WinBlueSoft crap Virus Need help!!!!

View previous topic View next topic Go down

WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 25th May 2009, 7:19 am

Have the same problem as every one else heres my hijackthis log any help would be much appreiciated.;-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:39 AM, on 25/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\setup2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 25th May 2009, 7:22 am

2nd part of file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:39 AM, on 25/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\real\IEeREAD.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\real\WebHook.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PKR Pal] "C:\Users\Robbie\Desktop\Games\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [UFaster] C:\Program Files\UFaster\UFaster.exe -a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Easy-WebPrint Add To Print List - [You must be registered and logged in to see this link.] Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - [You must be registered and logged in to see this link.] Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - [You must be registered and logged in to see this link.] Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - [You must be registered and logged in to see this link.] Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {00000005-0007-0000-0000-100011000004} - [You must be registered and logged in to see this link.]
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - [You must be registered and logged in to see this link.]
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{85B9B08C-0FE2-46E4-87A9-8877B711D0EA}: NameServer = 85.255.112.15,85.255.112.215
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.15,85.255.112.215
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.15,85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.15,85.255.112.215
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9bd81f2468201) (gupdate1c9bd81f2468201) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 17639 bytes

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by Origin on 25th May 2009, 7:12 pm


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
    O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
    O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
    O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
    If you didn't set these restrictions then fix these as well
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O17 - HKLM\System\CCS\Services\Tcpip\..\{85B9B08C-0FE2-46E4-87A9-8877B711D0EA}: NameServer = 85.255.112.15,85.255.112.215
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.15,85.255.112.215
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.15,85.255.112.215
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.15,85.255.112.215



  • Press "Fix Checked"
  • Close Hijack This.




1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 26th May 2009, 12:33 am

Heres the log file I think.It started a file log automaticallly at startup,I couldn't get into c\avenger.txt as it required a password.

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by Origin on 27th May 2009, 12:18 am

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.
See [You must be registered and logged in to see this link.] for how to disable your AV..

  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 28th May 2009, 11:43 am

ComboFix 09-05-26.05 - Robbie 28/05/2009 21:16.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2047.988 [GMT 10:00]
Running from: c:\users\Robbie\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\2.exe
c:\users\Robbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download programs.url
c:\users\Robbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games.url
c:\users\Robbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator.url
c:\users\Robbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\Robbie\FAVORI~1\Translator.url
c:\users\Robbie\Favorites\Translator.url
c:\windows\1065a5zware869.ocx
c:\windows\10935spamzo522f.dll
c:\windows\10zfvi95457.exe
c:\windows\11475ziru5589.bin
c:\windows\11890viru56z6.bin
c:\windows\120z4not-a-virus985.cpl
c:\windows\12548not-a-virusz209.cpl
c:\windows\12z09t5oj469.exe
c:\windows\1379zt5oj5ea.ocx
c:\windows\14145v5zus99b.cpl
c:\windows\1444spz59e830.dll
c:\windows\1469zack5ool599.dll
c:\windows\150705ir9s24z.cpl
c:\windows\15152spamb9t5z9.cpl
c:\windows\15301vzr9s461.cpl
c:\windows\15423hack9ool3bz.bin
c:\windows\15532n9t-a-virus6z1.exe
c:\windows\15552worm9b7z.bin
c:\windows\155z2tro93ba.exe
c:\windows\15c2thre9t1z101.cpl
c:\windows\15z34v9rus586.ocx
c:\windows\16109tzo57ba.ocx
c:\windows\163z59orm585.exe
c:\windows\166989pzm5ot90.ocx
c:\windows\168eszywar91755.cpl
c:\windows\16eedownload9rz185.exe
c:\windows\17495spy1z29.cpl
c:\windows\17500w9rmz12.exe
c:\windows\17509vir5sz09.cpl
c:\windows\175395zus2ca.bin
c:\windows\17675zorm9a0.exe
c:\windows\17739spazb9t5d4.cpl
c:\windows\1798z95oj335.dll
c:\windows\18129zirus5c3.exe
c:\windows\18177zroj4e59.exe
c:\windows\18299tro5z849.ocx
c:\windows\18785viz9s5d5.cpl
c:\windows\1895vir1878z.ocx
c:\windows\1899not-a-z9rus15e.ocx
c:\windows\19179w5rm79dz.bin
c:\windows\1930zsp5mb9t605.dll
c:\windows\195fd5wnloadez2707.bin
c:\windows\19z4vir5s438.bin
c:\windows\1c5d9wnloadez655.exe
c:\windows\1d34s9ywa5e6z9.exe
c:\windows\1e85threzt12779.bin
c:\windows\1z577vi9us5fa.cpl
c:\windows\1z81steal9159.cpl
c:\windows\1zh5ckt9ol178.cpl
c:\windows\20361vir9z55.cpl
c:\windows\20958wzrm2289.ocx
c:\windows\209zvi5293.exe
c:\windows\20da5zw9re3044.ocx
c:\windows\21581sz5mbot6a89.ocx
c:\windows\21699ot-azvirus5c.dll
c:\windows\21csz5w9re175.cpl
c:\windows\21z50spy1b9.ocx
c:\windows\220z2not-a-vir9s561.bin
c:\windows\2247zwor9665.cpl
c:\windows\22483spambzt6b59.bin
c:\windows\22515spamb9529dz.bin
c:\windows\23336ha5kto9lz4.dll
c:\windows\2372sp9rse2504z.ocx
c:\windows\23z08not-a5v9rus3bb.bin
c:\windows\24058tz9j162.ocx
c:\windows\24416not-a-9irzs53.cpl
c:\windows\24527spamzot93e.exe
c:\windows\25400n9t-5-vizus317.ocx
c:\windows\2551spy9bz.ocx
c:\windows\2586th9eat1z778.exe
c:\windows\25933wor945z.dll
c:\windows\25cabackdoorz6909.dll
c:\windows\25z7add9ar51671.ocx
c:\windows\25z9vir1415.dll
c:\windows\26340viru578z9.dll
c:\windows\266325oz-a-9irus557.bin
c:\windows\273z0spam5ot299.bin
c:\windows\279z5sp97b5.cpl
c:\windows\27f19hrezt59481.dll
c:\windows\28825dd9arz994.cpl
c:\windows\291bspy5are95z.dll
c:\windows\2940859yz30.dll
c:\windows\29996zirus25d9.dll
c:\windows\2a18zp9ware625.ocx
c:\windows\2a9bv9r65z5.ocx
c:\windows\2bb0d9w5loaderz453.ocx
c:\windows\2e55ddwar9z967.exe
c:\windows\2z76159rm4e1.bin
c:\windows\2z915tro51f79.ocx
c:\windows\30111not5a-vir9z4c3.cpl
c:\windows\30259tzoj592.exe
c:\windows\303z3s955d5.bin
c:\windows\30455spzmbot9bc.bin
c:\windows\31062zackto5l4619.exe
c:\windows\31533n5t-a9virus2cz.cpl
c:\windows\31d8zpywa95780.ocx
c:\windows\31f7sp9rse211z5.bin
c:\windows\323825ackto9l479z.dll
c:\windows\3324vir3z975.exe
c:\windows\3352wzr9ee.dll
c:\windows\33925teal3z17.dll
c:\windows\3392tzre5t31964.cpl
c:\windows\3456vir9z92.exe
c:\windows\345spzrse3195.cpl
c:\windows\3527tz5j956.dll
c:\windows\35409zeal2733.dll
c:\windows\35474vi9us46z.bin
c:\windows\35a2ad9warez011.exe
c:\windows\35d0ste9l131z5.exe
c:\windows\35f0steal5994z.exe
c:\windows\365zpa95e2259.ocx
c:\windows\374back9oor30z5.cpl
c:\windows\376bs5ea9z48.cpl
c:\windows\37a9zir5956.cpl
c:\windows\3915virus1z8.exe
c:\windows\3961threat3509z.bin
c:\windows\396ctzief23675.dll
c:\windows\3aa7s9yzare1582.bin
c:\windows\3ac65zreat22859.exe
c:\windows\3b75addzare2659.ocx
c:\windows\3c46z95ef911.cpl
c:\windows\3ca0baczd9o544.exe
c:\windows\3f83do5nloa9er2212z.exe
c:\windows\3z87b5ckdo9r2555.dll
c:\windows\4155zpa9se2507.cpl
c:\windows\416z5ir9s9d.exe

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 28th May 2009, 11:45 am

c:\windows\4202steal9055z.cpl
c:\windows\4291tzre5t90889.dll
c:\windows\42b59pyware1345z.cpl
c:\windows\48019hiefz75.exe
c:\windows\483t95ezt9192.exe
c:\windows\4860down5oa9ez2725.bin
c:\windows\487d5pyzare709.exe
c:\windows\4945th95at23z67.cpl
c:\windows\49ad5ackdoor29z2.ocx
c:\windows\49f2downlo5der2z87.ocx
c:\windows\4b319ddwaze21125.bin
c:\windows\4cz65hief3291.dll
c:\windows\4e2sp9rsz5009.dll
c:\windows\4f1aad9waze1195.dll
c:\windows\4f38threat251z99.exe
c:\windows\4z55stea91206.exe
c:\windows\4z9dth5eat11169.bin
c:\windows\4zp9r5e1260.exe
c:\windows\5045addware284z9.bin
c:\windows\504eszarse9757.ocx
c:\windows\5051addware9z8.dll
c:\windows\5090tz95193.bin
c:\windows\51169t5al2z98.bin
c:\windows\5159b9ckdozr770.bin
c:\windows\5169sparze429.ocx
c:\windows\5185spz954.dll
c:\windows\51fsparse19z.ocx
c:\windows\52591hacktzol782.ocx
c:\windows\5262addware65z9.exe
c:\windows\526zir1937.dll
c:\windows\5390zpy359.ocx
c:\windows\5405nzt-9-virus563.dll
c:\windows\54cat9izf2555.exe
c:\windows\5504zpar951145.exe
c:\windows\5529addwaze1691.dll
c:\windows\553bviz2797.exe
c:\windows\5555back9oorz657.bin
c:\windows\556zaddware27219.cpl
c:\windows\557zthie91591.dll
c:\windows\55a2spyw9r548z.cpl
c:\windows\55fzvir3965.dll
c:\windows\5689t9oz4875.exe
c:\windows\5714zw9rm333.ocx
c:\windows\5719thi5f309z.exe
c:\windows\57558trojz9b.cpl
c:\windows\57cfaddwzr91653.cpl
c:\windows\5805szambo975a.exe
c:\windows\5879downzoader439.bin
c:\windows\5883vir29z8.cpl
c:\windows\58e3zddware2298.exe
c:\windows\5959addwar5z09.bin
c:\windows\595doznloader511.exe
c:\windows\5968spamzot35c.exe
c:\windows\59881not-a-vir9sz78.exe
c:\windows\59b5v5rz174.cpl
c:\windows\59cdvir509z.bin
c:\windows\59czdownload9r2002.ocx
c:\windows\5aed9pzrse73.exe
c:\windows\5be9s9arsz902.ocx
c:\windows\5d8thz9f2294.ocx
c:\windows\5d95s9zal2749.dll
c:\windows\5d99backdoor2805z.dll
c:\windows\5dd6downlo9der28z9.dll
c:\windows\5e205ir2z749.exe
c:\windows\5ebcsteal3z90.dll
c:\windows\5z5dt59eat1125.bin
c:\windows\5z859t9oj59c.bin
c:\windows\60e9zackdoo52990.exe
c:\windows\62135h9ef174z.dll
c:\windows\65389aczdoor2827.ocx
c:\windows\6726s9a5bzt166.cpl
c:\windows\6750t5oj693z.cpl
c:\windows\68a6s9ealz95.bin
c:\windows\6a54back9ozr5061.exe
c:\windows\6ea9spyware105z.bin
c:\windows\70a9sparse2z855.ocx
c:\windows\71b95pa9se30z4.dll
c:\windows\72z9w5rm779.cpl
c:\windows\7431adzwar51095.cpl
c:\windows\765spywarz9570.dll
c:\windows\76b1threzt8945.dll
c:\windows\77495t-a-viruz7b3.cpl
c:\windows\7829spars91z25.ocx
c:\windows\796f5zief28779.ocx
c:\windows\7a31s9arsz16575.ocx
c:\windows\7a99vzr27545.dll
c:\windows\7b50vi9258z5.ocx
c:\windows\7bdzd9wnl5ader2784.cpl
c:\windows\7c92z5eal1650.ocx
c:\windows\7ccethreat52569z.exe
c:\windows\7e3bd5wnloazer32549.cpl
c:\windows\7f4zs5e9l743.exe
c:\windows\7z54addwar52391.bin
c:\windows\7z95thi5f2922.exe
c:\windows\8534viruz4f59.cpl
c:\windows\85fthz9f453.dll
c:\windows\8975worz125.cpl
c:\windows\8z36virus59e.dll
c:\windows\90956virus53az.ocx
c:\windows\9153thief1z35.ocx
c:\windows\9215otza-viru9640.bin
c:\windows\9220s5arse3z12.exe
c:\windows\9283zpywa5e1641.ocx
c:\windows\94495zoj12.bin
c:\windows\9545s9y1zf.cpl
c:\windows\959aspywa5z2315.exe
c:\windows\95z1vir95229.exe
c:\windows\95z45troj5bd.dll
c:\windows\96092zpa5bot266.cpl
c:\windows\96541ha5ktozl56f.cpl
c:\windows\96588worm501z.ocx
c:\windows\9735z9y5ba.cpl
c:\windows\9781wozm94e5.cpl
c:\windows\9955zwormbf.exe
c:\windows\995z5wo5m264.dll
c:\windows\9968viruz45d5.dll
c:\windows\9bbf5zdware1857.cpl
c:\windows\9be4s5ealz174.dll
c:\windows\9bzspywa5e1910.exe
c:\windows\9cf5backdooz3217.ocx
c:\windows\9d7tzief2954.cpl
c:\windows\9e05vzr2459.ocx
c:\windows\9z18sp5644.cpl
c:\windows\9z199virus43c5.cpl
c:\windows\9z79w5rm334.ocx
c:\windows\a9ast95z2536.cpl
c:\windows\acaz9arse255.ocx
c:\windows\acead9war5139z.cpl
c:\windows\f65zparse9933.dll
c:\windows\f6baczdoor25869.bin
c:\windows\system32\10119s9ambzt59f.cpl
c:\windows\system32\10264sp5mbot4z9.exe
c:\windows\system32\1041znot-a-virus529.ocx
c:\windows\system32\10488ha5kt9oz659.exe
c:\windows\system32\105969r5z41f.cpl
c:\windows\system32\11205hac5tzo9c9.cpl
c:\windows\system32\1128sp9mboz533.exe
c:\windows\system32\11527s9y1z25.cpl
c:\windows\system32\118fthre9t2z957.bin
c:\windows\system32\12084t9oj1z05.bin
c:\windows\system32\122359ormz57.ocx
c:\windows\system32\12269ackdo5z1626.ocx
c:\windows\system32\1291495rus215z.bin
c:\windows\system32\1467noz-a-5iru9609.ocx
c:\windows\system32\1516wor594cz.cpl
c:\windows\system32\1519addwaze59499.dll
c:\windows\system32\1525not-a-viz5s65b9.cpl
c:\windows\system32\15557virus17z9.dll
c:\windows\system32\15635nzt-a-virus940.exe
c:\windows\system32\15794woz59ef.exe
c:\windows\system32\15799zroj2f3.bin
c:\windows\system32\157h9cktzol5c5.exe
c:\windows\system32\15995s5azbot192.cpl
c:\windows\system32\1606add9arez257.exe
c:\windows\system32\161z5hreat21929.dll
c:\windows\system32\16905z5rus784.bin
c:\windows\system32\1712zw9rm4635.bin
c:\windows\system32\1733z5roj5b9.ocx
c:\windows\system32\17514not-a-v5ru96ebz.cpl
c:\windows\system32\179005py574z.exe
c:\windows\system32\17949hackt5zl639.dll
c:\windows\system32\179z5ownloader2757.cpl
c:\windows\system32\18025hackz5ol97a.bin
c:\windows\system32\18845hi9f1z36.dll
c:\windows\system32\1888threatz9567.exe
c:\windows\system32\1891not-a-zirus3579.ocx
c:\windows\system32\18edownzoa9e5918.dll
c:\windows\system32\19153wor55z9.dll
c:\windows\system32\19344not-a-virus52z.ocx
c:\windows\system32\1943zspamb5t471.exe
c:\windows\system32\19891spam5oz7.ocx
c:\windows\system32\198virusz59.bin
c:\windows\system32\19b65h9ef788z.ocx
c:\windows\system32\19zbsteal5313.exe
c:\windows\system32\1d3zaddware50579.bin
c:\windows\system32\1ezd9hief1995.bin
c:\windows\system32\1f9fd5wnlo9zer2097.dll
c:\windows\system32\1z675hi9f1004.ocx
c:\windows\system32\20560not-9-ziru51f4.dll
c:\windows\system32\206695rmz57.cpl
c:\windows\system32\20865ha5k9zol57b.ocx
c:\windows\system32\20993s9yz7f5.dll
c:\windows\system32\211329pamb5tzd9.cpl
c:\windows\system32\2159threat3z700.exe
c:\windows\system32\22003nzt-5-vir9s25d.bin
c:\windows\system32\22e39hiez2598.dll
c:\windows\system32\23297sp53az.cpl
c:\windows\system32\2346359ojz58.dll
c:\windows\system32\23517h5cztool91e.ocx
c:\windows\system32\237085r9j71z.dll
c:\windows\system32\2375t5reatz898.bin
c:\windows\system32\23batz9e5t18793.bin
c:\windows\system32\2404szarse52079.cpl
c:\windows\system32\243z35pam9ot39b.cpl
c:\windows\system32\24479spz9d75.cpl
c:\windows\system32\25031not-a-vzrus1a39.cpl
c:\windows\system32\250509pzmbot18d.dll
c:\windows\system32\25076not-z-vi9us56.cpl
c:\windows\system32\2525zhi9f2539.bin
c:\windows\system32\25292spy5cbz.bin
c:\windows\system32\2532ad9ware523z.cpl
c:\windows\system32\2553hack5ool199z.ocx
c:\windows\system32\257e9oz5loader144.dll
c:\windows\system32\25895not-a-v5rus66z.bin
c:\windows\system32\2594dzwnloa9er2874.dll
c:\windows\system32\259wo5m5efz.dll
c:\windows\system32\25acz9reat203205.cpl
c:\windows\system32\25z49w59m97.cpl
c:\windows\system32\25z709ir5sfa.dll
c:\windows\system32\25z7wo9m3e.ocx
c:\windows\system32\26218szy9b5.bin
c:\windows\system32\2628th9ef5055z.exe
c:\windows\system32\2653z5oj7e9.cpl
c:\windows\system32\26a9vir29z5.dll
c:\windows\system32\27195trzj55b.dll
c:\windows\system32\2735zno5-a-virus95b.exe
c:\windows\system32\27479v5ruz1b.ocx
c:\windows\system32\27539tro93z5.ocx
c:\windows\system32\27719spazbot518.cpl
c:\windows\system32\277zdownl5ader8399.ocx
c:\windows\system32\27905tr9j7z8.ocx
c:\windows\system32\279zhi5f1696.cpl
c:\windows\system32\2832haczt9o525.cpl
c:\windows\system32\28555s9y4z7.dll
c:\windows\system32\28aest5al1897z.dll
c:\windows\system32\28azthrea529999.bin
c:\windows\system32\28c9backzo5r995.cpl
c:\windows\system32\2911zv5rus5cd.exe
c:\windows\system32\29151not9a-vizus625.ocx
c:\windows\system32\29246spazbo576d.ocx
c:\windows\system32\29514not5a-virzs5169.ocx
c:\windows\system32\29626hazktool655.ocx
c:\windows\system32\29655t9oj55dz.dll
c:\windows\system32\29778worz259.cpl
c:\windows\system32\299z5spy152.exe
c:\windows\system32\29c5thzef2691.bin
c:\windows\system32\2a96vi51z06.bin
c:\windows\system32\2d39sp5wa9ez202.exe
c:\windows\system32\2d6steaz15469.ocx
c:\windows\system32\2dzas5eal996.exe
c:\windows\system32\2z175orm3c89.ocx
c:\windows\system32\2z252tro95d5.dll
c:\windows\system32\2z435virus495.dll
c:\windows\system32\2z6599p5mbot590.exe
c:\windows\system32\2z9479orm345.exe
c:\windows\system32\301tzoj95a.dll
c:\windows\system32\3038z9orm5a1.exe
c:\windows\system32\30726not-9-vir5s3az.ocx
c:\windows\system32\30985virus6f3z.cpl
c:\windows\system32\31019t59z7e4.ocx
c:\windows\system32\31655hackt9oz4bd5.dll
c:\windows\system32\31991hacktoz5a9.cpl
c:\windows\system32\321159iruz15e.ocx
c:\windows\system32\32295trzj7ff.cpl
c:\windows\system32\3239vz51235.exe
c:\windows\system32\32526vi95s3z.exe
c:\windows\system32\32559zro92515.bin
c:\windows\system32\3264az95are2680.cpl
c:\windows\system32\3399sp9mbzt5505.dll
c:\windows\system32\33cfstzal13659.cpl
c:\windows\system32\3409spywar5202z.bin
c:\windows\system32\35094zorm6199.ocx
c:\windows\system32\358faddw5re18z99.exe
c:\windows\system32\359z7hacktool99b.bin
c:\windows\system32\35a7spzrse194.ocx
c:\windows\system32\35e7virz509.dll
c:\windows\system32\36589ddware53z5.bin
c:\windows\system32\3750thief539z.cpl
c:\windows\system32\389av5r1z82.exe
c:\windows\system32\38a1down9zade52013.ocx
c:\windows\system32\3a629py5zre2848.dll
c:\windows\system32\3d57spywa9ez065.ocx
c:\windows\system32\3d85thiefz9689.ocx
c:\windows\system32\3edesteaz23495.cpl
c:\windows\system32\3z927spa5b9t357.exe
c:\windows\system32\3zd5threa926759.bin
c:\windows\system32\4160wormz509.exe
c:\windows\system32\4189s5y7cz.cpl
c:\windows\system32\4282spy5aze9514.ocx
c:\windows\system32\42f9s5zrse30.cpl
c:\windows\system32\4403not-azv5ru937d.exe
c:\windows\system32\444adownlz5der1692.dll
c:\windows\system32\4513not-z-v95us119.ocx
c:\windows\system32\4518vir1954z.ocx
c:\windows\system32\451spyw9re76z.cpl
c:\windows\system32\4550addware2290z.bin
c:\windows\system32\457cspa9se217z.cpl
c:\windows\system32\45b9zteal1811.bin
c:\windows\system32\45fzt5ie91221.dll
c:\windows\system32\4955dowzloader23509.exe
c:\windows\system32\4965spy3z5.dll
c:\windows\system32\49d6tzrea517993.ocx
c:\windows\system32\4c4spy95re3122z.bin
c:\windows\system32\4c7cv9r28z15.bin

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 28th May 2009, 11:46 am

c:\windows\system32\4cz3spy5are3129.bin
c:\windows\system32\4dbfszy59re89.bin
c:\windows\system32\4z959pambot5af.exe
c:\windows\system32\5035virzs1c19.bin
c:\windows\system32\50789spy7d8z.bin
c:\windows\system32\509zt9reat23570.ocx
c:\windows\system32\50z5hre9t23200.dll
c:\windows\system32\5141hazkt95l1cb.cpl
c:\windows\system32\51d0s5eal209z.ocx
c:\windows\system32\5265downl9ader2483z.ocx
c:\windows\system32\5285spar5ez799.dll
c:\windows\system32\52c9backzoor2338.bin
c:\windows\system32\52z90troj902.cpl
c:\windows\system32\530bt5iez14319.cpl
c:\windows\system32\5349steal296z.bin
c:\windows\system32\53697vi9us64bz.cpl
c:\windows\system32\53d4zownloader5903.ocx
c:\windows\system32\5445addware83z9.dll
c:\windows\system32\54658not-a-viz9s6c3.bin
c:\windows\system32\54b89i51997z.exe
c:\windows\system32\54z5backdoo51917.dll
c:\windows\system32\54za9hief2432.bin
c:\windows\system32\55105tr9j4z2.bin
c:\windows\system32\551ddowzloader28419.exe
c:\windows\system32\5549zhie9113.cpl
c:\windows\system32\55597s9y440z.cpl
c:\windows\system32\55eebackdoor92z9.cpl
c:\windows\system32\56126not9a-vizus325.bin
c:\windows\system32\570dzt9al3200.cpl
c:\windows\system32\57zeth5e9t16217.ocx
c:\windows\system32\5824w9rm5z4.bin
c:\windows\system32\5959ztroj29f.exe
c:\windows\system32\595backdozr9217.cpl
c:\windows\system32\5967spywarez54.cpl
c:\windows\system32\597spazbot60b.dll
c:\windows\system32\59bds59rsz949.ocx
c:\windows\system32\5a2aspywzre5917.bin
c:\windows\system32\5a54ba9zdoor909.dll
c:\windows\system32\5b1zvir21799.ocx
c:\windows\system32\5ba3downlzad5r1999.ocx
c:\windows\system32\5c6fthreat9z74.ocx
c:\windows\system32\5c9espyzare761.bin
c:\windows\system32\5ccaazdw9re22325.cpl
c:\windows\system32\5cf59a5zdoor3223.ocx
c:\windows\system32\5d91zparse2590.bin
c:\windows\system32\5dea5zar9e1069.cpl
c:\windows\system32\5e54s9eal19z5.cpl
c:\windows\system32\5eb8b59kzoor938.ocx
c:\windows\system32\5zb9spyware8935.ocx
c:\windows\system32\603c9pyware1505z.cpl
c:\windows\system32\6090zi924895.ocx
c:\windows\system32\6194tzreat23353.ocx
c:\windows\system32\61d4stea91559z.exe
c:\windows\system32\638ath9ef5406z.dll
c:\windows\system32\63b9tzal4955.bin
c:\windows\system32\6439zhief2574.ocx
c:\windows\system32\6519spywzre2612.dll
c:\windows\system32\655espyzare9255.cpl
c:\windows\system32\6653s9arze1154.ocx
c:\windows\system32\67ze9hi5f1483.ocx
c:\windows\system32\6832s9zware1955.bin
c:\windows\system32\6850addwa9e7z3.bin
c:\windows\system32\6855vzr5s96b.exe
c:\windows\system32\6898th5zat11125.bin
c:\windows\system32\68e5vi5493z.ocx
c:\windows\system32\6956thief236z.cpl
c:\windows\system32\699cback5oor1951z.exe
c:\windows\system32\69c3zteal5677.bin
c:\windows\system32\69z8thr9at27855.exe
c:\windows\system32\69z9backdo5r549.bin
c:\windows\system32\6b4f5hrz9t26115.dll
c:\windows\system32\6bb9v5rz863.bin
c:\windows\system32\6ce2do5nloader943z.ocx
c:\windows\system32\6f2dthizf5489.dll
c:\windows\system32\6z59threat25299.ocx
c:\windows\system32\7059zackdoo518709.cpl
c:\windows\system32\7153threzt47839.bin
c:\windows\system32\71575ot-a-vzr9s18c.bin
c:\windows\system32\71zd5h9eat29779.cpl
c:\windows\system32\72c79par5e1570z.cpl
c:\windows\system32\7491s5ealz4329.cpl
c:\windows\system32\7541zot-a-virus5739.bin
c:\windows\system32\77c2bazkdo5r9704.bin
c:\windows\system32\78aeb9ckdoor1350z.bin
c:\windows\system32\794zh9cktool5db.dll
c:\windows\system32\79z3steal58.bin
c:\windows\system32\79z5backdoor62.ocx
c:\windows\system32\79zca5dware1611.dll
c:\windows\system32\7c9aszea527819.cpl
c:\windows\system32\7c9cspzr5e1231.dll
c:\windows\system32\7df59zwnloader753.dll
c:\windows\system32\7f4ezdd5are15349.dll
c:\windows\system32\7z95vir19855.ocx
c:\windows\system32\8698hackzoo529d.exe
c:\windows\system32\8795s5y5bz.cpl
c:\windows\system32\8872virus5z95.ocx
c:\windows\system32\8959hackto9z4f8.dll
c:\windows\system32\89749azk5ool4e0.ocx
c:\windows\system32\8a5ack9ozr2432.dll
c:\windows\system32\9018worz75e.exe
c:\windows\system32\90939zor5448.ocx
c:\windows\system32\9105hazktool395.dll
c:\windows\system32\9167virus1d5z.bin
c:\windows\system32\919ztroj665.ocx
c:\windows\system32\9244za9k5ool54f.bin
c:\windows\system32\93aaspzwa5e1065.exe
c:\windows\system32\9406vi9zs3595.cpl
c:\windows\system32\94357virus7z0.ocx
c:\windows\system32\9521not-a5vizus30e.dll
c:\windows\system32\9529zorm2af.dll
c:\windows\system32\9553hack5ool5za.cpl
c:\windows\system32\9553zot-9-virus24b.dll
c:\windows\system32\95579wo5m12fz.ocx
c:\windows\system32\95afbackdoor2z72.exe
c:\windows\system32\95ffbackdzor2125.cpl
c:\windows\system32\9678vir3z005.exe
c:\windows\system32\97245parsz2812.exe
c:\windows\system32\9765tz5j750.exe
c:\windows\system32\9782hacztool4f5.ocx
c:\windows\system32\99095ziru541.exe
c:\windows\system32\9993virz9351.ocx
c:\windows\system32\999645roj27z.cpl
c:\windows\system32\9d29vir5z6.bin
c:\windows\system32\9dc8threzt73885.ocx
c:\windows\system32\9df2downzoader2599.cpl
c:\windows\system32\9e4aaddware1549z.bin
c:\windows\system32\9f01viz5574.dll
c:\windows\system32\9f04spzrs5558.ocx
c:\windows\system32\a49d9wnlza5er1976.ocx
c:\windows\system32\a9zbackd5or1890.ocx
c:\windows\system32\c74thre5t92644z.bin
c:\windows\system32\drivers\gxvxceyoyuatewbxxcowhpocvssrocbfdshsp.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ed5sparse5z95.cpl
c:\windows\system32\f1atzi9f3515.ocx
c:\windows\system32\f51t5rez919239.ocx
c:\windows\system32\gxvxccounter
c:\windows\system32\Packet.dll
c:\windows\system32\setup2.exe
c:\windows\system32\wpcap.dll
c:\windows\system32\z0877troj1599.dll
c:\windows\system32\z122th9ea531626.ocx
c:\windows\system32\z1924not5a-virus69e.dll
c:\windows\system32\z1945not-a-virus32.cpl
c:\windows\system32\z196worm595.exe
c:\windows\system32\z313v9r5s39e.exe
c:\windows\system32\z4024spa5bot792.bin
c:\windows\system32\z40605ot-a-vir9s519.dll
c:\windows\system32\z47159orm556.dll
c:\windows\system32\z58519irus2d3.dll
c:\windows\system32\z5928tr9j663.ocx
c:\windows\system32\z595h9cktool557.ocx
c:\windows\system32\z5dcdownload5r1629.cpl
c:\windows\system32\z8917no9-5-virus488.dll
c:\windows\system32\z9157vi5us1b3.ocx
c:\windows\system32\zc53spywa5e26489.exe
c:\windows\system32\zd59steal912.bin
c:\windows\system32\zd9bth5ef921.bin
c:\windows\z0985sp9m5ot1af.dll
c:\windows\z15659ckdoor1140.exe
c:\windows\z2e1sp5rs92161.bin
c:\windows\z479addw9re2529.ocx
c:\windows\z5527tr5j3cc9.cpl
c:\windows\z6eth9eat25412.ocx
c:\windows\z76vi56149.ocx
c:\windows\z7979tr5j402.exe
c:\windows\z7des5e9l586.ocx
c:\windows\z899sparse18395.dll
c:\windows\z9629s5y12d.bin
c:\windows\z99th5ef2930.bin
c:\windows\zb5fs9arse870.exe
c:\windows\zdf0thi9f18825.bin
c:\windows\zff7v9r1015.ocx
G:\Autorun.inf
G:\desktop.ini

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 28th May 2009, 11:47 am

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys
-------\Service_iWinGamesInstaller
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-28 11:22 . 2009-05-28 11:25 -------- d-----w c:\users\Robbie\AppData\Local\temp
2009-05-28 11:22 . 2009-05-28 11:22 -------- d-----w c:\users\Kelly\AppData\Local\temp
2009-05-27 23:55 . 2009-05-27 23:55 -------- d-----w c:\users\Kelly\Program Files
2009-05-27 23:55 . 2009-05-28 05:58 -------- d-----w c:\users\Kelly\AppData\Roaming\uTorrent
2009-05-27 01:27 . 2009-05-27 01:27 -------- d-----w c:\users\Kelly\AppData\Roaming\Apple Computer
2009-05-27 01:27 . 2009-05-27 01:27 -------- d-----w c:\users\Kelly\AppData\Local\Apple Computer
2009-05-26 06:50 . 2009-05-26 06:53 -------- d-----w c:\users\TEMP
2009-05-26 03:19 . 2009-05-26 03:19 -------- d-----w c:\users\Robbie\AppData\Local\Ahead
2009-05-26 02:34 . 2009-05-26 02:34 -------- d-----w c:\program files\XBCD
2009-05-26 01:12 . 2008-06-24 03:45 1414440 ----a-w c:\windows\system32\ShellManager310E2D762.dll
2009-05-25 06:39 . 2009-05-25 06:39 -------- d-----w c:\users\Robbie\AppData\Roaming\Malwarebytes
2009-05-25 06:39 . 2009-03-26 06:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-25 06:39 . 2009-03-26 06:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 06:39 . 2009-05-25 06:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 06:39 . 2009-05-25 06:39 -------- d-----w c:\progra~2\Malwarebytes
2009-05-24 23:44 . 2009-05-24 23:44 16750 ----a-w c:\windows\system32\7461tz5j9.dll
2009-05-24 23:05 . 2009-05-24 23:05 -------- d-----w c:\program files\Uniblue1
2009-05-24 22:56 . 2009-05-24 22:56 -------- d-----w c:\program files\Trend Micro
2009-05-24 22:35 . 2009-05-24 22:42 -------- d-----w c:\users\Robbie\AppData\Roaming\GetRightToGo
2009-05-17 05:42 . 2009-05-17 05:42 -------- d-----w c:\users\Robbie\AppData\Roaming\Nero
2009-05-17 05:36 . 2009-05-17 05:36 -------- d-----w c:\program files\Nero
2009-05-17 04:52 . 2009-05-17 04:52 -------- d-----w c:\users\Robbie\AppData\Local\CyberLink
2009-05-17 04:48 . 2009-05-17 04:48 -------- d-----w c:\users\Robbie\AppData\Local\PowerDVDCox
2009-05-17 04:48 . 2009-05-19 03:21 -------- d-----w c:\users\Robbie\AppData\Local\PowerDVDCinema
2009-05-17 04:47 . 2009-05-17 04:47 -------- d-----w c:\users\Public\CyberLink
2009-05-17 04:46 . 2009-05-17 04:52 -------- d-----w c:\progra~2\CyberLink
2009-05-17 04:44 . 2009-05-17 04:44 -------- d-----w c:\program files\Common Files\CyberLink
2009-05-17 04:42 . 2009-05-17 04:41 29480 ----a-w c:\windows\system32\msxml3a.dll
2009-05-17 03:06 . 2009-05-19 03:21 -------- d-----w c:\users\Robbie\AppData\Roaming\CyberLink
2009-05-17 03:01 . 2009-05-17 04:43 -------- d-----w c:\program files\CyberLink
2009-05-17 02:30 . 2009-05-17 02:30 -------- d-----w c:\program files\Ahead
2009-05-16 05:44 . 2009-05-25 00:49 -------- d-----w c:\users\Robbie\Tracing
2009-05-13 11:54 . 2009-05-13 11:54 23600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2009-05-13 02:48 . 2009-05-13 02:48 -------- d-----w c:\program files\VID_0E8F&PID_0003

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 02:15 . 2009-04-15 04:21 -------- d-----w c:\progra~2\Google Updater
2009-05-26 03:14 . 2007-12-31 09:05 -------- d-----w c:\program files\Common Files\Nero
2009-05-26 03:08 . 2007-11-05 03:01 -------- d-----w c:\progra~2\Nero
2009-05-25 06:55 . 2008-05-27 00:19 -------- d-----w c:\users\Robbie\AppData\Roaming\uTorrent
2009-05-25 02:02 . 2008-05-08 03:15 -------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-05-19 07:43 . 2007-11-08 09:23 -------- d-----w c:\program files\Ubisoft
2009-05-17 11:11 . 2007-12-22 08:22 -------- d-----w c:\users\Robbie\AppData\Roaming\Canon
2009-05-17 04:44 . 2007-10-27 08:18 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-17 04:41 . 2003-03-19 03:14 505128 ----a-w c:\windows\system32\msvcp71.dll
2009-05-17 04:41 . 2003-02-21 11:42 353576 ----a-w c:\windows\system32\msvcr71.dll
2009-05-16 07:53 . 2008-01-31 06:21 -------- d-----w c:\users\Robbie\AppData\Roaming\Azureus
2009-05-15 18:40 . 2008-03-23 00:13 -------- d-----w c:\program files\Google
2009-05-15 14:15 . 2008-01-31 06:23 182 ----a-w c:\users\Robbie\AppData\Roaming\Azureus\restart.bat
2009-05-15 14:11 . 2008-01-31 06:21 -------- d-----w c:\program files\Azureus
2009-05-15 08:27 . 2007-10-27 09:23 -------- d-----w c:\progra~2\NVIDIA
2009-05-13 23:42 . 2007-10-30 01:50 -------- d-----w c:\progra~2\Microsoft Help
2009-05-13 23:39 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-13 02:55 . 2009-02-03 23:28 -------- d-----w c:\progra~2\DriverScanner
2009-05-06 00:11 . 2008-06-06 10:48 -------- d-----w c:\program files\Join ME
2009-05-02 05:38 . 2007-10-27 01:45 99816 ----a-w c:\users\Kelly\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 06:59 . 2007-10-26 08:14 99816 ----a-w c:\users\Robbie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 06:38 . 2007-10-30 01:54 -------- d-----w c:\program files\Microsoft Works
2009-04-26 13:28 . 2009-04-26 13:28 -------- d-----w c:\users\Robbie\AppData\Roaming\Joost
2009-04-26 13:27 . 2008-07-29 11:49 -------- d-----w c:\program files\Joost
2009-04-21 14:20 . 2009-04-21 14:20 14311680 ----a-w c:\windows\system32\xlive.dll
2009-04-21 14:20 . 2009-04-21 14:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll
2009-04-16 02:19 . 2009-04-16 02:19 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-04-16 02:19 . 2007-11-18 09:33 -------- d-----w c:\program files\Windows Live
2009-04-16 02:18 . 2009-04-16 02:18 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-16 02:17 . 2009-04-16 02:17 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-16 02:16 . 2009-02-03 21:43 -------- d-----w c:\program files\Microsoft
2009-04-16 02:16 . 2009-04-16 02:16 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-16 01:29 . 2009-04-16 01:29 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-11 05:19 . 2007-11-11 07:19 -------- d-----w c:\program files\Norton 360
2009-04-09 03:13 . 2008-09-25 12:01 -------- d-----w c:\program files\ActivIcons
2009-04-05 08:51 . 2008-12-09 01:13 1356 ----a-w c:\users\Robbie\AppData\Local\d3d9caps.dat
2009-03-17 03:38 . 2009-04-15 01:33 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 01:33 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-08 18:19 . 2008-12-15 07:19 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-03-27 23:12 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-27 23:12 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-27 23:12 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-27 23:12 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-27 23:12 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-27 23:12 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-27 23:12 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-27 23:12 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-27 23:12 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-27 23:12 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-27 23:12 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-27 23:12 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-27 23:12 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-27 23:12 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-27 23:12 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-27 23:12 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-27 23:12 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-27 23:12 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-15 01:33 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 01:33 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 01:33 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 01:33 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 01:33 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 01:33 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 01:33 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 01:33 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 01:33 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 01:33 17408 ----a-w c:\windows\system32\iashost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2008-01-28 02:47 1555480 ----a-w c:\program files\The_Pirate_Bay\tbThe_.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-06-24 132392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Uniblue SpyEraser"="c:\program files\Uniblue1\SpyEraser\SpyEraser.exe" [2007-08-15 1269000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 223984]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-26 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-26 6707744]
"QuickTime Task"="c:\program files\VistaCodecPack\QT\QTTask.exe" [2008-01-31 385024]
"PKR Pal"="c:\users\Robbie\Desktop\Games\PKR\pkrpal.exe" [2009-05-25 2296936]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Device Detector"="c:\program files\Common Files\ACD Systems\EN\DevDetect.exe" [2004-09-02 221184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"UFaster"="c:\program files\UFaster\UFaster.exe" [2008-10-27 1465344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-15 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-30 75048]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-07 2221352]

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 28th May 2009, 11:48 am

c:\users\Robbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3739652879-568182252-1516034588-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{9D3DABCF-6CC1-4D9B-9A29-720C75C0D40E}c:\\users\\robbie\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\robbie\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{841506D0-9554-47F3-9A7C-9B43F64358CA}c:\\users\\robbie\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\robbie\program files\utorrent\utorrent.exe:utorrent.exe
"{35C8F6C9-F023-4ADF-B242-9C55AACFE6DF}"= UDP:c:\users\Robbie\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A748A025-CCDC-495A-B96E-405ED6A66D8A}"= TCP:c:\users\Robbie\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{0519E261-F088-4415-9FAE-7861DF011138}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{303A74E3-A255-4BBD-8802-7C4749604B06}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{83265AC3-5307-4CA7-90A4-581CD9690B5E}c:\\users\\robbie\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\robbie\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{592BA6EA-6EF9-42B7-BB4A-3331404E45E8}c:\\users\\robbie\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\robbie\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{8E17418D-C012-4DE8-B61F-D511E6A6BFB6}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"UDP Query User{60652446-D937-487A-B4BE-5ED9C239FE8B}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"TCP Query User{CE5E9146-0FAF-4632-B6E9-52B5541A5336}c:\\program files\\codwaw-kaos\\codwaw.exe"= UDP:c:\program files\codwaw-kaos\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{270B4E5A-D84D-415B-B52F-315B2B6E2C81}c:\\program files\\codwaw-kaos\\codwaw.exe"= TCP:c:\program files\codwaw-kaos\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"{A8D5856F-BEF6-44FC-8D07-BD2F3DDEEFE3}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{E7952FB7-3057-419F-8DE9-BE90C51C35D4}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{3B39ACF3-C757-4737-942C-6509380DC8E0}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{BB6A2F45-202F-47CC-907B-F0AFD834A2A5}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"TCP Query User{E2BE898B-12FC-4383-BA4B-0FBC3C154AA3}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{D4C0D9FB-8E63-4361-AB50-49FEB7B3E031}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{49F5EB73-0B7F-457C-9608-E9DD8761E615}"= UDP:c:\windows\System32\[You must be registered and logged in to see this link.]
"{B1045D21-4F5D-47D9-BB98-DA966FAE8778}"= TCP:c:\windows\System32\[You must be registered and logged in to see this link.]
"TCP Query User{ED4FA026-BBE2-495D-B273-8B94B2EFFE33}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox
"UDP Query User{F1EE2115-67B0-4DC3-8B13-65C0A91F5AA6}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox
"{0CE2C2BB-050D-4956-A151-C9D5CFD606EA}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{FD20AA6F-553B-41EA-8095-BAA3FC6451DF}"= c:\program files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:CyberLink PowerDVD 9.0
"{C3867558-6D54-4FAA-AB6C-89B72A270F3E}"= c:\program files\CyberLink\PowerDVD9\PowerDVD9.EXE:CyberLink PowerDVD 9.0
"TCP Query User{26337655-55C8-49A1-B730-9335AEACA889}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{77B403F8-1FCA-4019-8808-B25A651529E7}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{B4F9E829-2ED2-45EE-AA46-5E1233F26B16}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{8D650ABB-41E5-4E8C-86A5-CF77D2DDC5AA}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{3D570078-A537-4215-9D9C-A2207AEDFAEA}c:\\users\\robbie\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\robbie\appdata\local\temp\onlineupdate8\setupxu.exe:Nero Installer
"UDP Query User{C6C35DAB-A9B1-4280-9339-0ECB8334B270}c:\\users\\robbie\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\robbie\appdata\local\temp\onlineupdate8\setupxu.exe:Nero Installer
"TCP Query User{C0BD4ADA-B8D8-41CF-9C9B-75902126B2A0}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{FCD2D577-A957-44D4-A22C-C137028D13C8}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{FF5970F1-347C-4456-B262-DE742EB089AD}c:\\users\\kelly\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\kelly\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{B60C31FC-DECF-458C-B168-6722E8CF7179}c:\\users\\kelly\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\kelly\program files\utorrent\utorrent.exe:utorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [9/02/2009 7:46 AM 17920]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSvix86.sys [21/05/2009 9:54 PM 272432]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/17 14:45];c:\program files\CyberLink\PowerDVD9\000.fcl [30/03/2009 5:53 PM 87536]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 4:50 PM 30312]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 8:37 PM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [28/02/2009 5:09 PM 101936]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [22/09/2008 10:20 AM 43520]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 10:31 AM 41008]
S2 gupdate1c9bd81f2468201;Google Update Service (gupdate1c9bd81f2468201);c:\program files\Google\Update\GoogleUpdate.exe [15/04/2009 2:23 PM 133104]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [13/01/2008 3:32 AM 23888]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [16/04/2009 12:19 PM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 6:08 PM 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [8/01/2009 7:51 PM 33752]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 9:31 PM 29263712]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-15 04:21]

2009-05-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 04:23]

2009-03-04 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-02-04 21:23]

2009-05-28 c:\windows\Tasks\User_Feed_Synchronization-{37A40C4A-7D14-4926-A4F3-517C5037DEBD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-27 11:31]

2009-05-28 c:\windows\Tasks\User_Feed_Synchronization-{5842B63F-9EE7-463E-9604-F3403BF33423}.job
- c:\windows\system32\msfeedssync.exe [2009-03-27 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
SafeBoot-procexp90.Sys

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 28th May 2009, 11:49 am

.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: {00000005-0007-0000-0000-100011000004} - [You must be registered and logged in to see this link.]
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - [You must be registered and logged in to see this link.]
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\trlurjdm.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox 3 Beta 5\components\coFFPlgn.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-28 21:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3739652879-568182252-1516034588-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F070DAD-EABA-9919-E257-825840B6C1A6}*]
"bbmpceojlonabniifakjckamejlkmfgcmnng"=hex:61,62,62,64,70,68,65,70,6c,70,6c,6a,
70,62,6e,6e,65,67,62,65,6a,65,67,6d,65,6d,68,66,6d,69,67,61,64,68,00,62
"abmpceojlonabniifajjhjbaapcbfmemmo"=hex:62,62,6d,67,63,62,67,64,64,6a,68,70,
66,70,69,68,6e,61,68,6f,68,66,6d,65,63,6d,6c,6c,6d,6e,65,62,70,6c,67,62,00,\

[HKEY_USERS\S-1-5-21-3739652879-568182252-1516034588-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:76,65,77,b6,24,31,ea,cd,1d,a0,88,40,b5,ff,79,3c,17,2a,f4,36,93,18,52,
3d,9a,ca,2b,0d,00,04,d3,2a,b3,66,6c,7a,7c,4c,1f,d7,dc,c9,9d,bc,4b,72,52,9a,\
"??"=hex:1e,fe,d3,ea,11,ca,c0,6b,f9,11,36,71,ee,56,33,52

[HKEY_USERS\S-1-5-21-3739652879-568182252-1516034588-1000\Software\SecuROM\License information*]
"datasecu"=hex:47,1e,d4,6f,7e,5e,c3,db,aa,b4,f7,fd,74,28,05,d4,43,3c,93,6f,bb,
ae,d5,0c,b9,ed,2c,5e,cf,79,d7,fd,a3,0d,66,ed,d9,ff,13,09,83,a8,cf,43,8e,d4,\
"rkeysecu"=hex:67,b3,24,46,33,63,1b,8a,29,76,48,15,92,5e,60,99

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 28th May 2009, 11:49 am

.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-05-28 21:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-28 11:30

Pre-Run: 21,472,239,616 bytes free
Post-Run: 21,653,000,192 bytes free

966 --- E O F --- 2009-05-27 10:35

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 28th May 2009, 11:59 am

I cant get over how much shit i have on this computer have all the malware's gone?

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by Belahzur on 29th May 2009, 3:12 pm

Nope, not all of it.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 31st May 2009, 10:10 am

18 Wheels of Steel: American Long Haul
3D Ultra Minigolf Adventures
ACDSee for PENTAX 2.0
Acrobat.com
Acrobat.com
ActivIcons version 3.37
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1.1
Adobe Shockwave Player
AppCore
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 7.32
Ashampoo Internet Accelerator 2.10
Ashampoo WinOptimizer 5.04
Azureus Vuze
Backup
Bonjour
Bubble Bobble Gold Edition
Business Contact Manager for Outlook 2007 SP2
Business Contact Manager for Outlook 2007 SP2
CA Yahoo! Anti-Spy (remove only)
Canon MP Navigator 2.0
Canon MP500
ccCommon
CD-LabelPrint
Choice Guard
Crazy Taxi
Crysis(R)
CSI-Hard Evidence
CyberLink PowerDVD 9
CyberLink PowerDVD 9
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Drive Manager
Drive Manager
DriverGuide Toolkit
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EA Download Manager
EA SPORTS online 2008
EA SPORTS(TM) Cricket 07
EA SPORTS™ Rugby 08
Easy-WebPrint
FIFA 09
Full Tilt Poker
Full Tilt Poker.Org
GameShadow
GameSpot Download Manager
GameSpy Arcade
GearDrvs
GearDrvs
getPlus(R) for Adobe
Google Earth
Google Update Helper
Google Updater
Grand Theft Auto IV
HijackThis 2.0.2
Holdem Genius v1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
John Deere American Farmer Deluxe
Join ME
Joost (tm) Beta 1.1.4
Junk Mail filter update
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Easy Assist v2
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Monopoly 3 (remove only)
Mozilla Firefox (3.0.10)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nero 8
neroxml
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
NVIDIA Drivers
NVIDIA PhysX
NVIDIA WDM Drivers
OGA Notifier 1.7.0105.35.0
OpenAL
OpenOffice.org Installer 1.0
PC DUAL SHOCK
PKR
PKRCasino
Poker Superstars II
PowerISO
PunkBuster Services
QuickTime
Race Driver 3
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Rockstar Games Social Club
Safari
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
SPBBC 32bit
Spelling Dictionaries Support For Adobe Reader 9
Sproink (remove only)
SSH2 Spider
Steam
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
System Requirements Lab
Texas Holdem (remove only)
Texas Hold'em Poker 3D - Deluxe Edition 1.0
The_Pirate_Bay Toolbar
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009
Uniblue PowerSuite
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009
Uniblue SpeedUpMyPC 2009
Uniblue SpeedUpMyPC 2009
Uniblue SpyEraser
UnZixWin Extractor
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Outlook 2007 Junk Email Filter (kb968503)
UseNeXT
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
VIA Platform Device Manager
VIA Rhine Family Fast Ethernet Adapter
Vista Codec Package
Win AVI HelixSDK
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinFast(R) Display Driver
WinRAR archiver
XBCD 1.07
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo!7 Toolbar

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 31st May 2009, 10:12 am

sorry i have not replied earlier have been busy with work.

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by Belahzur on 31st May 2009, 12:56 pm

I see that you are running Ares.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Ares is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Azureus Vuze
    Java(TM) 6 Update 13
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    The_Pirate_Bay Toolbar


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 1st June 2009, 1:31 am

Ok mate deleted and updated misc tools from hijack this for ya.


18 Wheels of Steel: American Long Haul
3D Ultra Minigolf Adventures
ACDSee for PENTAX 2.0
Acrobat.com
Acrobat.com
ActivIcons version 3.37
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1.1
Adobe Shockwave Player
AppCore
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 7.32
Ashampoo Internet Accelerator 2.10
Ashampoo WinOptimizer 5.04
Backup
Bonjour
Bubble Bobble Gold Edition
Business Contact Manager for Outlook 2007 SP2
Business Contact Manager for Outlook 2007 SP2
CA Yahoo! Anti-Spy (remove only)
Canon MP Navigator 2.0
Canon MP500
ccCommon
CD-LabelPrint
Choice Guard
Crazy Taxi
Crysis(R)
CSI-Hard Evidence
CyberLink PowerDVD 9
CyberLink PowerDVD 9
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Drive Manager
Drive Manager
DriverGuide Toolkit
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EA Download Manager
EA SPORTS online 2008
EA SPORTS(TM) Cricket 07
EA SPORTS™ Rugby 08
Easy-WebPrint
FIFA 09
Full Tilt Poker
Full Tilt Poker.Org
GameShadow
GameSpot Download Manager
GameSpy Arcade
GearDrvs
GearDrvs
getPlus(R) for Adobe
Google Earth
Google Update Helper
Google Updater
Grand Theft Auto IV
HijackThis 2.0.2
Holdem Genius v1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
John Deere American Farmer Deluxe
Join ME
Joost (tm) Beta 1.1.4
Junk Mail filter update
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Easy Assist v2
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Monopoly 3 (remove only)
Mozilla Firefox (3.0.10)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nero 8
neroxml
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
NVIDIA Drivers
NVIDIA PhysX
NVIDIA WDM Drivers
OGA Notifier 1.7.0105.35.0
OpenAL
OpenOffice.org Installer 1.0
PC DUAL SHOCK
PKR
PKRCasino
Poker Superstars II
PowerISO
PunkBuster Services
QuickTime
Race Driver 3
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Rockstar Games Social Club
Safari
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
SPBBC 32bit
Spelling Dictionaries Support For Adobe Reader 9
Sproink (remove only)
SSH2 Spider
Steam
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
System Requirements Lab
Texas Holdem (remove only)
Texas Hold'em Poker 3D - Deluxe Edition 1.0
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009
Uniblue PowerSuite
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009
Uniblue SpeedUpMyPC 2009
Uniblue SpeedUpMyPC 2009
Uniblue SpyEraser
UnZixWin Extractor
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Outlook 2007 Junk Email Filter (kb968503)
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
VIA Platform Device Manager
VIA Rhine Family Fast Ethernet Adapter
Vista Codec Package
Win AVI HelixSDK
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinFast(R) Display Driver
WinRAR archiver
XBCD 1.07
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo!7 Toolbar

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by Origin on 1st June 2009, 2:36 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 1st June 2009, 3:08 am

Malwarebytes' Anti-Malware 1.37
Database version: 2204
Windows 6.0.6002 Service Pack 2

1/06/2009 1:08:40 PM
mbam-log-2009-06-01 (13-08-40).txt

Scan type: Quick Scan
Objects scanned: 89326
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by Origin on 1st June 2009, 3:16 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft crap Virus Need help!!!!

Post by 13stimpy on 1st June 2009, 4:42 am

Mate its great it runs a little slow but thats the computer.The pop ups have stopped thank christ.Thank you and belahzur for all your help ill highly recomend you guys to all people who need computer help this site is great.

13stimpy
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-05-25
OS OS : vista 32bit sp2
Points Points : 27568
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum