GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

WiniBlueSoft

View previous topic View next topic Go down

WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 3:21 pm

yesterday i aquired winibluesoft. i deleted the program itself from the control panel yet i still get popups and warnings and all that jazz. i have norton 360.. no help. ive also used spyhunter, spydoctor, malwarebytes.. nothing.

please help.

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Origin on Thu May 07, 2009 3:37 pm

Hello starkee17,

My name is Origin and I will be helping you with your problem.

Please do the following:

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.




1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 3:42 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:16 PM, on 5/7/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\System32\setup2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{83108823-E0D2-45DC-BF6C-C48DFEB9A450}: NameServer = 85.255.112.98,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD700D70-4407-43E8-AA8B-DDA1E4D7C854}: NameServer = 85.255.112.98,85.255.112.137
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.98,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.98,85.255.112.137
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8638 bytes

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Origin on Thu May 07, 2009 3:48 pm

Hello you forgot to post the avenger.txt log, please do the following:


1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 3:54 pm

opps sorry




Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gxvxcserv.sys" found!
ImagePath: \systemroot\system32\drivers\gxvxcpmrccifibwlcenxmjprxsuvhpkmbdyfc.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Origin on Thu May 07, 2009 4:00 pm

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
gxvxcserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\gxvxcpmrccifibwlcenxmjprxsuvhpkmbdyfc.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 4:07 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "gxvxcserv.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\gxvxcpmrccifibwlcenxmjprxsuvhpkmbdyfc.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Origin on Thu May 07, 2009 4:08 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 4:15 pm

when i click the link a windows page pops up and says internet explorer cannot display the webpage when i diagnose problems another popup says

"windows sent the request to the DNS server and the server responded that the name was unknown."

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Origin on Thu May 07, 2009 4:25 pm

I see, hmmm try downloading it from here:

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 4:32 pm

same thing. the only way i was able to download malwarebytes before was by a direct link to the download. but then again it had never downloaded without error on this computer.

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Belahzur on Thu May 07, 2009 4:35 pm

Hello.
The hijacked DNS is the problem here.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O17 - HKLM\System\CCS\Services\Tcpip\..\{83108823-E0D2-45DC-BF6C-C48DFEB9A450}: NameServer = 85.255.112.98,85.255.112.137
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BD700D70-4407-43E8-AA8B-DDA1E4D7C854}: NameServer = 85.255.112.98,85.255.112.137
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.98,85.255.112.137
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.98,85.255.112.137


  • Press "Fix Checked"
  • Close Hijack This.

Try it now. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 4:42 pm

should i try restarting?? i did everything you said but still nothing. :/

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Belahzur on Thu May 07, 2009 4:44 pm

Hello.
No need to reboot, kill these items too.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
    O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe


  • Close any browsers you have open.
  • Press "Fix Checked"
  • Close Hijack This.

Now re-open your browser and try downloading it again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 4:47 pm

still nothing :/

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 4:49 pm

all of the 017's are still there though and so is

O4 - HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Belahzur on Thu May 07, 2009 4:50 pm

Lets try using the avenger and get rid of that winiblue folder first.

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\Windows\system32\setup2.exe

Folders to delete:
C:\Program Files\WiniBlueSoft Software

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 4:55 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\system32\setup2.exe" deleted successfully.

Error: folder "C:\Program Files\WiniBlueSoft Software" not found!
Deletion of folder "C:\Program Files\WiniBlueSoft Software" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Belahzur on Thu May 07, 2009 5:01 pm

Can you try the MBAM link now? Smile

If no luck still, I think something is interfering with the Hijack This fix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 5:05 pm

something must be still interfering with hijack this.

i still cant click the link Sad tearing
and the 017's and the same 04 is still in my scan Sad tearing(

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Belahzur on Thu May 07, 2009 5:10 pm

I wonder if the Vista UAC is interfering here. Can you try running this please?


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 5:17 pm

it was to big, here is the first half...



DDS (Ver_09-03-16.01) - NTFSx86
Run by Lisa at 17:11:29.47 on Thu 05/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2941.2085 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Lisa\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.0.0.135\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [Aim6]
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [WiniBlueSoft] c:\program files\winibluesoft software\winibluesoft\WiniBlueSoft.exe -min
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
TCP: NameServer = 85.255.112.98,85.255.112.137
TCP: {83108823-E0D2-45DC-BF6C-C48DFEB9A450} = 85.255.112.98,85.255.112.137
TCP: {BD700D70-4407-43E8-AA8B-DDA1E4D7C854} = 85.255.112.98,85.255.112.137
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.0.0.135\CoIEPlg.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0300000.087\SymEFA.sys [2009-5-7 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0300000.087\BHDrvx86.sys [2009-5-7 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0300000.087\cchpx86.sys [2009-5-7 482352]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090501.001\IDSvix86.sys [2009-5-7 292912]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-4-28 20352]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-5-7 202928]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.0.0.135\ccSvcHst.exe [2009-5-7 115560]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-29 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-7 101936]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-12 7168]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0300000.087\symndisv.sys [2009-5-7 39984]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-4-28 937984]

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 5:20 pm

and the second half...

=============== Created Last 30 ================

2009-05-07 15:40 --d----- c:\program files\Trend Micro
2009-05-07 10:22 --d----- c:\program files\Enigma Software Group
2009-05-07 09:48 2,838 a------- c:\windows\machine.ver
2009-05-07 09:38 a-d----- c:\programdata\TEMP
2009-05-07 09:27 --d----- c:\programdata\Sunbelt
2009-05-07 09:27 --d----- c:\progra~2\Sunbelt
2009-05-07 09:26 202,928 a------- c:\windows\system32\drivers\sbtis.sys
2009-05-07 08:38 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-05-07 08:38 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-07 08:38 --d----- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-05-07 08:38 --d----- c:\progra~2\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-05-07 08:38 25,136 a----r-- c:\windows\system32\drivers\SymIMV.sys
2009-05-07 08:38 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-07 08:38 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-07 08:38 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-07 08:38 --d----- c:\program files\Symantec
2009-05-07 08:38 --d----- c:\windows\system32\drivers\N360
2009-05-07 08:38 --d----- c:\program files\Norton 360
2009-05-07 08:38 --d----- c:\programdata\Norton
2009-05-07 08:38 --d----- c:\progra~2\Norton
2009-05-07 08:38 --d----- c:\programdata\NortonInstaller
2009-05-07 08:38 --d----- c:\program files\NortonInstaller
2009-05-07 08:38 --d----- c:\progra~2\NortonInstaller
2009-05-07 04:21 6,095 a------- c:\windows\f345ackzoor2952.cpl
2009-05-06 20:05 --d----- c:\users\lisa\appdata\roaming\GetRightToGo
2009-05-06 19:21 11,235 a------- c:\windows\9e8adown5oazer598.exe
2009-05-05 13:38 17,005 a------- c:\windows\265z3tro9121.bin
2009-05-05 09:55 --d----- c:\users\lisa\appdata\roaming\ESTsoft
2009-05-04 23:54 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-05-04 23:42 13,398 a------- c:\windows\system32\Repository.reg
2009-05-04 23:42 1,939,360 a------- c:\windows\system32\drivers\lvuvc.sys
2009-05-04 23:42 527,136 a------- c:\windows\system32\LVUI2RC.dll
2009-05-04 23:42 264,992 a------- c:\windows\system32\lvcodec2.dll
2009-05-04 23:42 215,840 a------- c:\windows\system32\LVUI2.dll
2009-05-04 23:42 129,824 a------- c:\windows\system32\lvci1051.dll
2009-05-04 23:42 50,127 a------- c:\windows\system32\lvcoinst.ini
2009-05-04 23:42 41,504 a------- c:\windows\system32\drivers\LVUSBSta.sys
2009-05-04 23:42 348,160 a------- c:\windows\system\msvcr71.dll
2009-05-04 23:41 1,507,232 a------- c:\windows\system32\drivers\lvpopflt.sys
2009-05-04 23:29 --d----- c:\programdata\Logishrd
2009-05-04 23:29 --d----- c:\programdata\Logitech
2009-05-04 01:41 11,097 a------- c:\windows\46a6szy5are1796.dll
2009-05-03 19:09 10,518 a------- c:\windows\35e5threat14294z.ocx
2009-05-03 07:54 9,119 a------- c:\windows\system32\294zdow5loader2996.bin
2009-05-01 19:06 5,451 a------- c:\windows\421dthze59093.bin
2009-05-01 12:31 14,375 a------- c:\windows\29202not-a-viz5s520.bin
2009-05-01 12:27 --d----- c:\program files\common files\PX Storage Engine
2009-05-01 12:27 --d----- c:\program files\DivX
2009-05-01 12:27 --d----- c:\program files\common files\DivX Shared
2009-04-30 20:16 --d----- C:\N360_BACKUP
2009-04-30 20:12 --d----- c:\users\lisa\appdata\roaming\Symantec
2009-04-30 18:10 4 a------- c:\windows\system32\gxvxccounter
2009-04-30 18:10 0 a------- c:\windows\system32\gxvxcenydavsuwbqttvikwrveenqoptsdhhgp.dll
2009-04-30 18:09 364 ---shr-- C:\autorun.inf
2009-04-30 00:08 --d----- c:\users\lisa\appdata\roaming\FrostWire
2009-04-30 00:06 --d----- c:\program files\FrostWire
2009-04-30 00:01 --d----- c:\program files\iPod
2009-04-30 00:01 --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-30 00:01 --d----- c:\program files\iTunes
2009-04-30 00:01 --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-30 00:00 --d----- c:\programdata\Apple Computer
2009-04-29 23:59 --d----- c:\programdata\Apple
2009-04-29 23:37 --d----- c:\users\lisa\appdata\roaming\WinBatch
2009-04-29 23:23 --d----- c:\programdata\Viewpoint
2009-04-29 23:23 --d----- c:\progra~2\Viewpoint
2009-04-29 23:23 --d----- c:\program files\Viewpoint
2009-04-29 23:23 --d----- c:\programdata\acccore
2009-04-29 23:23 --d----- c:\progra~2\acccore
2009-04-29 23:23 --d----- c:\programdata\AOL OCP
2009-04-29 23:23 --d----- c:\programdata\AOL
2009-04-29 21:50 2,048 a------- c:\windows\system32\tzres.dll
2009-04-29 21:32 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-29 21:32 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-29 21:32 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-29 21:32 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-29 21:32 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-04-29 21:32 11,264 a------- c:\windows\system32\icardres.dll
2009-04-29 21:32 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-29 21:32 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-29 21:25 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-29 21:25 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-29 21:25 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-29 21:25 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-29 21:25 83,968 a------- c:\windows\system32\mscories.dll
2009-04-29 21:21 --d----- c:\program files\common files\AOL
2009-04-29 21:21 --d----- c:\program files\AIM6
2009-04-29 21:21 709 a---h--- C:\IPH.PH
2009-04-29 21:19 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-29 21:19 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-29 21:18 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-04-29 21:18 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-29 21:18 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-29 21:18 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-29 21:18 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-29 21:18 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-29 21:18 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-04-29 21:18 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-29 21:18 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-29 21:18 94,720 a------- c:\windows\system32\logagent.exe
2009-04-29 21:18 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-29 21:08 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-29 21:06 --d----- c:\windows\Google Toolbar
2009-04-29 21:00 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-29 21:00 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-29 20:59 162,064 a------- c:\windows\system32\wuwebv.dll
2009-04-29 20:59 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-29 20:56 --d----- c:\users\Lisa
2009-04-28 05:31 13 ---shr-- c:\windows\system32\drivers\fbd.sys
2009-04-28 05:31 4 ---shr-- c:\windows\system32\drivers\taishop.sys
2009-04-28 04:28 --d----- C:\DOCS
2009-04-28 04:26 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-04-28 04:26 --d----- c:\program files\common files\Toshiba Shared
2009-04-28 04:25 285,184 a------- c:\windows\system32\drivers\tos_sps32.sys
2009-04-28 04:24 --d----- c:\programdata\ATI
2009-04-28 04:18 20,352 a------- c:\windows\system32\drivers\jswpslwf.sys
2009-04-28 04:18 --d----- c:\program files\Jumpstart
2009-04-28 04:16 764,416 a------- c:\windows\system32\drivers\athr.sys
2009-04-28 04:16 764,416 a------- c:\windows\system32\athr.sys
2009-04-28 04:16 104,008 a------- c:\windows\system32\netathr.inf
2009-04-28 04:16 32,503 a------- c:\windows\system32\athrext.cat
2009-04-28 04:16 --d----- c:\program files\Atheros
2009-04-28 04:16 --d----- c:\programdata\Atheros
2009-04-28 04:16 --d----- c:\progra~2\Atheros
2009-04-28 04:15 491,520 a------- c:\windows\system32\cselect.exe
2009-04-28 04:15 128,113 a------- c:\windows\system32\csellang.ini
2009-04-28 04:15 77,824 a------- c:\windows\system32\tosmreg.exe
2009-04-28 04:15 45,056 a------- c:\windows\system32\csellang.dll
2009-04-28 04:15 10,150 a------- c:\windows\system32\tosmreg.ini
2009-04-28 04:15 7,671 a------- c:\windows\system32\cseltbl.ini
2009-04-28 04:15 --d----- c:\program files\ltmoh
2009-04-28 04:14 --d----- c:\windows\Options
2009-04-28 04:12 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-04-28 04:11 --d----- c:\program files\Synaptics
2009-04-28 04:09 553 a------- c:\windows\USetup.iss
2009-04-28 04:04 --d----- c:\program files\ATI Technologies
2009-04-28 04:02 --d----- c:\program files\ATI
2009-04-28 04:02 7,680 a------- c:\windows\system32\drivers\AtiPcie.sys
2009-04-28 03:57 --d----- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-04-28 03:57 --d----- c:\progra~2\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-04-28 03:57 --d----- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-04-28 03:54 --d----- c:\windows\PCHEALTH
2009-04-28 03:52 --d----- c:\programdata\Microsoft Help
2009-04-28 03:50 --d----- C:\OffPro07Trial
2009-04-28 03:48 --dsh--- C:\$RECYCLE.BIN
2009-04-27 16:34 8,719 a------- c:\windows\system32\3a955pyzare569.exe
2009-04-27 15:20 18,280 a------- c:\windows\system32\z999wo5m8e9.bin
2009-04-27 03:50 15,967 a------- c:\windows\system32\22799z5cktool522.bin
2009-04-26 02:54 17,451 a------- c:\windows\system32\9969tro5z1.ocx
2009-04-23 10:56 3,599 a------- c:\windows\system32\92175zr780.cpl
2009-04-21 14:17 4,070 a------- c:\windows\4697notz95virus306.dll
2009-04-20 20:51 8,648 a------- c:\windows\system32\1a22bac9doorz577.cpl
2009-04-18 17:28 9,252 a------- c:\windows\system32\96876ha5ktool4ez.bin
2009-04-18 06:20 18,021 a------- c:\windows\29daddware1596z.ocx
2009-04-17 22:25 10,726 a------- c:\windows\3dz7s9yware14845.ocx
2009-04-15 16:24 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-15 16:24 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-04-15 16:24 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-04-15 16:24 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-04-15 16:24 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-04-15 16:24 684,032 a------- c:\windows\system32\DivX.dll
2009-04-15 01:12 10,176 a------- c:\windows\system32\37d9ddwzre1532.cpl
2009-04-14 15:00 17,721 a------- c:\windows\26500hacztool2559.cpl
2009-04-14 09:36 8,801 a------- c:\windows\5a25back9o5r27z3.dll
2009-04-13 00:14 16,073 a------- c:\windows\system32\125339zoj735.exe
2009-04-12 07:57 2,858 a------- c:\windows\102455azktool4c69.dll
2009-04-11 12:35 4,269 a------- c:\windows\system32\95905ackt9ol673z.bin
2009-04-10 20:49 13,741 a------- c:\windows\39fath9eat5517z.exe
2009-04-10 12:01 15,119 a------- c:\windows\1acbstza517719.cpl
2009-04-10 00:13 16,759 a------- c:\windows\54398tr9j79z.cpl

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 5:21 pm

and the final bits...


==================== Find3M ====================

2009-05-07 08:38 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-07 08:38 86,016 a------- c:\windows\inf\infstor.dat
2009-05-07 08:38 51,200 a------- c:\windows\inf\infpub.dat
2009-05-06 19:21 6,220 a------- c:\windows\system32\990tzief5209.dll
2009-04-29 22:07 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-28 04:29 50 a------- c:\windows\system32\drivers\DCX.LOG
2009-04-28 04:08 319,456 a------- c:\windows\DIFxAPI.dll
2009-04-15 16:25 43,528 -------- c:\windows\system32\drivers\pxhelp20.sys
2009-04-06 21:08 7,404 a------- c:\windows\1ze7spyware5779.exe
2009-04-03 22:58 15,646 a------- c:\windows\system32\291045pambot30az.dll
2009-04-03 11:49 11,816 a------- c:\windows\1z2645orm98.bin
2009-04-02 20:03 7,527 a------- c:\windows\system32\299zhacktool657.bin
2009-03-26 18:23 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-26 18:23 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-24 15:53 15,863 a------- c:\windows\53z995reat14953.dll
2009-03-24 13:21 4,553 a------- c:\windows\system32\26a19hief2485z.bin
2009-03-23 05:42 12,191 a------- c:\windows\9656threzt29780.exe
2009-03-21 12:30 15,938 a------- c:\windows\12z76wor952b.dll
2009-03-20 15:09 14,708 a------- c:\windows\system32\z1031vir5s25b9.exe
2009-03-20 09:42 7,525 a------- c:\windows\3904ste5z2125.dll
2009-03-19 12:21 11,529 a------- c:\windows\2a5bs9ywaze3055.dll
2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-15 07:38 15,891 a------- c:\windows\25778hazk9o5l3d3.exe
2009-03-10 01:06 7,304 a------- c:\windows\system32\55eezp59are1049.bin
2009-03-09 20:05 16,383 a------- c:\windows\system32\7a1z9ackdoor5816.exe
2009-03-09 08:23 2,570 a------- c:\windows\system32\282z5hackto9l445.exe
2009-03-08 17:42 17,920 a------- c:\windows\system32\28f9s5ezl32749.exe
2009-03-08 07:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 07:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 07:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 07:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 07:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 07:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 07:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 07:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 07:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 07:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 07:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 07:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 07:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 07:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 07:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 07:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 07:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 07:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 16:05 10,407 a------- c:\windows\b44thr95t780z.exe
2009-03-05 13:48 10,827 a------- c:\windows\system32\279azackdo5r279.dll
2009-03-03 00:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 00:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 00:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 00:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 00:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 00:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 00:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 00:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 23:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 22:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-02 09:33 9,021 a------- c:\windows\15569spazbot55e.dll
2009-02-28 21:31 4,480 a------- c:\windows\55c9steal270z.dll
2009-02-25 15:31 7,022 a------- c:\windows\ba5tz5ef3169.exe
2009-02-19 20:05 16,565 a------- c:\windows\system32\24260no9-a-viru53z1.bin
2009-02-19 06:35 14,729 a------- c:\windows\system32\617czow9loade5525.bin
2009-02-18 01:50 17,551 a------- c:\windows\system32\564csz9al508.exe
2009-02-14 12:53 13,797 a------- c:\windows\5zbbsp9w5re2253.dll
2009-02-13 15:11 17,250 a------- c:\windows\475zvir1989.bin
2009-02-13 04:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 04:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-11 04:10 15,243 a------- c:\windows\system32\9565spambotz995.exe
2009-02-09 23:14 12,350 a------- c:\windows\system32\7z01b9ck5oor2941.exe
2009-02-09 22:23 13,165 a------- c:\windows\792zpar5e942.dll
2009-02-09 10:18 15,255 a------- c:\windows\34z59i549.bin
2009-02-08 23:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-08 13:21 5,496 a------- c:\windows\ze41s9yware2158.dll
2009-02-07 15:18 8,722 a------- c:\windows\system32\9f4aspar5e31z9.dll
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:12:08.86 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/28/2009 3:46:49 AM
System Uptime: 5/7/2009 4:52:50 PM (1 hours ago)

Motherboard: TOSHIBA | |
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket M2/S1G1 | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 231 GiB total, 195.964 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

2007 Microsoft Office system
AAC Decoder
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.0
AIM 6
ALTools Update
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
ATI Catalyst Install Manager
AutoUpdate
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD/DVD Drive Acoustic Silencer
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DVD MovieFactory for TOSHIBA
FrostWire 4.17.2
GEAR driver installer for x86 and x64
GearDrvs
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java(TM) 6 Update 3
LiveUpdate Notice (Symantec Corporation)
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MKV Splitter
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MVision
Norton 360
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Windows Media Encoder (KB954156)
Skins
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Windows Media Encoder 9 Series

==== End Of File ===========================

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Belahzur on Thu May 07, 2009 5:28 pm

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following if present:

    FrostWire 4.17.2
    Java(TM) 6 Update 3
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\f345ackzoor2952.cpl
    c:\windows\9e8adown5oazer598.exe
    c:\windows\265z3tro9121.bin
    c:\windows\system32\drivers\lvuvc.hs
    c:\windows\46a6szy5are1796.dll
    c:\windows\35e5threat14294z.ocx
    c:\windows\system32\294zdow5loader2996.bin
    c:\windows\421dthze59093.bin
    c:\windows\29202not-a-viz5s520.bin
    c:\windows\system32\gxvxccounter
    c:\windows\system32\gxvxcenydavsuwbqttvikwrveenqoptsdhhgp.dll
    C:\autorun.inf
    c:\users\lisa\appdata\roaming\FrostWire
    c:\program files\FrostWire
    c:\programdata\Viewpoint
    c:\progra~2\Viewpoint
    c:\program files\Viewpoint
    c:\windows\system32\3a955pyzare569.exe
    c:\windows\system32\z999wo5m8e9.bin
    c:\windows\system32\22799z5cktool522.bin
    c:\windows\system32\9969tro5z1.ocx
    c:\windows\system32\92175zr780.cpl
    c:\windows\4697notz95virus306.dll
    c:\windows\system32\1a22bac9doorz577.cpl
    c:\windows\system32\96876ha5ktool4ez.bin
    c:\windows\29daddware1596z.ocx
    c:\windows\3dz7s9yware14845.ocx
    c:\windows\system32\37d9ddwzre1532.cpl
    c:\windows\26500hacztool2559.cpl
    c:\windows\5a25back9o5r27z3.dll
    c:\windows\system32\125339zoj735.exe
    c:\windows\102455azktool4c69.dll
    c:\windows\system32\95905ackt9ol673z.bin
    c:\windows\39fath9eat5517z.exe
    c:\windows\1acbstza517719.cpl
    c:\windows\54398tr9j79z.cpl
    c:\windows\1ze7spyware5779.exe
    c:\windows\system32\291045pambot30az.dll
    c:\windows\1z2645orm98.bin
    c:\windows\system32\299zhacktool657.bin
    c:\windows\53z995reat14953.dll
    c:\windows\system32\26a19hief2485z.bin
    c:\windows\9656threzt29780.exe
    c:\windows\12z76wor952b.dll
    c:\windows\system32\z1031vir5s25b9.exe
    c:\windows\3904ste5z2125.dll
    c:\windows\2a5bs9ywaze3055.dll
    c:\windows\25778hazk9o5l3d3.exe
    c:\windows\system32\55eezp59are1049.bin
    c:\windows\system32\7a1z9ackdoor5816.exe
    c:\windows\system32\282z5hackto9l445.exe
    c:\windows\system32\28f9s5ezl32749.exe
    c:\windows\b44thr95t780z.exe
    c:\windows\system32\279azackdo5r279.dll
    c:\windows\15569spazbot55e.dll
    c:\windows\55c9steal270z.dll
    c:\windows\ba5tz5ef3169.exe
    c:\windows\system32\24260no9-a-viru53z1.bin
    c:\windows\system32\617czow9loade5525.bin
    c:\windows\system32\564csz9al508.exe
    c:\windows\5zbbsp9w5re2253.dll
    c:\windows\475zvir1989.bin
    c:\windows\system32\9565spambotz995.exe
    c:\windows\system32\7z01b9ck5oor2941.exe
    c:\windows\792zpar5e942.dll
    c:\windows\34z59i549.bin
    c:\windows\ze41s9yware2158.dll
    c:\windows\system32\9f4aspar5e31z9.dll


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 5:41 pm

========== FILES ==========
c:\windows\f345ackzoor2952.cpl moved successfully.
c:\windows\9e8adown5oazer598.exe moved successfully.
c:\windows\265z3tro9121.bin moved successfully.
File move failed. c:\windows\system32\drivers\lvuvc.hs scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\46a6szy5are1796.dll
c:\windows\46a6szy5are1796.dll NOT unregistered.
c:\windows\46a6szy5are1796.dll moved successfully.
LoadLibrary failed for c:\windows\35e5threat14294z.ocx
c:\windows\35e5threat14294z.ocx NOT unregistered.
c:\windows\35e5threat14294z.ocx moved successfully.
c:\windows\system32\294zdow5loader2996.bin moved successfully.
c:\windows\421dthze59093.bin moved successfully.
c:\windows\29202not-a-viz5s520.bin moved successfully.
c:\windows\system32\gxvxccounter moved successfully.
LoadLibrary failed for c:\windows\system32\gxvxcenydavsuwbqttvikwrveenqoptsdhhgp.dll
c:\windows\system32\gxvxcenydavsuwbqttvikwrveenqoptsdhhgp.dll NOT unregistered.
File move failed. c:\windows\system32\gxvxcenydavsuwbqttvikwrveenqoptsdhhgp.dll scheduled to be moved on reboot.
File move failed. C:\autorun.inf scheduled to be moved on reboot.
c:\users\lisa\appdata\roaming\FrostWire\xml\data moved successfully.
c:\users\lisa\appdata\roaming\FrostWire\xml moved successfully.
c:\users\lisa\appdata\roaming\FrostWire\themes\frostwirePro_theme moved successfully.
c:\users\lisa\appdata\roaming\FrostWire\themes moved successfully.
c:\users\lisa\appdata\roaming\FrostWire\.NetworkShare\Incomplete moved successfully.
c:\users\lisa\appdata\roaming\FrostWire\.NetworkShare moved successfully.
c:\users\lisa\appdata\roaming\FrostWire\.AppSpecialShare moved successfully.
c:\users\lisa\appdata\roaming\FrostWire moved successfully.
File/Folder c:\program files\FrostWire not found.
Folder move failed. c:\programdata\Viewpoint scheduled to be moved on reboot.
Folder move failed. c:\progra~2\Viewpoint scheduled to be moved on reboot.
File/Folder c:\program files\Viewpoint not found.
c:\windows\system32\3a955pyzare569.exe moved successfully.
c:\windows\system32\z999wo5m8e9.bin moved successfully.
c:\windows\system32\22799z5cktool522.bin moved successfully.
LoadLibrary failed for c:\windows\system32\9969tro5z1.ocx
c:\windows\system32\9969tro5z1.ocx NOT unregistered.
c:\windows\system32\9969tro5z1.ocx moved successfully.
c:\windows\system32\92175zr780.cpl moved successfully.
LoadLibrary failed for c:\windows\4697notz95virus306.dll
c:\windows\4697notz95virus306.dll NOT unregistered.
c:\windows\4697notz95virus306.dll moved successfully.
c:\windows\system32\1a22bac9doorz577.cpl moved successfully.
c:\windows\system32\96876ha5ktool4ez.bin moved successfully.
LoadLibrary failed for c:\windows\29daddware1596z.ocx
c:\windows\29daddware1596z.ocx NOT unregistered.
c:\windows\29daddware1596z.ocx moved successfully.
LoadLibrary failed for c:\windows\3dz7s9yware14845.ocx
c:\windows\3dz7s9yware14845.ocx NOT unregistered.
c:\windows\3dz7s9yware14845.ocx moved successfully.
c:\windows\system32\37d9ddwzre1532.cpl moved successfully.
c:\windows\26500hacztool2559.cpl moved successfully.
LoadLibrary failed for c:\windows\5a25back9o5r27z3.dll
c:\windows\5a25back9o5r27z3.dll NOT unregistered.
c:\windows\5a25back9o5r27z3.dll moved successfully.
c:\windows\system32\125339zoj735.exe moved successfully.
LoadLibrary failed for c:\windows\102455azktool4c69.dll
c:\windows\102455azktool4c69.dll NOT unregistered.
c:\windows\102455azktool4c69.dll moved successfully.
c:\windows\system32\95905ackt9ol673z.bin moved successfully.
c:\windows\39fath9eat5517z.exe moved successfully.
c:\windows\1acbstza517719.cpl moved successfully.
c:\windows\54398tr9j79z.cpl moved successfully.
c:\windows\1ze7spyware5779.exe moved successfully.
LoadLibrary failed for c:\windows\system32\291045pambot30az.dll
c:\windows\system32\291045pambot30az.dll NOT unregistered.
c:\windows\system32\291045pambot30az.dll moved successfully.
c:\windows\1z2645orm98.bin moved successfully.
c:\windows\system32\299zhacktool657.bin moved successfully.
LoadLibrary failed for c:\windows\53z995reat14953.dll
c:\windows\53z995reat14953.dll NOT unregistered.
c:\windows\53z995reat14953.dll moved successfully.
c:\windows\system32\26a19hief2485z.bin moved successfully.
c:\windows\9656threzt29780.exe moved successfully.
LoadLibrary failed for c:\windows\12z76wor952b.dll
c:\windows\12z76wor952b.dll NOT unregistered.
c:\windows\12z76wor952b.dll moved successfully.
c:\windows\system32\z1031vir5s25b9.exe moved successfully.
LoadLibrary failed for c:\windows\3904ste5z2125.dll
c:\windows\3904ste5z2125.dll NOT unregistered.
c:\windows\3904ste5z2125.dll moved successfully.
LoadLibrary failed for c:\windows\2a5bs9ywaze3055.dll
c:\windows\2a5bs9ywaze3055.dll NOT unregistered.
c:\windows\2a5bs9ywaze3055.dll moved successfully.
c:\windows\25778hazk9o5l3d3.exe moved successfully.
c:\windows\system32\55eezp59are1049.bin moved successfully.
c:\windows\system32\7a1z9ackdoor5816.exe moved successfully.
c:\windows\system32\282z5hackto9l445.exe moved successfully.
c:\windows\system32\28f9s5ezl32749.exe moved successfully.
c:\windows\b44thr95t780z.exe moved successfully.
LoadLibrary failed for c:\windows\system32\279azackdo5r279.dll
c:\windows\system32\279azackdo5r279.dll NOT unregistered.
c:\windows\system32\279azackdo5r279.dll moved successfully.
LoadLibrary failed for c:\windows\15569spazbot55e.dll
c:\windows\15569spazbot55e.dll NOT unregistered.
c:\windows\15569spazbot55e.dll moved successfully.
LoadLibrary failed for c:\windows\55c9steal270z.dll
c:\windows\55c9steal270z.dll NOT unregistered.
c:\windows\55c9steal270z.dll moved successfully.
c:\windows\ba5tz5ef3169.exe moved successfully.
c:\windows\system32\24260no9-a-viru53z1.bin moved successfully.
c:\windows\system32\617czow9loade5525.bin moved successfully.
c:\windows\system32\564csz9al508.exe moved successfully.
LoadLibrary failed for c:\windows\5zbbsp9w5re2253.dll
c:\windows\5zbbsp9w5re2253.dll NOT unregistered.
c:\windows\5zbbsp9w5re2253.dll moved successfully.
c:\windows\475zvir1989.bin moved successfully.
c:\windows\system32\9565spambotz995.exe moved successfully.
c:\windows\system32\7z01b9ck5oor2941.exe moved successfully.
LoadLibrary failed for c:\windows\792zpar5e942.dll
c:\windows\792zpar5e942.dll NOT unregistered.
c:\windows\792zpar5e942.dll moved successfully.
c:\windows\34z59i549.bin moved successfully.
LoadLibrary failed for c:\windows\ze41s9yware2158.dll
c:\windows\ze41s9yware2158.dll NOT unregistered.
c:\windows\ze41s9yware2158.dll moved successfully.
LoadLibrary failed for c:\windows\system32\9f4aspar5e31z9.dll
c:\windows\system32\9f4aspar5e31z9.dll NOT unregistered.
c:\windows\system32\9f4aspar5e31z9.dll moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05072009_173637

Files moved on Reboot...
File move failed. c:\windows\system32\drivers\lvuvc.hs scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\gxvxcenydavsuwbqttvikwrveenqoptsdhhgp.dll
c:\windows\system32\gxvxcenydavsuwbqttvikwrveenqoptsdhhgp.dll NOT unregistered.
File move failed. c:\windows\system32\gxvxcenydavsuwbqttvikwrveenqoptsdhhgp.dll scheduled to be moved on reboot.
File move failed. C:\autorun.inf scheduled to be moved on reboot.
Folder move failed. c:\programdata\Viewpoint scheduled to be moved on reboot.
Folder move failed. c:\progra~2\Viewpoint scheduled to be moved on reboot.

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Belahzur on Thu May 07, 2009 5:48 pm

Hello.
That should of lightened the load, but still need to bin some more crap.

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\gxvxcenydavsuwbqttvikwrveenqoptsdhhgp.dll
C:\autorun.inf

Folders to delete:
c:\programdata\Viewpoint
c:\progra~2\Viewpoint

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 6:00 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\drivers\lvuvc.hs" deleted successfully.
File "c:\windows\system32\gxvxcenydavsuwbqttvikwrveenqoptsdhhgp.dll" deleted successfully.
File "C:\autorun.inf" deleted successfully.
Folder "c:\programdata\Viewpoint" deleted successfully.

Error: folder "c:\progra~2\Viewpoint" not found!
Deletion of folder "c:\progra~2\Viewpoint" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Belahzur on Thu May 07, 2009 6:02 pm

Hello.
Please post a new Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 6:05 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:16 PM, on 5/7/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\System32\setup2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{83108823-E0D2-45DC-BF6C-C48DFEB9A450}: NameServer = 85.255.112.98,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD700D70-4407-43E8-AA8B-DDA1E4D7C854}: NameServer = 85.255.112.98,85.255.112.137
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.98,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.98,85.255.112.137
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8638 bytes

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Belahzur on Thu May 07, 2009 6:08 pm

Hello.
You didn't do this step:


  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following if present:

    FrostWire 4.17.2
    Java(TM) 6 Update 3
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Then in safe mode, try this Hijack This fix again.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [WiniBlueSoft] C:\Program Files\WiniBlueSoft Software\WiniBlueSoft\WiniBlueSoft.exe -min
    O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{83108823-E0D2-45DC-BF6C-C48DFEB9A450}: NameServer = 85.255.112.98,85.255.112.137
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BD700D70-4407-43E8-AA8B-DDA1E4D7C854}: NameServer = 85.255.112.98,85.255.112.137
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.98,85.255.112.137
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.98,85.255.112.137


  • Press "Fix Checked"
  • Close Hijack This.

Do they return even in safe mode?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 6:12 pm

ahhh no your right i missed the safe mode part.

im silly one second sorry.

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 6:21 pm

i had already deleted those programs (not on safe mode)
but on safe mode i just deleted all but 04-system 2 becuase it wasnt there.

now what :hmm:

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Belahzur on Thu May 07, 2009 6:22 pm

Did they come back again like they did the first time?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 6:27 pm

yes all of them :/

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Belahzur on Thu May 07, 2009 6:36 pm

Can you try downloading MBAM from one of the mirrors here?
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 6:41 pm

YESSS finally a success!!!!

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Belahzur on Thu May 07, 2009 6:47 pm

Hooray! Hooray! Hooray! Hooray! Hooray! Hooray!

Never give up. Update it and run the scan. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 6:55 pm

Malwarebytes' Anti-Malware 1.36
Database version: 2090
Windows 6.0.6001 Service Pack 1

5/7/2009 6:54:24 PM
mbam-log-2009-05-07 (18-54-24).txt

Scan type: Quick Scan
Objects scanned: 68227
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\WiniBlueSoft (Rogue.WiniBlue) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bd700d70-4407-43e8-aa8b-dda1e4d7c854}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.98,85.255.112.137 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bd700d70-4407-43e8-aa8b-dda1e4d7c854}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.98,85.255.112.137 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{bd700d70-4407-43e8-aa8b-dda1e4d7c854}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.98,85.255.112.137 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully.

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Belahzur on Thu May 07, 2009 7:01 pm

Okay, this should be okay now. How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by starkee17 on Thu May 07, 2009 7:07 pm

much better winibluesoft is showing no signs of popping up. i just hope that the double click thing is gone too. thankyou soo much for alll the help i was really worried. THANKS AGAIN!! Thank You!

starkee17
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2009-05-07
Gender : Female
OS : vista
Points : 27707
# Likes : 0

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Belahzur on Thu May 07, 2009 7:13 pm

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: WiniBlueSoft

Post by Origin on Sun May 10, 2009 8:43 pm

~Removed

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum