June 2009, 3:01 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:22 AM, on 20/06/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Aisha\Downloads\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Tester] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AA8DBD6-5A30-424F-B238-D41730331642}: NameServer = 85.255.112.227,85.255.112.166
O17 - HKLM\System\CCS\Services\Tcpip\..\{986993C9-A134-4950-9011-F19F0850B9E8}: NameServer = 85.255.112.227,85.255.112.166
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.227,85.255.112.166
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AA8DBD6-5A30-424F-B238-D41730331642}: NameServer = 85.255.112.227,85.255.112.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.227,85.255.112.166
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9606 bytes

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by younana on 19th June 2009, 3:17 pm

i ended up downloading that malware programe but it wont open when i double click it.

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by Origin on 19th June 2009, 3:18 pm


  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
    O4 - HKCU\..\Run: [Tester] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
    O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1AA8DBD6-5A30-424F-B238-D41730331642}: NameServer = 85.255.112.227,85.255.112.166
    O17 - HKLM\System\CCS\Services\Tcpip\..\{986993C9-A134-4950-9011-F19F0850B9E8}: NameServer = 85.255.112.227,85.255.112.166
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.227,85.255.112.166
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1AA8DBD6-5A30-424F-B238-D41730331642}: NameServer = 85.255.112.227,85.255.112.166
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.227,85.255.112.166



  • Press "Fix Checked"
  • Close Hijack This.







1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Mcafee)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by younana on 19th June 2009, 3:51 pm

did you want the whole combo-fix log?
its too big to send at once, should i split it?

thanks for bearing with me, although im sure your used to the computer illiterate by now.

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by younana on 19th June 2009, 3:53 pm

oh god, i totally spaced on the 'Hijack This' thing you were talking about.
where is that?

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by younana on 19th June 2009, 3:55 pm

oh wait, i found it.
god im embarrassing myself here

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by Origin on 19th June 2009, 4:00 pm

If you have done the HijackThis instructions can you please post the ComboFix log, if its too big, split the log into two posts or more if required.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by younana on 19th June 2009, 4:03 pm

ComboFix 09-06-18.02 - Aisha 20/06/2009 1:35.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.61.1033.18.1013.365 [GMT 10:00]
Running from: c:\users\Aisha\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1320262128-2629484264-1044633116-500
c:\$recycle.bin\S-1-5-21-574531670-2627101763-1657913589-500
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\$recycle.bin\S-1-5-21-1320262128-2629484264-1044633116-500\desktop.ini
c:\$recycle.bin\S-1-5-21-574531670-2627101763-1657913589-500\desktop.ini
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
c:\windows\1009wozm6a5.ocx
c:\windows\10585spy94z.cpl
c:\windows\10691viz5s204.exe
c:\windows\109z0not-a-5irus7bb.ocx
c:\windows\11333hacktoo9z15.cpl
c:\windows\11393z9y5fa5.cpl
c:\windows\113z9wor559f.dll
c:\windows\11449own5oader6z6.bin
c:\windows\115bdownz59der771.dll
c:\windows\1225s9ywaze3015.dll
c:\windows\1225z9r374.cpl
c:\windows\122dbackdoo9z5.dll
c:\windows\12329hacktooz5159.exe
c:\windows\12594no9-a-viruszac.bin
c:\windows\12949t5oz103.cpl
c:\windows\12953hacktoo9z91.cpl
c:\windows\13022trz56809.ocx
c:\windows\13855tz9jf2.exe
c:\windows\13ffaddwzre94535.bin
c:\windows\13z65n95-a-virus42e.exe
c:\windows\13z979ro5472.ocx
c:\windows\1429not5a-viruz1e0.cpl
c:\windows\145539irus9z.dll
c:\windows\14559szam9ot55b.ocx
c:\windows\15372z5y98f.dll
c:\windows\154059orm1caz.ocx
c:\windows\154515acktzol7f9.bin
c:\windows\15464tzo5519.exe
c:\windows\15730t9ojzf9.dll
c:\windows\1575wozm696.ocx
c:\windows\15835zp9775.bin
c:\windows\15905not-a-virus2ez.dll
c:\windows\15993vi5us300z.cpl
c:\windows\15a2spzware9719.dll
c:\windows\16111zpamb59550.dll
c:\windows\166609ackto5l2fz.dll
c:\windows\167565ot-a-viruz4969.exe
c:\windows\1694z5orm3ae.cpl
c:\windows\1709vir5z75.dll
c:\windows\1738z9orm325.exe
c:\windows\17931h5cktooz34b.exe
c:\windows\17964noz-a-v5rus2ce.cpl
c:\windows\17ffdow95zader405.ocx
c:\windows\17z56v95us18.dll
c:\windows\1853zh9ef1458.ocx
c:\windows\18611z9ambot5d65.dll
c:\windows\18z349acktoolce5.dll
c:\windows\19003spa5bot775z.exe
c:\windows\1905do5nloader2581z.cpl
c:\windows\19153v9rzs76.exe
c:\windows\1924195y6f6z.exe
c:\windows\196825z9335.exe
c:\windows\19751s5azbot19c.ocx
c:\windows\1986z5irusad.cpl
c:\windows\19959zp56a.bin
c:\windows\19b3sparse155z9.dll
c:\windows\1c14t95ef1z40.cpl
c:\windows\1c28s9eal2z585.ocx
c:\windows\1e96azd9are5117.dll
c:\windows\1eb9bazkdo5r315.ocx
c:\windows\1ezesp5ware9604.ocx
c:\windows\1z5dsp59are54.dll
c:\windows\1z899s5ambot1d7.exe
c:\windows\1z95do9nloader1195.ocx
c:\windows\2049spa5se1z87.bin
c:\windows\20e5downzoader27859.dll
c:\windows\21427haczt9o55f4.ocx
c:\windows\21455hacktool1z09.exe
c:\windows\21559not-a-virusz99.ocx
c:\windows\2155ztroj9b5.cpl
c:\windows\21813s9y38z5.ocx
c:\windows\21957spam95tz3e.dll
c:\windows\21z10v59us501.cpl
c:\windows\22159troz9f9.bin
c:\windows\22175notz5-9irus660.bin
c:\windows\22365pazbot3159.exe
c:\windows\228055r9j1z2.bin
c:\windows\229345r9jz79.bin
c:\windows\229505irus492z.dll
c:\windows\23406szambot5f09.bin
c:\windows\237459z371.bin
c:\windows\2374t9zea525685.cpl
c:\windows\238z7vi9u554.exe
c:\windows\23925troj778z.cpl
c:\windows\239athzeat930455.dll
c:\windows\23z97wor513a.cpl
c:\windows\24233hacktzo59cd.dll
c:\windows\24389spz2d59.dll
c:\windows\24668wo5z5019.bin
c:\windows\24851wo9m52z.cpl
c:\windows\25090no5za-v9rus78f.cpl
c:\windows\250aaddwar968z.exe
c:\windows\25128spy920z.dll
c:\windows\251755acktoo93z2.exe
c:\windows\2526zviru55e9.cpl
c:\windows\255449iz5s424.cpl
c:\windows\25550v5rusz97.ocx
c:\windows\25681hacktozl495.exe
c:\windows\25715zp9mbot146.dll
c:\windows\259zvi53187.cpl
c:\windows\25azvir5229.dll
c:\windows\25zdth5eat5976.ocx
c:\windows\261zt9ief5010.dll
c:\windows\26509zroj665.dll
c:\windows\26ccs9ezl253.exe
c:\windows\26z93spambot9ee5.bin
c:\windows\27549worz669.bin
c:\windows\2758zspy6ab9.bin
c:\windows\27761no5-a-9irus36cz.cpl
c:\windows\279055ot-a-virus2bz.dll
c:\windows\28572troz59.exe
c:\windows\285b9hiez399.dll
c:\windows\29090hzc5tool2c0.bin
c:\windows\2915859y7cz.ocx
c:\windows\2929troj5z2.exe
c:\windows\293cv5z366.exe
c:\windows\29694vzru5399.exe
c:\windows\297075zrmeb.ocx
c:\windows\29765szy5d8.exe
c:\windows\2977zs59725.ocx
c:\windows\29839w9rmzc25.dll
c:\windows\29879t5oj41z.cpl
c:\windows\298z9w5r952a.exe
c:\windows\2995spyz5r91024.exe
c:\windows\299no5-9zvirus653.ocx
c:\windows\29f6downloadzr1536.ocx
c:\windows\29zwo5m643.dll
c:\windows\2a52z9ief1548.exe
c:\windows\2a93threat963z55.exe
c:\windows\2b95spzw9re31565.bin
c:\windows\2d9cs5ywarez535.exe
c:\windows\2e6dzown95ader3138.cpl
c:\windows\2fa2zhi9f1521.cpl
c:\windows\2z23addwa5e2429.ocx
c:\windows\2z259wo5m492.bin
c:\windows\2z699s5y251.bin
c:\windows\2zb9steal2512.ocx
c:\windows\301539zrus485.cpl
c:\windows\30529hackt5oz789.bin
c:\windows\30z97vi9us35f.bin
c:\windows\31199spamb5tz61.exe
c:\windows\3183t59j8z.bin
c:\windows\3192s9ea5574z.exe
c:\windows\31d9v9z518.dll
c:\windows\325569py5z5.cpl
c:\windows\32573v5r9sb9z.ocx
c:\windows\326z9troj95.bin
c:\windows\32905spz27b.dll
c:\windows\331zvir56629.dll
c:\windows\335zthr95t31209.exe
c:\windows\3375azdwa9e2996.exe
c:\windows\33985owzload9r3182.exe
c:\windows\351bzackdoor2967.cpl
c:\windows\358ddown9o5der104z.dll
c:\windows\3594spars9z742.dll
c:\windows\3609zir915.bin
c:\windows\36ffthzef5829.ocx
c:\windows\3859v9z600.cpl
c:\windows\3895tzal572.exe
c:\windows\3897ad9waze23815.ocx
c:\windows\3899s954z9.cpl
c:\windows\396zw5rm625.ocx
c:\windows\39c8b5ckdoor3z9.ocx
c:\windows\3b29vi516z8.ocx
c:\windows\3d51spaz9e519.bin
c:\windows\3e95threaz20365.dll
c:\windows\3f35spywarz5619.bin
c:\windows\3fdzv5r596.exe
c:\windows\3z22w5rm629.dll
c:\windows\3z359tro5f6.ocx
c:\windows\3z509hreat17185.cpl
c:\windows\3z61troj5459.dll
c:\windows\3z8c9p5rse1344.exe
c:\windows\3za85ackd9or2227.dll
c:\windows\3zedthrea529525.exe
c:\windows\4051spzrse9460.ocx
c:\windows\4453d9wnzoader754.dll
c:\windows\450zdownloa9er20.dll
c:\windows\4535wor919z.ocx
c:\windows\4559sparse1z.exe
c:\windows\45z4sparse28759.exe
c:\windows\4624spzw9r52988.cpl
c:\windows\4733tzre5t21119.exe
c:\windows\47z69roj5d1.bin
c:\windows\4855th5ezt210299.ocx
c:\windows\4972stezl1055.ocx
c:\windows\4980spars5989z.dll
c:\windows\4985pambotzc29.bin
c:\windows\4z2fthr5at98917.dll
c:\windows\4z56thre9t17696.cpl
c:\windows\5009s5arse12z.ocx
c:\windows\5056s9ambotz40.exe
c:\windows\51292spy7z.dll
c:\windows\512bbac5door3993z.ocx
c:\windows\51461tro9e0z.dll
c:\windows\5195sp9rse1926z.bin
c:\windows\52285no9-a-virus7bz.dll
c:\windows\5229hacktool55z.ocx
c:\windows\527zt9o57ec.dll
c:\windows\528fbackdoor3195z.cpl
c:\windows\532169acktzol767.exe
c:\windows\53359szambot299.bin
c:\windows\533fspywa5z32029.ocx
c:\windows\53439v9zus4d3.exe
c:\windows\541zaddwa9e2825.exe
c:\windows\54a35oznloade92810.dll
c:\windows\5555thiefz9029.cpl
c:\windows\5569w9rmbz.cpl
c:\windows\55b7ba9kdzor35.bin
c:\windows\55spamzot92e.ocx
c:\windows\5645b9c5dozr1269.bin
c:\windows\567279ot-a-virus17z.ocx
c:\windows\567ste5l2699z.bin
c:\windows\57849hzeat50380.exe
c:\windows\57d5v9r24z3.dll
c:\windows\57f69hreatz3954.bin
c:\windows\5801worm25z9.ocx
c:\windows\5834zpywar91599.bin
c:\windows\5849not-a9viru5z4a.exe
c:\windows\58538h9ckzool56a.ocx
c:\windows\5857zteal9610.bin
c:\windows\5859spyware2362z.dll
c:\windows\5908vir5901z.exe
c:\windows\5920addwzre552.exe
c:\windows\5947threat9z70.cpl
c:\windows\59572hacktool5z7.cpl
c:\windows\5957sparse615z.cpl
c:\windows\5959spyz75.cpl
c:\windows\5968not-z-virus5ac.ocx
c:\windows\59advir98z0.ocx
c:\windows\5a1vi950z7.bin
c:\windows\5a27sparsez995.ocx
c:\windows\5aa95p9wzre515.exe
c:\windows\5b3zt9ief27465.ocx
c:\windows\5b8backd5oz5929.ocx
c:\windows\5bz2sparse15179.cpl
c:\windows\5c5stealz149.bin
c:\windows\5ca6bac9door278z.exe
c:\windows\5d96v9r74z.cpl
c:\windows\5e79sp9waze459.exe
c:\windows\5fca9z51483.dll
c:\windows\5z4thr9at31033.exe
c:\windows\5z549troj52d.dll
c:\windows\5z955virus50d.bin
c:\windows\5z9fs9yware1501.ocx
c:\windows\5zvir2965.dll
c:\windows\6157doznlo59er413.dll
c:\windows\6241b9ckdoor2z85.ocx
c:\windows\6259steaz2958.dll
c:\windows\6295acktozl670.dll
c:\windows\62dedo9nloazer21595.ocx
c:\windows\64c49hizf3526.exe
c:\windows\64f7t5zef390.ocx
c:\windows\6549tzreat22090.ocx
c:\windows\65d7z9eal936.cpl
c:\windows\664a5ddzare893.dll
c:\windows\6758zparse1297.bin
c:\windows\67z6a9dware23615.ocx
c:\windows\6905sparze1415.dll
c:\windows\695dvir59z9.bin
c:\windows\699fthief5z84.dll
c:\windows\69bztea52166.bin
c:\windows\69e5steal255z.bin
c:\windows\6c87addw59e1191z.cpl
c:\windows\6c96backzo5r86.cpl
c:\windows\6cc5s9arsez9825.exe
c:\windows\6e59thrza51670.cpl
c:\windows\6z9eaddware1555.dll
c:\windows\7151s9azse300.exe
c:\windows\7165worz5e9.bin
c:\windows\7299thr5at1477z.dll
c:\windows\72f49zea52916.exe
c:\windows\72z8ad9w5re3147.ocx
c:\windows\73z1thief91645.bin
c:\windows\7404notza-viru91a5.ocx
c:\windows\7499s9ywaze5102.bin
c:\windows\753spyz0c9.ocx
c:\windows\7545zorm1995.dll
c:\windows\7552sparsz22299.ocx
c:\windows\7564spzware5397.dll
c:\windows\7569noz-95virus642.dll
c:\windows\75d85ownloa9er1374z.cpl
c:\windows\75zestea92753.cpl
c:\windows\7671st9al5257z.bin
c:\windows\770az9ea52351.bin
c:\windows\7798d5wnloaderz74.bin
c:\windows\78915ir1603z.cpl
c:\windows\789dbzck5oor1850.exe
c:\windows\78b9sp5r9z2550.cpl
c:\windows\791zhacktool50f.bin
c:\windows\7933spyw9re1659z.cpl
c:\windows\793thief299z5.cpl
c:\windows\7994spyw5re1404z.dll
c:\windows\79965ownlozder1204.ocx
c:\windows\79e7dowzloader2521.exe
c:\windows\79sp5r9z2124.bin
c:\windows\7a5ea9dware195z.exe
c:\windows\7c1b9zckdoor5320.dll
c:\windows\7d65do9nzoad5r3193.bin
c:\windows\7eb1a5dw9re278z.ocx
c:\windows\7fbfszea56169.cpl
c:\windows\7z25ste9l19.exe
c:\windows\7z50hac9tool75d.exe
c:\windows\809thi5z3084.exe
c:\windows\8331ha9kto5l5fz.exe
c:\windows\8550h9ckzool625.ocx
c:\windows\8b9stealz955.bin
c:\windows\8fes5ywzre2089.ocx
c:\windows\91243trojzf75.exe
c:\windows\915765zrm2cf.dll
c:\windows\9162vizus54.bin
c:\windows\91z95irus3d4.cpl
c:\windows\9243zwo5m2a8.cpl
c:\windows\9260downloa5zr369.ocx
c:\windows\931tr9jze5.ocx
c:\windows\9356zpy297.bin
c:\windows\93ddthzeat56197.bin
c:\windows\94085wormz885.dll
c:\windows\943asteal1045z.ocx
c:\windows\946zsteal15875.ocx
c:\windows\9573szy3479.cpl
c:\windows\96513s5yz9.exe
c:\windows\96543nzt-a5virus12e.exe
c:\windows\96635viruszcf.cpl
c:\windows\97665worm4ez.bin
c:\windows\9895spycz.cpl
c:\windows\9924s9569cz.cpl
c:\windows\993viruz5d3.exe
c:\windows\99581troj38z5.bin
c:\windows\995backdoorz251.cpl
c:\windows\9961no5za-v9rus61c.ocx
c:\windows\9c3fv5r3233z.dll
c:\windows\9c5vir1z535.bin
c:\windows\9z19s9am5ot5ad.bin
c:\windows\bc85tealz923.exe
c:\windows\bef5zarse179.bin
c:\windows\c54threaz287869.dll
c:\windows\c99threzt4050.dll
c:\windows\d32addz5re1999.cpl
c:\windows\d52vir3z929.ocx
c:\windows\dcadownz9ader1550.exe
c:\windows\e17s9ar5z6.bin
c:\windows\ebcthi9f255z.exe
c:\windows\f95stezl918.dll
c:\windows\f9stea54z6.exe
c:\windows\system32\1066d95nloadzr1935.cpl
c:\windows\system32\10857spazbot5b9.dll
c:\windows\system32\11150hack5ool195z.bin
c:\windows\system32\115185roj319z.bin
c:\windows\system32\1185not-a-virz95b1.exe
c:\windows\system32\1188ba9k5oor3z04.cpl
c:\windows\system32\12580zp91705.exe
c:\windows\system32\12650zp93a8.cpl
c:\windows\system32\1268a5dware199z.cpl
c:\windows\system32\129zt9rea51215.dll
c:\windows\system32\130azhief1945.dll
c:\windows\system32\1311zp95e.cpl
c:\windows\system32\13859t9zj7ec5.ocx
c:\windows\system32\14094z9oj275.cpl
c:\windows\system32\14224haczt9ol55.bin
c:\windows\system32\142905py62dz.bin
c:\windows\system32\14585virus94z.bin
c:\windows\system32\14685w5r93zc.dll
c:\windows\system32\14793szamb5t29d.bin
c:\windows\system32\14853wormz19.bin
c:\windows\system32\149619ot-a-viruz255.dll
c:\windows\system32\151799izus31.dll
c:\windows\system32\15274sp95zf.exe
c:\windows\system32\152z9hacktool4589.bin
c:\windows\system32\15389nzt-a-vi9us3f35.bin
c:\windows\system32\15450w9rz187.bin
c:\windows\system32\1568zvirus795.ocx
c:\windows\system32\15739hacztool569.bin
c:\windows\system32\15991troz553.bin
c:\windows\system32\15b09hief83z.exe
c:\windows\system32\16005hacktool5z9.bin
c:\windows\system32\16595worm2z7.bin
c:\windows\system32\16938vzr5s639.cpl
c:\windows\system32\16953spy6za.cpl
c:\windows\system32\16958spy50dz.dll
c:\windows\system32\16azsparse13975.exe
c:\windows\system32\16b2thi951066z.bin
c:\windows\system32\16z92w5rm549.cpl
c:\windows\system32\170155orm599z.dll
c:\windows\system32\1780spamz9523e.exe
c:\windows\system32\17862notza-v9rus5aa.cpl
c:\windows\system32\17946not5a-vizu958a.dll
c:\windows\system32\17z35v9rus5a1.ocx
c:\windows\system32\18952spa5bot14z.cpl
c:\windows\system32\18c9spy5arez229.bin
c:\windows\system32\191z9s9y595.exe
c:\windows\system32\19475zr591d5.cpl
c:\windows\system32\19525szy569.ocx
c:\windows\system32\19569virzs710.dll
c:\windows\system32\19650trzj5d.dll
c:\windows\system32\198z5troj5af5.bin
c:\windows\system32\19924spambz5569.dll
c:\windows\system32\19997troj350z.exe
c:\windows\system32\19bz5teal2674.dll
c:\windows\system32\1a9dtzief14495.dll
c:\windows\system32\1b58szyw9re2951.dll
c:\windows\system32\1b5za9dware81.dll
c:\windows\system32\1b9c9i5274z.dll
c:\windows\system32\1c7edownlza5er915.ocx
c:\windows\system32\1cz5thief50549.dll
c:\windows\system32\1fe3addware1595z.dll
c:\windows\system32\1z455hack9ool361.dll
c:\windows\system32\1z584h9ckto5l25f.exe
c:\windows\system32\1z957not-a-viru54fa.ocx
c:\windows\system32\1z9aaddwa5e2551.cpl
c:\windows\system32\1za9thre5t9149.ocx
c:\windows\system32\1ze995dware453.dll
c:\windows\system32\20086not-a5v9ruszd6.ocx
c:\windows\system32\20592sp5zbot1f5.exe
c:\windows\system32\20848hacztool59.dll
c:\windows\system32\209zsp9rs5749.bin

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by younana on 19th June 2009, 4:04 pm

c:\windows\system32\21129spy2az5.ocx
c:\windows\system32\21291not9a-vir5szd9.bin
c:\windows\system32\21533hzcktool2c9.bin
c:\windows\system32\2155viru910z.exe
c:\windows\system32\2197spyz595.cpl
c:\windows\system32\21ffsparse1z559.cpl
c:\windows\system32\22060zroj559.exe
c:\windows\system32\220865pzmbot90.exe
c:\windows\system32\2280vir9sz95.bin
c:\windows\system32\22929not-a5virus1z.ocx
c:\windows\system32\234849py53fz.dll
c:\windows\system32\2355595rmzcb.bin
c:\windows\system32\236069pzb5.exe
c:\windows\system32\2363thie9z5155.dll
c:\windows\system32\23690szy5a1.exe
c:\windows\system32\23833noz-a-vir9s5785.cpl
c:\windows\system32\23892vi5u9dfz.exe
c:\windows\system32\23e85zd9are2425.bin
c:\windows\system32\24649tz593dd.ocx
c:\windows\system32\24aaaddwzre9159.exe
c:\windows\system32\drivers\MSIVXoolbgvfsbodsivgpnfabdjvvsppneexu.sys
c:\windows\system32\KBL.LOG
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXfiiacdnbbnkervwbctapwaqukurfbosi.dll
c:\windows\system32\MSIVXmnocrowdoqmibfvfpocxemvgcrkicvdp.dll
c:\windows\system32\setup2.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\z02635ot-a-virus92f.exe
c:\windows\z05hacktoo9b9.bin
c:\windows\z0659h9cktool82.exe
c:\windows\z0965spy2985.cpl
c:\windows\z1e5addwa5e119.cpl
c:\windows\z398threa525926.dll
c:\windows\z3e95ir3125.cpl
c:\windows\z535vir19569.ocx
c:\windows\z5473virus5905.dll
c:\windows\z5909s9y229.dll
c:\windows\z5abac9door641.exe
c:\windows\z6a8sp59se973.exe
c:\windows\z7062w5r973e.cpl
c:\windows\z8470v9rus6995.dll
c:\windows\z88255ro911a.dll
c:\windows\z89cvir5117.cpl
c:\windows\z9183vi5us1fb.cpl
c:\windows\z950addware2214.exe
c:\windows\z9648vir5sba.ocx
c:\windows\z980troj1e5.ocx
c:\windows\z999spy45a.dll
c:\windows\zb49addwa5e611.dll
c:\windows\zb98download5r1753.exe
c:\windows\zcb8v5r1919.ocx
c:\windows\ze5dbackdo5r2495.dll
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-12-22 06:23 . 2009-12-22 06:23 11066 ----a-w- c:\windows\system32\4511ste9lz399.dll
2009-12-19 04:21 . 2009-12-19 04:21 4807 ----a-w- c:\windows\system32\56155pambot595z.bin
2009-12-17 09:50 . 2009-12-17 09:50 13751 ----a-w- c:\windows\system32\3859thzeat2989.bin
2009-12-17 01:22 . 2009-12-17 01:22 14894 ----a-w- c:\windows\system32\2517backd9or27z4.exe
2009-12-13 23:56 . 2009-12-13 23:56 15418 ----a-w- c:\windows\system32\4294sp5rze549.exe
2009-12-09 05:58 . 2009-12-09 05:58 10662 ----a-w- c:\windows\system32\300595a9ktool58z.dll
2009-12-06 13:18 . 2009-12-06 13:18 8332 ----a-w- c:\windows\system32\24e39zy5are1560.dll
2009-12-03 07:40 . 2009-12-03 07:40 7961 ----a-w- c:\windows\system32\5505v9rus120z.bin
2009-11-28 17:57 . 2009-11-28 17:57 18402 ----a-w- c:\windows\system32\5efbvir15z29.dll
2009-11-25 18:43 . 2009-11-25 18:43 8308 ----a-w- c:\windows\system32\69c3zteal5944.dll
2009-11-25 16:40 . 2009-11-25 16:40 3419 ----a-w- c:\windows\system32\5965downloader86z.bin
2009-11-25 12:07 . 2009-11-25 12:07 15508 ----a-w- c:\windows\system32\z4f4sparse57409.dll
2009-11-13 14:03 . 2009-11-13 14:03 11753 ----a-w- c:\windows\system32\z94595roj74b.bin
2009-11-05 19:10 . 2009-11-05 19:10 2705 ----a-w- c:\windows\system32\29592hack9ozl605.dll
2009-11-04 20:38 . 2009-11-04 20:38 17752 ----a-w- c:\windows\system32\5821spywaze3988.exe
2009-10-22 17:29 . 2009-10-22 17:29 10287 ----a-w- c:\windows\system32\514dsteal9069z.dll
2009-10-20 23:19 . 2009-10-20 23:19 2754 ----a-w- c:\windows\system32\56679hacktoolz88.exe
2009-10-17 02:33 . 2009-10-17 02:33 16469 ----a-w- c:\windows\system32\3z4d5ownl9ader2834.exe
2009-10-15 04:31 . 2009-10-15 04:31 10678 ----a-w- c:\windows\system32\z304n95-a-virus5fb.dll
2009-10-08 15:46 . 2009-10-08 15:46 17641 ----a-w- c:\windows\system32\2759d5wnloader1175z.exe
2009-10-06 14:46 . 2009-10-06 14:46 2648 ----a-w- c:\windows\system32\639cthief54z9.dll
2009-10-03 05:58 . 2009-10-03 05:58 9853 ----a-w- c:\windows\system32\2929zp5rs92851.bin
2009-09-13 00:39 . 2009-09-13 00:39 9023 ----a-w- c:\windows\system32\5401zir1975.dll
2009-09-10 09:31 . 2009-09-10 09:31 10984 ----a-w- c:\windows\system32\z72aaddw5re1900.bin
2009-08-25 17:57 . 2009-08-25 17:57 6037 ----a-w- c:\windows\system32\27485v95us54z.bin
2009-08-21 09:39 . 2009-08-21 09:39 13777 ----a-w- c:\windows\system32\f3f9i5732z.dll
2009-07-28 03:07 . 2009-07-28 03:07 14236 ----a-w- c:\windows\system32\z72459ief2674.exe
2009-07-27 05:41 . 2009-07-27 05:41 7939 ----a-w- c:\windows\system32\3392thr5at3z135.exe
2009-07-21 15:53 . 2009-07-21 15:53 11511 ----a-w- c:\windows\system32\25420spamzot497.exe
2009-07-18 04:04 . 2009-07-18 04:04 5436 ----a-w- c:\windows\system32\z50s9y514.dll
2009-07-09 07:12 . 2009-07-09 07:12 6245 ----a-w- c:\windows\system32\3a059tezl2473.exe
2009-07-08 08:31 . 2009-07-08 08:31 5809 ----a-w- c:\windows\system32\70bthr5z925592.bin
2009-07-05 05:05 . 2009-07-05 05:05 6434 ----a-w- c:\windows\system32\4584szyware985.dll
2009-06-27 04:58 . 2009-06-27 04:58 18361 ----a-w- c:\windows\system32\5ecdszar9e12855.bin
2009-06-23 05:51 . 2009-06-23 05:51 4326 ----a-w- c:\windows\system32\45d7sparsz985.dll
2009-06-19 19:55 . 2009-06-19 19:55 6373 ----a-w- c:\windows\system32\7547ste9lz65.dll
2009-06-19 15:44 . 2009-06-19 15:45 -------- d-----w- c:\users\Aisha\AppData\Local\temp
2009-06-19 15:08 . 2009-06-17 01:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-19 15:08 . 2009-06-19 15:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 15:08 . 2009-06-19 15:08 -------- d-----w- c:\programdata\Malwarebytes
2009-06-19 15:08 . 2009-06-17 01:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-19 14:03 . 2009-06-19 14:03 9401 ----a-w- c:\windows\system32\fcfdownlo9der13z5.bin
2009-06-19 14:03 . 2009-06-19 14:03 4716 ----a-w- c:\windows\system32\7434zhi5f1957.bin
2009-06-19 14:03 . 2009-06-19 14:03 11949 ----a-w- c:\windows\system32\5092troz1c59.dll
2009-06-19 14:03 . 2009-06-19 14:03 7952 ----a-w- c:\windows\system32\3059worm1ez.dll
2009-06-19 14:03 . 2009-06-19 14:03 5964 ----a-w- c:\windows\system32\31415hac9tool11z.exe
2009-06-19 14:03 . 2009-06-19 14:03 13109 ----a-w- c:\windows\system32\58z44spy6ae9.bin
2009-06-19 14:03 . 2009-06-19 14:03 12194 ----a-w- c:\windows\system32\552c5a9kzoor260.dll
2009-06-19 14:03 . 2009-06-19 14:03 11332 ----a-w- c:\windows\system32\321z5spamb9t1d8.dll
2009-06-19 14:03 . 2009-06-19 14:03 10254 ----a-w- c:\windows\system32\596zs5arse2961.dll
2009-06-18 04:06 . 2009-06-19 14:15 -------- d-----w- c:\program files\ezt
2009-06-17 15:04 . 2009-06-17 15:04 5963 ----a-w- c:\windows\system32\6z16spy5are29459.exe
2009-06-15 17:11 . 2009-06-15 17:11 11971 ----a-w- c:\windows\system32\4693bazk5oor2943.exe
2009-06-15 11:50 . 2009-06-15 11:50 -------- d-----w- c:\program files\DivxFree
2009-06-14 23:15 . 2009-06-14 23:15 6778 ----a-w- c:\windows\system32\5116zvir9s722.exe
2009-06-13 15:10 . 2009-06-13 15:10 9322 ----a-w- c:\windows\system32\54ezhief2391.exe
2009-06-11 03:02 . 2009-06-11 03:02 3603 ----a-w- c:\windows\system32\91436vir5s1dz.exe
2009-06-08 12:44 . 2007-12-03 07:32 8536 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\hnlureg.dll
2009-06-08 12:44 . 2007-12-05 07:11 10088 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\NAVLUReg.dll
2009-06-08 12:41 . 2008-10-17 05:52 9576 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\CCCMNLUM.DLL
2009-06-08 12:41 . 2007-12-06 08:45 9584 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\IV20.dll
2009-06-08 12:41 . 2007-12-06 08:45 9584 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\WP20.dll
2009-06-08 12:41 . 2007-11-21 07:30 9096 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\LUTPReg.dll
2009-06-08 12:41 . 2007-12-03 07:33 9048 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\FWLUReg.dll
2009-06-05 01:42 . 2009-06-05 01:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 01:42 . 2009-06-05 01:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-03 03:44 . 2009-06-03 03:44 2863 ----a-w- c:\windows\system32\5990hazktool69.bin
2009-06-02 00:34 . 2008-09-28 20:09 1290584 ----a-w- c:\programdata\Symantec\SyKnAppS\Freezer\NCO\SyKnAppS.dll
2009-06-01 07:01 . 2009-06-15 09:00 -------- d-----w- c:\users\Aisha\AppData\Local\Adobe
2009-06-01 05:01 . 2009-06-01 05:01 -------- d-----w- c:\users\Aisha\AppData\Local\Mozilla
2009-06-01 04:53 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-01 04:53 . 2009-03-19 06:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-01 04:53 . 2009-06-01 04:53 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-01 04:53 . 2009-06-01 04:53 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by younana on 19th June 2009, 4:04 pm

2009-06-01 04:53 . 2009-06-01 04:53 -------- d-----w- c:\program files\iTunes
2009-06-01 04:51 . 2009-06-01 04:51 -------- d-----w- c:\program files\Bonjour
2009-06-01 04:46 . 2009-06-01 04:46 -------- d-----w- c:\users\Aisha\AppData\Local\Apple
2009-06-01 04:46 . 2009-06-01 04:46 -------- d-----w- c:\program files\Apple Software Update
2009-06-01 04:45 . 2009-06-01 04:53 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 04:45 . 2009-06-18 04:10 -------- d-----w- c:\programdata\Apple
2009-06-01 04:22 . 2009-06-15 12:55 -------- d-----w- c:\users\Aisha\AppData\Local\Google
2009-06-01 04:21 . 2009-06-01 04:22 -------- d-----w- c:\program files\Google
2009-05-28 05:46 . 2009-05-28 05:46 15005 ----a-w- c:\windows\system32\45cz9parse506.dll
2009-05-23 12:50 . 2009-05-23 12:50 2668 ----a-w- c:\windows\system32\65ezpyw5re2952.bin
2009-05-21 10:12 . 2009-05-21 10:12 14846 ----a-w- c:\windows\system32\3626sp5mbzt99a.exe
2009-05-20 16:06 . 2009-05-20 16:06 14036 ----a-w- c:\windows\system32\62abthie59z6.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 07:18 . 2008-09-06 02:39 -------- d-----w- c:\users\Aisha\AppData\Roaming\Apple Computer
2009-06-08 13:01 . 2007-11-22 10:05 -------- d-----w- c:\program files\Norton Internet Security
2009-06-08 13:01 . 2007-11-22 10:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-08 12:48 . 2007-11-22 10:04 -------- d-----w- c:\program files\Symantec
2009-06-08 12:48 . 2007-11-22 10:04 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-08 12:48 . 2007-11-22 10:04 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-08 12:48 . 2007-11-22 10:04 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-08 12:44 . 2007-11-22 10:04 -------- d-----w- c:\programdata\Symantec
2009-06-01 04:53 . 2008-09-06 02:30 -------- d-----w- c:\program files\iPod
2009-06-01 04:51 . 2008-09-06 02:38 -------- d-----w- c:\program files\QuickTime
2009-06-01 04:50 . 2008-09-06 02:32 -------- d-----w- c:\programdata\Apple Computer
2009-05-17 15:36 . 2009-05-17 15:36 9957 ----a-w- c:\windows\system32\5f1avi91z20.exe
2009-05-16 06:18 . 2009-05-16 06:18 17537 ----a-w- c:\windows\system32\978edo5nloadez2623.exe
2009-05-11 17:40 . 2009-05-11 17:40 3862 ----a-w- c:\windows\system32\69z5tro91e.exe
2009-05-08 15:05 . 2009-05-08 15:05 7446 ----a-w- c:\windows\system32\z9496not-a-virus6b5.bin
2009-04-27 06:09 . 2008-05-09 01:18 -------- d-----w- c:\programdata\WildTangent
2009-04-27 05:33 . 2008-09-06 03:03 -------- d-----w- c:\users\Aisha\AppData\Roaming\CyberLink
2009-04-26 11:46 . 2009-04-26 11:46 18021 ----a-w- c:\windows\system32\zba9i51010.bin
2009-04-19 05:17 . 2009-04-19 05:17 5551 ----a-w- c:\windows\system32\294z7wor5c9.exe
2009-04-06 14:42 . 2009-04-06 14:42 9212 ----a-w- c:\windows\system32\5869dowzloader3108.dll
2009-04-03 13:38 . 2009-04-03 13:38 11762 ----a-w- c:\windows\system32\9629no5-a-v9rus591z.dll
2009-04-02 18:00 . 2009-04-02 18:00 16911 ----a-w- c:\windows\system32\939viz5685.bin
2009-04-02 06:29 . 2009-04-02 06:29 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-22 14:42 . 2009-03-22 14:42 17976 ----a-w- c:\windows\system32\b88t5rea919z60.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-10 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-01 68592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A5EAC1B6-A448-434C-A2A9-95BAA0E2641A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{699BBAB6-F545-414D-BE21-1EC36E99D783}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4007D3AD-515F-428F-A7E6-CE9FF5626974}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D005DF3B-EDC7-49F8-B72A-BF4331A3ADC7}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{C0A1D6DF-B778-4BAF-BAF6-C0CC3EDCF218}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{43A1E5FF-18A3-49E9-BC6C-1FDEEFE1A756}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{24F40E89-B8D2-4E86-8560-E0A3ED8DACE3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4E3E10A4-46D1-4F1D-AD81-EFFE9E21FA21}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{69BE310D-6329-4D4F-96D6-7CE87948B159}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3DEBD11E-E82E-4460-8995-1DD55E9E3092}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20070823.002\IDSvix86.sys [22/11/2007 8:08 PM 180272]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/06/2009 10:41 PM 149352]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [15/04/2006 4:07 AM 28933976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [22/11/2007 8:59 PM 112688]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 1:31 PM 41008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Aisha.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 00:19]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-WinBlueSoft - c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Aisha\AppData\Roaming\Mozilla\Firefox\Profiles\6kwpor5p.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-20 01:44
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-19 1:46
ComboFix-quarantined-files.txt 2009-06-19 15:46

Pre-Run: 30,697,570,304 bytes free
Post-Run: 30,782,066,688 bytes free

711

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by younana on 19th June 2009, 4:12 pm

i dont know how things are looking on the technical side of things, but im not being bombarded with faux spyware dangers anymore- which seems like a major step in the right direction.
soooo..am i done here? because its 2am here in Australia and i could catch some serious z's.
plus i dont want to leave without saying a major thankyou to you, my anonymous computer hero!

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by Origin on 19th June 2009, 4:22 pm

We have mostly everything under control, get some sleep we can do this tomorrow Wink


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by younana on 19th June 2009, 4:27 pm

actually, sleep seems kind of unlikely right now, i just made tea.
lets just commence?

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by younana on 19th June 2009, 4:32 pm

..if you wouldnt mind that is

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by RTB10 on 19th June 2009, 4:36 pm

How did you get HijackThis onto your computer Younana? Can you connect to the internet or did you download it from another computer and install it through a USB drive or CD??

RTB10
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-06-19
OS OS : XP
Points Points : 27297
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by Origin on 19th June 2009, 4:37 pm

Ok then lets commence:



Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\4511ste9lz399.dll
c:\windows\system32\56155pambot595z.bin
c:\windows\system32\56155pambot595z.bin
c:\windows\system32\2517backd9or27z4.exe
c:\windows\system32\4294sp5rze549.exe
c:\windows\system32\300595a9ktool58z.dll
c:\windows\system32\24e39zy5are1560.dll
c:\windows\system32\5505v9rus120z.bin
c:\windows\system32\5efbvir15z29.dll
c:\windows\system32\69c3zteal5944.dll
c:\windows\system32\5965downloader86z.bin
c:\windows\system32\z4f4sparse57409.dll
c:\windows\system32\z94595roj74b.bin
c:\windows\system32\29592hack9ozl605.dll
c:\windows\system32\5821spywaze3988.exe
c:\windows\system32\514dsteal9069z.dll
c:\windows\system32\56679hacktoolz88.exe
c:\windows\system32\3z4d5ownl9ader2834.exe
c:\windows\system32\z304n95-a-virus5fb.dll
c:\windows\system32\2759d5wnloader1175z.exe
c:\windows\system32\639cthief54z9.dll
c:\windows\system32\2929zp5rs92851.bin
c:\windows\system32\5401zir1975.dll
c:\windows\system32\z72aaddw5re1900.bin
c:\windows\system32\27485v95us54z.bin
c:\windows\system32\f3f9i5732z.dll
c:\windows\system32\z72459ief2674.exe
c:\windows\system32\3392thr5at3z135.exe
c:\windows\system32\25420spamzot497.exe
c:\windows\system32\z50s9y514.dll
c:\windows\system32\3a059tezl2473.exe
c:\windows\system32\70bthr5z925592.bin
c:\windows\system32\4584szyware985.dll
c:\windows\system32\5ecdszar9e12855.bin
c:\windows\system32\45d7sparsz985.dll
c:\windows\system32\7547ste9lz65.dll
c:\windows\system32\fcfdownlo9der13z5.bin
c:\windows\system32\7434zhi5f1957.bin
c:\windows\system32\5092troz1c59.dll
c:\windows\system32\3059worm1ez.dll
c:\windows\system32\31415hac9tool11z.exe
c:\windows\system32\58z44spy6ae9.bin
c:\windows\system32\552c5a9kzoor260.dll
c:\windows\system32\321z5spamb9t1d8.dll
c:\windows\system32\596zs5arse2961.dll
c:\windows\system32\6z16spy5are29459.exe
c:\windows\system32\4693bazk5oor2943.exe
c:\windows\system32\5116zvir9s722.exe
c:\windows\system32\54ezhief2391.exe
c:\windows\system32\91436vir5s1dz.exe
c:\windows\system32\5990hazktool69.bin
c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
c:\windows\system32\45cz9parse506.dll
c:\windows\system32\65ezpyw5re2952.bin
c:\windows\system32\3626sp5mbzt99a.exe
c:\windows\system32\62abthie59z6.exe
c:\windows\system32\5f1avi91z20.exe
c:\windows\system32\978edo5nloadez2623.exe
c:\windows\system32\69z5tro91e.exe
c:\windows\system32\z9496not-a-virus6b5.bin
c:\windows\system32\zba9i51010.bin
c:\windows\system32\294z7wor5c9.exe
c:\windows\system32\5869dowzloader3108.dll
c:\windows\system32\9629no5-a-v9rus591z.dll
c:\windows\system32\939viz5685.bin
c:\windows\system32\b88t5rea919z60.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=-
"InternetSettingsDisableNotify"=-
"AutoUpdateDisableNotify"=-



Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by younana on 19th June 2009, 4:40 pm

uh im pretty sure i downloaded it from a link i found somewhere on this site.
sensing a disturbance in the force Master?

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by Belahzur on 19th June 2009, 4:53 pm

Hello.
People who don't have wear green/blue/red suits aren't supposed to post in this area unless they are the victim.
Please follow Origins instructions and run the CFScript


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft

Post by younana on 19th June 2009, 4:55 pm

c:\windows\system32\6556hacktoo9zae.cpl
c:\windows\system32\65ezpyw5re2952.bin
c:\windows\system32\6863zac9do5r2417.bin
c:\windows\system32\68z7thi9f2550.bin
c:\windows\system32\693spywz5e64.dll
c:\windows\system32\69bcvzr5047.cpl
c:\windows\system32\69c3zteal5944.dll
c:\windows\system32\69ezs5yware3908.ocx
c:\windows\system32\69z5tro91e.exe
c:\windows\system32\6b0atz9ef975.dll
c:\windows\system32\6c1z9hi5f1782.bin
c:\windows\system32\6z16spy5are29459.exe
c:\windows\system32\6z95backdoor3509.bin
c:\windows\system32\70bthr5z925592.bin
c:\windows\system32\70f5ackdoor9z88.exe
c:\windows\system32\719bdo5n9oader638z.ocx
c:\windows\system32\71d9downlozd5r575.cpl
c:\windows\system32\734zh5e92199.cpl
c:\windows\system32\7397sp95are29z9.bin
c:\windows\system32\7434zhi5f1957.bin
c:\windows\system32\7547ste9lz65.dll
c:\windows\system32\75avirz59.ocx
c:\windows\system32\75d8s9arse3001z.cpl
c:\windows\system32\7602do5nlz9der229.cpl
c:\windows\system32\76e29ac5dzor1988.cpl
c:\windows\system32\7759virzs55a9.cpl
c:\windows\system32\7786szeal7569.bin
c:\windows\system32\784znot-9-virus352.cpl
c:\windows\system32\793e5pa9se1z02.cpl
c:\windows\system32\79c8s5arse8z3.cpl
c:\windows\system32\79z7steal755.exe
c:\windows\system32\79z9spyw95e1190.exe
c:\windows\system32\7d7eadzw5re9473.exe
c:\windows\system32\7e6caddwarz93745.ocx
c:\windows\system32\7e92ad9zare19775.cpl
c:\windows\system32\7f84z5reat60439.cpl
c:\windows\system32\7z3cspyware2595.bin
c:\windows\system32\7z4bdownloa5er9244.cpl
c:\windows\system32\7zfs5ar9e3235.ocx
c:\windows\system32\8162zor97b5.cpl
c:\windows\system32\8469trzj1925.ocx
c:\windows\system32\889ztroj357.ocx
c:\windows\system32\90421spy6bz5.dll
c:\windows\system32\9053backdoorz76.cpl
c:\windows\system32\905dspywa5z1354.dll
c:\windows\system32\90681v5rzseb.exe
c:\windows\system32\90684ha5ktooz693.ocx
c:\windows\system32\90795zief2369.cpl
c:\windows\system32\9090hacktool5z9.ocx
c:\windows\system32\91436vir5s1dz.exe
c:\windows\system32\924z5spy363.bin
c:\windows\system32\925z85orm1b9.cpl
c:\windows\system32\92856troz4fd.cpl
c:\windows\system32\939viz5685.bin
c:\windows\system32\93b1a5dwzre405.exe
c:\windows\system32\9455backdooz1186.cpl
c:\windows\system32\946spzrse13385.dll
c:\windows\system32\95b0steal1z73.exe
c:\windows\system32\9629no5-a-v9rus591z.dll
c:\windows\system32\9658virus395z.cpl
c:\windows\system32\9663ztr5j4c4.exe
c:\windows\system32\9668zspambot658.dll
c:\windows\system32\96953spazbot31b.cpl
c:\windows\system32\9712z5eal1618.ocx
c:\windows\system32\978edo5nloadez2623.exe
c:\windows\system32\97t5r9at28092z.cpl
c:\windows\system32\98245t5ozff.ocx
c:\windows\system32\9a91bz5kdoor320.dll
c:\windows\system32\9b5zspyware5761.ocx
c:\windows\system32\9bazvir1975.ocx
c:\windows\system32\9e06vir563z.bin
c:\windows\system32\9e3dow5loadez3221.bin
c:\windows\system32\9ed2zt5al1918.cpl
c:\windows\system32\9fd1downlozde5608.ocx
c:\windows\system32\9z86spyware115.dll
c:\windows\system32\a17down95zder118.dll
c:\windows\system32\ab8addw59e1z09.dll
c:\windows\system32\b55tzief9912.bin
c:\windows\system32\b88t5rea919z60.exe
c:\windows\system32\be5zddwa9e579.bin
c:\windows\system32\dabthief9952z.cpl
c:\windows\system32\eaf5azkdoo92300.ocx
c:\windows\system32\ec5steaz14955.cpl
c:\windows\system32\f3f9i5732z.dll
c:\windows\system32\fcfdownlo9der13z5.bin
c:\windows\system32\z2175hac95ool5d0.ocx
c:\windows\system32\z24779acktool7b5.ocx
c:\windows\system32\z3035pywa9e2919.exe
c:\windows\system32\z304n95-a-virus5fb.dll
c:\windows\system32\z3542virus298.cpl
c:\windows\system32\z3f2thre5t31929.dll
c:\windows\system32\z4f4sparse57409.dll
c:\windows\system32\z50s9y514.dll
c:\windows\system32\z54cvir2925.cpl
c:\windows\system32\z589sparse758.ocx
c:\windows\system32\z638do9nloa5er2592.ocx
c:\windows\system32\z72459ief2674.exe
c:\windows\system32\z72aaddw5re1900.bin
c:\windows\system32\z915spar9e1055.ocx
c:\windows\system32\z91ba9kdo5r776.bin
c:\windows\system32\z94595roj74b.bin
c:\windows\system32\z9496not-a-virus6b5.bin
c:\windows\system32\z95b59r2973.cpl
c:\windows\system32\z9b6spywa5e899.exe
c:\windows\system32\zb79t5ief982.cpl
c:\windows\system32\zba9i51010.bin
c:\windows\system32\zd53t9ief855.cpl
c:\windows\system32\zf86spar5e2899.ocx

.
((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-19 16:51 . 2009-06-19 16:51 -------- d-----w- c:\users\Aisha\AppData\Local\temp
2009-06-19 15:08 . 2009-06-17 01:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-19 15:08 . 2009-06-19 15:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 15:08 . 2009-06-19 15:08 -------- d-----w- c:\programdata\Malwarebytes
2009-06-19 15:08 . 2009-06-17 01:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-18 04:06 . 2009-06-19 14:15 -------- d-----w- c:\program files\ezt
2009-06-15 11:50 . 2009-06-15 11:50 -------- d-----w- c:\program files\DivxFree
2009-06-08 12:44 . 2007-12-03 07:32 8536 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\hnlureg.dll
2009-06-08 12:44 . 2007-12-05 07:11 10088 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\NAVLUReg.dll
2009-06-08 12:41 . 2008-10-17 05:52 9576 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\CCCMNLUM.DLL
2009-06-08 12:41 . 2007-12-06 08:45 9584 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\IV20.dll
2009-06-08 12:41 . 2007-12-06 08:45 9584 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\WP20.dll
2009-06-08 12:41 . 2007-11-21 07:30 9096 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\LUTPReg.dll
2009-06-08 12:41 . 2007-12-03 07:33 9048 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\FWLUReg.dll
2009-06-05 01:42 . 2009-06-05 01:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 01:42 . 2009-06-05 01:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-02 00:34 . 2008-09-28 20:09 1290584 ----a-w- c:\programdata\Symantec\SyKnAppS\Freezer\NCO\SyKnAppS.dll
2009-06-01 07:01 . 2009-06-15 09:00 -------- d-----w- c:\users\Aisha\AppData\Local\Adobe
2009-06-01 05:01 . 2009-06-01 05:01 -------- d-----w- c:\users\Aisha\AppData\Local\Mozilla
2009-06-01 04:53 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-01 04:53 . 2009-03-19 06:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-01 04:53 . 2009-06-01 04:53 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-01 04:53 . 2009-06-01 04:53 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-01 04:53 . 2009-06-01 04:53 -------- d-----w- c:\program files\iTunes
2009-06-01 04:51 . 2009-06-01 04:51 -------- d-----w- c:\program files\Bonjour
2009-06-01 04:46 . 2009-06-01 04:46 -------- d-----w- c:\users\Aisha\AppData\Local\Apple
2009-06-01 04:46 . 2009-06-01 04:46 -------- d-----w- c:\program files\Apple Software Update
2009-06-01 04:45 . 2009-06-01 04:53 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 04:45 . 2009-06-18 04:10 -------- d-----w- c:\programdata\Apple
2009-06-01 04:22 . 2009-06-15 12:55 -------- d-----w- c:\users\Aisha\AppData\Local\Google
2009-06-01 04:21 . 2009-06-01 04:22 -------- d-----w- c:\program files\Google

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by younana on 19th June 2009, 4:56 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 07:18 . 2008-09-06 02:39 -------- d-----w- c:\users\Aisha\AppData\Roaming\Apple Computer
2009-06-08 13:01 . 2007-11-22 10:05 -------- d-----w- c:\program files\Norton Internet Security
2009-06-08 13:01 . 2007-11-22 10:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-08 12:48 . 2007-11-22 10:04 -------- d-----w- c:\program files\Symantec
2009-06-08 12:48 . 2007-11-22 10:04 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-08 12:48 . 2007-11-22 10:04 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-08 12:48 . 2007-11-22 10:04 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-08 12:44 . 2007-11-22 10:04 -------- d-----w- c:\programdata\Symantec
2009-06-01 04:53 . 2008-09-06 02:30 -------- d-----w- c:\program files\iPod
2009-06-01 04:51 . 2008-09-06 02:38 -------- d-----w- c:\program files\QuickTime
2009-06-01 04:50 . 2008-09-06 02:32 -------- d-----w- c:\programdata\Apple Computer
2009-04-27 06:09 . 2008-05-09 01:18 -------- d-----w- c:\programdata\WildTangent
2009-04-27 05:33 . 2008-09-06 03:03 -------- d-----w- c:\users\Aisha\AppData\Roaming\CyberLink
2009-04-02 06:29 . 2009-04-02 06:29 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-05 06:17 . 2009-06-19 15:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-05 06:17 . 2009-06-19 16:50 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-05 06:17 . 2009-06-19 15:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-05 06:17 . 2009-06-19 16:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-05 06:17 . 2009-06-19 15:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-05 06:17 . 2009-06-19 16:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-11-22 10:20 . 2009-06-19 15:42 262144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-11-22 10:20 . 2009-06-19 15:50 262144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-11-22 10:23 . 2009-06-19 15:50 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-11-22 10:23 . 2009-06-19 14:41 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-11-22 10:20 . 2009-06-19 15:43 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-11-22 10:20 . 2009-06-19 15:50 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2009-06-19 15:28 . 2009-06-19 16:43 5898240 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2009-06-19 15:28 . 2009-06-19 15:35 5898240 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-10 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-01 68592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A5EAC1B6-A448-434C-A2A9-95BAA0E2641A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{699BBAB6-F545-414D-BE21-1EC36E99D783}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4007D3AD-515F-428F-A7E6-CE9FF5626974}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D005DF3B-EDC7-49F8-B72A-BF4331A3ADC7}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{C0A1D6DF-B778-4BAF-BAF6-C0CC3EDCF218}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{43A1E5FF-18A3-49E9-BC6C-1FDEEFE1A756}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{24F40E89-B8D2-4E86-8560-E0A3ED8DACE3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4E3E10A4-46D1-4F1D-AD81-EFFE9E21FA21}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{69BE310D-6329-4D4F-96D6-7CE87948B159}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3DEBD11E-E82E-4460-8995-1DD55E9E3092}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20070823.002\IDSvix86.sys [22/11/2007 8:08 PM 180272]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/06/2009 10:41 PM 149352]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [15/04/2006 4:07 AM 28933976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [22/11/2007 8:59 PM 112688]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 1:31 PM 41008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Aisha.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 00:19]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Aisha\AppData\Roaming\Mozilla\Firefox\Profiles\6kwpor5p.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-20 02:51
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-19 2:53
ComboFix-quarantined-files.txt 2009-06-19 16:52
ComboFix2.txt 2009-06-19 15:46

Pre-Run: 30,688,677,888 bytes free
Post-Run: 30,687,084,544 bytes free

456

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by Belahzur on 19th June 2009, 4:57 pm

Okay, this looks fine now.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft

Post by younana on 19th June 2009, 5:03 pm

like clockwork,
thanks a bunch.
have a goodnight..or a good day.
i dont know, just have general goodness.
thanks again

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft

Post by younana on 19th June 2009, 5:04 pm

and sorry, didnt mean to send you the private messages.

younana
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-06-19
OS OS : Vista
Points Points : 27308
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum