win blue soft HELP

View previous topic View next topic Go down

Re: win blue soft HELP

Post by mickey_owen7 on Sat May 30, 2009 7:41 pm

c:\windows\system32\5c2z9teal107.ocx
c:\windows\system32\5c89sp5rse571z.exe
c:\windows\system32\5cbzthief2509.dll
c:\windows\system32\5ddezh9e5937.bin
c:\windows\system32\5de4vz95772.dll
c:\windows\system32\5df9threz522829.bin
c:\windows\system32\5e35thrza96573.exe
c:\windows\system32\5e5cthiz9372.cpl
c:\windows\system32\5e82back9oor1z50.bin
c:\windows\system32\5eb5vir29z9.exe
c:\windows\system32\5f1dow9loa5er279z.bin
c:\windows\system32\5f3steal906z.exe
c:\windows\system32\5f45spyza9e2364.bin
c:\windows\system32\5f91sp59se2483z.dll
c:\windows\system32\5fccaddzare9161.ocx
c:\windows\system32\5z22steal2797.dll
c:\windows\system32\5z24vi5us929.bin
c:\windows\system32\5z4worm196.exe
c:\windows\system32\5z78thr9at15626.ocx
c:\windows\system32\600spa5bo943z.cpl
c:\windows\system32\6123ad5w9ze493.dll
c:\windows\system32\6175nzt-a-v9rus4ca5.ocx
c:\windows\system32\62495parse57z.exe
c:\windows\system32\63295hief14z2.exe
c:\windows\system32\6395sparsz2255.ocx
c:\windows\system32\653zthr9a520520.cpl
c:\windows\system32\6559ddwarz3131.exe
c:\windows\system32\657t9izf1127.cpl
c:\windows\system32\6593a5dwaze2240.bin
c:\windows\system32\6599spyz94.cpl
c:\windows\system32\659evirz523.cpl
c:\windows\system32\65a9downloazer2196.cpl
c:\windows\system32\66z5downloade53915.dll
c:\windows\system32\673bspyw9re5571z.dll
c:\windows\system32\67z2spy359.ocx
c:\windows\system32\685azpywar59689.bin
c:\windows\system32\6953downlo9der3z18.cpl
c:\windows\system32\69azdownload95250.exe
c:\windows\system32\69d5bazkdoor2291.dll
c:\windows\system32\69f2s5eal119z.cpl
c:\windows\system32\6a9zaddware536.cpl
c:\windows\system32\6az9sparse17975.cpl
c:\windows\system32\6b29addware57z99.cpl
c:\windows\system32\6bf05iz899.dll
c:\windows\system32\6d28dz9nloade52700.exe
c:\windows\system32\6dz9a9d5are2657.exe
c:\windows\system32\6e2st5a9249z.bin
c:\windows\system32\6e51thiez5393.cpl
c:\windows\system32\6e60szarse495.ocx
c:\windows\system32\6eefvzr2529.cpl
c:\windows\system32\6efczhr9at25484.dll
c:\windows\system32\6f5dst9az1925.exe
c:\windows\system32\6ffa5dwa9e39z.exe
c:\windows\system32\6z09spy345.cpl
c:\windows\system32\6z25sparse9076.bin
c:\windows\system32\6z28download9r557.bin
c:\windows\system32\6z569hreat19512.dll
c:\windows\system32\6z59hac5tool92.bin
c:\windows\system32\6z5bsteal969.cpl
c:\windows\system32\6z975tea92142.ocx
c:\windows\system32\6z9thief2596.cpl
c:\windows\system32\6za5ste9l2559.dll
c:\windows\system32\6zcbthr5at5946.cpl
c:\windows\system32\6zdvir975.exe
c:\windows\system32\70169ir5z47.dll
c:\windows\system32\7095szyware9793.bin
c:\windows\system32\70b4zhief25519.ocx
c:\windows\system32\7205downloadzr969.bin
c:\windows\system32\721t9reat2z058.cpl
c:\windows\system32\7295not-a-vir9s6e5z.bin
c:\windows\system32\72casp9rze5806.bin
c:\windows\system32\72z0s5arse9504.cpl
c:\windows\system32\72zddow5loa9er3030.ocx
c:\windows\system32\733e9teal25z8.exe
c:\windows\system32\73c7downl9ad5z3186.bin
c:\windows\system32\73e19tea52611z.dll
c:\windows\system32\74175zreat5689.ocx
c:\windows\system32\74df9tea597z.dll
c:\windows\system32\74dzspy5are1999.exe
c:\windows\system32\7510no5-a-vzru95e7.exe
c:\windows\system32\755z5teal599.dll
c:\windows\system32\7569spywarz14999.cpl
c:\windows\system32\7594a59warz1979.dll
c:\windows\system32\75c95zr1455.cpl
c:\windows\system32\75d9s5ars9482z.bin
c:\windows\system32\767fbac9dooz155.bin
c:\windows\system32\76z9steal3059.bin
c:\windows\system32\7746do9n5oader1z85.bin
c:\windows\system32\7767down9oazer2958.dll
c:\windows\system32\77a9spzrse525.cpl
c:\windows\system32\77e95p9ware2080z.bin
c:\windows\system32\7853tz9j257.dll
c:\windows\system32\7855d5wnloader9068z.bin
c:\windows\system32\7899tro97z85.cpl
c:\windows\system32\78z0th9eat15279.bin
c:\windows\system32\793zirusbd5.ocx
c:\windows\system32\795cthiefz7009.bin
c:\windows\system32\7965thiz995.bin
c:\windows\system32\79985par9z1506.dll
c:\windows\system32\79d6sparse2z5.dll
c:\windows\system32\79dbtzief1757.cpl
c:\windows\system32\79v9rusz5.bin
c:\windows\system32\7a79zackdoor2875.bin
c:\windows\system32\7ad3dow5lo9dez559.bin
c:\windows\system32\7b12d5znloader3192.bin
c:\windows\system32\7b2ezhr5at9494.ocx
c:\windows\system32\7b51zir9066.ocx
c:\windows\system32\7c4bac59ooz89.cpl
c:\windows\system32\7c69pazs52174.cpl
c:\windows\system32\7d16back5zor4079.ocx
c:\windows\system32\7d5zspyw5r9572.ocx
c:\windows\system32\7e735ir187z9.cpl
c:\windows\system32\7eb45ddware9058z.ocx
c:\windows\system32\7za9steal1952.cpl
c:\windows\system32\7zc9a5dware2713.cpl
c:\windows\system32\8185v9rus1zc.bin
c:\windows\system32\835viruz359.bin
c:\windows\system32\8787sp5mbot419z.bin
c:\windows\system32\892zspy595.dll
c:\windows\system32\89zspa59e1434.exe
c:\windows\system32\90014hackt5olz5e.bin
c:\windows\system32\90335irus7z7.cpl
c:\windows\system32\9057t9oj44z.exe
c:\windows\system32\90967tzoj285.dll
c:\windows\system32\91078wzr51a2.cpl
c:\windows\system32\91458not-a-viruszd0.dll
c:\windows\system32\9153troj5z9.bin
c:\windows\system32\91565wozm4b8.cpl
c:\windows\system32\92159wozm515.ocx
c:\windows\system32\92296t5oj46dz.exe
c:\windows\system32\9257ha9ktzol218.cpl
c:\windows\system32\925wormz135.cpl
c:\windows\system32\92dztea51010.exe
c:\windows\system32\92f3spars52z19.cpl
c:\windows\system32\92z5spa9bot500.dll
c:\windows\system32\93470spy795z.bin
c:\windows\system32\9358addwaze2533.ocx
c:\windows\system32\93b5backdzor1594.dll
c:\windows\system32\93z15troj112.exe
c:\windows\system32\93z59spy7f4.cpl
c:\windows\system32\94135irusza.dll
c:\windows\system32\942downlz5der1017.dll
c:\windows\system32\94458troj606z.exe
c:\windows\system32\94b1sparsez605.ocx
c:\windows\system32\9532spa5se1z73.cpl
c:\windows\system32\95402vizus557.cpl
c:\windows\system32\9542thie5200z.exe
c:\windows\system32\9556zspy288.dll
c:\windows\system32\955spyz4e.ocx
c:\windows\system32\95761hzcktool1bd.bin
c:\windows\system32\957bsteaz1557.dll
c:\windows\system32\959zw5rm185.dll
c:\windows\system32\95c7a5dware255z.bin
c:\windows\system32\95z50trojb2.exe
c:\windows\system32\9607addwarez51.ocx
c:\windows\system32\96424hacktool758z.bin
c:\windows\system32\96dfstea53169z.exe
c:\windows\system32\9788v5ruz279.bin
c:\windows\system32\9811st5al9z9.dll
c:\windows\system32\98599spz6b5.dll
c:\windows\system32\9873virzs5e25.cpl
c:\windows\system32\98855roj954z.ocx
c:\windows\system32\98d95hzef1023.cpl
c:\windows\system32\98ddvi53z66.cpl
c:\windows\system32\990zsp5rse2577.exe
c:\windows\system32\99696not-a-v5rzs7f0.bin
c:\windows\system32\9969zworm459.bin
c:\windows\system32\997do5nlozder2932.dll
c:\windows\system32\99bcvzr1505.bin
c:\windows\system32\9a9stea5138z.cpl
c:\windows\system32\9aesparse352z.bin
c:\windows\system32\9c05addwarez86.dll
c:\windows\system32\9c3fspz5se1405.ocx
c:\windows\system32\9c52addwaze337.ocx
c:\windows\system32\9df8stezl965.dll
c:\windows\system32\9ez0vir573.bin
c:\windows\system32\9fev5r210z9.dll
c:\windows\system32\9z365ormb5.exe
c:\windows\system32\9z596worm5ab.cpl
c:\windows\system32\9z5cthreat19924.bin
c:\windows\system32\9z75ddware927.bin
c:\windows\system32\9z87troj598.ocx
c:\windows\system32\b62zhief9905.ocx
c:\windows\system32\bz6down5oader1779.dll
c:\windows\system32\c0bdownlo5de92712z.dll
c:\windows\system32\c31backzoor9157.cpl
c:\windows\system32\c54sparse11z39.exe
c:\windows\system32\ce5spywarz559.exe
c:\windows\system32\d1adownload5z21699.dll
c:\windows\system32\d3dspa5s91585z.dll
c:\windows\system32\d6ddzwn5oader1942.ocx
c:\windows\system32\db95parse1993z.exe
c:\windows\system32\dc5t9izf1498.cpl
c:\windows\system32\dc6threat1465z9.bin
c:\windows\system32\de9zi52871.ocx
c:\windows\system32\df9threa52980z.exe
c:\windows\system32\dz5vir956.exe
c:\windows\system32\e38zhre9t15440.exe
c:\windows\system32\ezhi952179.ocx
c:\windows\system32\f06ba5kdozr2949.cpl
c:\windows\system32\f43viz559.exe
c:\windows\system32\f5bviz149.dll
c:\windows\system32\setup2.exe

mickey_owen7
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-05-28
OS : XP

View user profile

Back to top Go down

Re: win blue soft HELP

Post by mickey_owen7 on Sat May 30, 2009 7:42 pm

c:\windows\system32\z014sparse10985.exe
c:\windows\system32\z019s5y3a.bin
c:\windows\system32\z040s9y59f5.exe
c:\windows\system32\z0429vir9s515.bin
c:\windows\system32\z110addw9r569.exe
c:\windows\system32\z15vir4249.ocx
c:\windows\system32\z189not-a-v9r5s2c5.dll
c:\windows\system32\z1e9backdoo52695.exe
c:\windows\system32\z2743spamb5t7139.ocx
c:\windows\system32\z280download5r9257.exe
c:\windows\system32\z2d9s5yware9040.ocx
c:\windows\system32\z2fbbackdoor5694.exe
c:\windows\system32\z3093t9oj63e5.ocx
c:\windows\system32\z30965orm97a.cpl
c:\windows\system32\z3125t9oj6bb.ocx
c:\windows\system32\z32espy5ar92872.dll
c:\windows\system32\z3881not5a9virus18.bin
c:\windows\system32\z4185parse11119.bin
c:\windows\system32\z4625s5ambot194.cpl
c:\windows\system32\z4800ha5kto9l215.dll
c:\windows\system32\z50not-a-vi9us3ef.ocx
c:\windows\system32\z515vir3950.ocx
c:\windows\system32\z55b9hre5t4339.bin
c:\windows\system32\z574worm9db.ocx
c:\windows\system32\z589steal4359.cpl
c:\windows\system32\z58abackdoor93.cpl
c:\windows\system32\z5932hacktool5c1.dll
c:\windows\system32\z5983worm1c05.cpl
c:\windows\system32\z5985wo9m5cc.ocx
c:\windows\system32\z599downloa5er2523.dll
c:\windows\system32\z5d2thief915.dll
c:\windows\system32\z5fespywar530559.cpl
c:\windows\system32\z6099h5cktool233.ocx
c:\windows\system32\z61b9p5ware587.exe
c:\windows\system32\z651backdoor958.bin
c:\windows\system32\z665worm4859.exe
c:\windows\system32\z7528troj19.ocx
c:\windows\system32\z828hackt9ol5a3.exe
c:\windows\system32\z8f7spyw5r92514.cpl
c:\windows\system32\z933downloader502.exe
c:\windows\system32\z94addwa5e1948.bin
c:\windows\system32\z952spyware2924.cpl
c:\windows\system32\z95vir5s940.exe
c:\windows\system32\z971s5a9se2506.cpl
c:\windows\system32\z984spywa5e819.cpl
c:\windows\system32\za08spywar95015.dll
c:\windows\system32\zb2fspy5are23969.bin
c:\windows\system32\zd6adown5oade9564.cpl
c:\windows\system32\zd95spyware2462.exe
c:\windows\system32\ze05steal1394.bin
c:\windows\system32\ze0cb9ckdoor3514.bin
c:\windows\system32\ze83backdo951107.dll
c:\windows\system32\zef8s5ywa9e234.dll
c:\windows\z0586tr5j39c.cpl
c:\windows\z1573hackt9ol424.bin
c:\windows\z157th5ea929316.bin
c:\windows\z15es9arse1178.ocx
c:\windows\z1792worm4c95.exe
c:\windows\z1a959dware1862.cpl
c:\windows\z2684worm59d.dll
c:\windows\z2714s9ambo5526.ocx
c:\windows\z2aaspa9se2652.ocx
c:\windows\z30379orm65.ocx
c:\windows\z3656troj549.ocx
c:\windows\z3895viru592f.cpl
c:\windows\z4b5ad9w5re2086.exe
c:\windows\z4d3thie95862.dll
c:\windows\z523thie932535.bin
c:\windows\z5272no5-a-9irus2bf.cpl
c:\windows\z5498troj7cb.ocx
c:\windows\z5558tro9786.cpl
c:\windows\z5632troj593.cpl
c:\windows\z56sp9rse633.ocx
c:\windows\z5727tro9483.cpl
c:\windows\z57325irus109.exe
c:\windows\z58wor9c65.cpl
c:\windows\z5c2s5ar9e1235.exe
c:\windows\z5d4s9yware1152.cpl
c:\windows\z612ad9wa5e2605.bin
c:\windows\z6364vi5us629.exe
c:\windows\z6956virus610.cpl
c:\windows\z761v5rus294.cpl
c:\windows\z7839viru94d5.ocx
c:\windows\z870v9r3532.cpl
c:\windows\z88cdow5loader793.dll
c:\windows\z8baspars95168.dll
c:\windows\z9084n5t-a-virus202.bin
c:\windows\z9105not-a-v9ru57ef.ocx
c:\windows\z915threat15899.bin
c:\windows\z91765pambot4e7.dll
c:\windows\z936thief2504.ocx
c:\windows\z94395pambot5a0.exe
c:\windows\z96hac9tool565.cpl
c:\windows\z987t95je7.exe
c:\windows\z996worm58.ocx
c:\windows\z9a5dow5loader2906.cpl
c:\windows\z9c6s5arse1191.cpl
c:\windows\z9c8th5ef2031.bin
c:\windows\z9c9steal5987.cpl
c:\windows\zb15spars93215.ocx
c:\windows\zb2athre5t9940.ocx
c:\windows\zb5f9ownloader2538.ocx
c:\windows\zb94vir5519.ocx
c:\windows\zc5fthief1998.exe
c:\windows\zcbcv9r2553.ocx
c:\windows\zd809hre5t24152.dll
c:\windows\ze259pyware2453.bin
c:\windows\zf45vir9766.exe
c:\windows\zf9d5ddware2831.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( 2009-04-28 至 2009-05-30 的新的档案 )))))))))))))))))))))))))))))))
.

2009-05-28 23:51 . 2009-05-28 23:51 -------- d-----w c:\documents and settings\LocalService\Application Data\Talkback
2009-05-28 23:50 . 2009-05-28 23:50 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-05-28 23:46 . 2009-05-28 23:46 102400 ----a-w c:\windows\system32\blocker.dll
2009-05-28 23:45 . 2009-05-28 23:45 -------- d-----w c:\program files\MoviesPlay
2009-05-03 08:00 . 2009-05-03 08:00 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 23:16 . 2009-02-27 07:02 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-30 23:14 . 2009-02-27 07:02 -------- d-----w c:\program files\PC Tools Internet Security
2009-05-28 05:39 . 2008-12-27 04:37 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-17 10:42 . 2006-07-08 04:40 -------- d-----w c:\documents and settings\user\Application Data\AdobeUM
2009-04-17 02:13 . 2008-05-07 08:01 -------- d-----w c:\documents and settings\user\Application Data\LimeWire
2009-04-15 21:53 . 2009-03-13 07:45 -------- d-----w c:\program files\3 MobileBroadband
2009-04-05 22:06 . 2008-05-07 07:54 -------- d-----w c:\program files\LimeWire
2009-03-15 08:21 . 2006-07-05 10:47 83008 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-12 23:06 . 2009-02-27 07:02 157568 ----a-w c:\windows\PCTBDRes.dll
2009-03-12 23:06 . 2009-02-27 07:02 1587072 ----a-w c:\windows\PCTBDCore.dll
2009-03-12 05:33 . 2009-02-27 07:02 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 01:21 . 2009-02-27 07:02 921 ----a-w c:\windows\UDB.zip
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-05-01 11:42 . 2006-07-03 05:13 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-05-01 11:42 . 2006-07-03 05:13 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-05-01 11:42 . 2009-03-02 09:40 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-05-01 11:42 . 2009-03-02 09:40 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-05-01 11:42 . 2006-07-03 05:13 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

mickey_owen7
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-05-28
OS : XP

View user profile

Back to top Go down

Re: win blue soft HELP

Post by mickey_owen7 on Sat May 30, 2009 7:43 pm

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-25 23:32 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"iIWiper"="c:\program files\iISystem Wiper\SystemWiper.exe" [2005-09-11 258048]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]
"Lingoes"="c:\program files\Lingoes\Translator2\Lingoes.exe" [2008-12-29 2473984]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Double Desktop Switcher"="c:\program files\Double Desktop Switcher\DoubleDesktop.exe" [2002-11-22 1266688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-14 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"USB Keyboard"="c:\program files\USB Keyboard Driver\kb_2k.exe" [2004-03-30 155648]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-27 136600]
"Desktop Service Centre"="c:\program files\OptusNet DSL Internet\DSC.exe" [2005-11-30 2919831]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-30 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"ISTray"="c:\program files\PC Tools Internet Security\pctsTray.exe" [2008-12-08 1173416]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-14 1519616]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2001-12-23 4608]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\user\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-9-16 155648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-4 113664]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-5-15 1528880]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsy58.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Cisco Systems\\VPN Client\\cvpnd.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [4/07/2006 9:12 PM 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [4/07/2006 9:12 PM 5248]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [27/02/2009 5:02 PM 130424]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [27/02/2009 5:02 PM 51520]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [27/02/2009 5:02 PM 38208]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [27/02/2009 5:02 PM 159600]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Browser Defender\BDTUpdateService.exe [27/02/2009 5:02 PM 108416]
R2 ClickView Home Service;ClickView Home Service;c:\program files\ClickView\ClickView Library\ClickViewHomeService.exe [8/05/2008 4:23 PM 262144]
R2 ClickView Library Server;ClickView Library Server;c:\program files\ClickView\ClickView Library\ClickViewServerService.exe [30/04/2008 5:07 PM 249856]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [15/03/2009 6:16 PM 55152]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [27/02/2009 5:02 PM 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Internet Security\pctsAuxs.exe [27/02/2009 5:02 PM 348752]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [27/02/2009 5:02 PM 95656]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [27/02/2009 5:02 PM 64424]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [27/02/2009 5:02 PM 33088]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service [?]
S0 Winsy58;Winsy58;c:\windows\system32\Drivers\Winsy58.sys --> c:\windows\system32\Drivers\Winsy58.sys [?]
S2 D4ACF08D;D4ACF08D;c:\windows\system32\D641528B.EXE -k --> c:\windows\system32\D641528B.EXE -k [?]
S3 cusbohcn;cusbohcn;\??\c:\docume~1\user\LOCALS~1\Temp\cusbohcn.sys --> c:\docume~1\user\LOCALS~1\Temp\cusbohcn.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 5:08 PM 533360]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\YH-820.sys [4/07/2006 8:41 PM 7552]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 7:01 AM 2799808]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
‘计划任务’ 文件夹 里的内容

2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 02:34]

2006-10-05 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21152009576.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 10:38]

2009-05-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-08 09:40]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-setup2.exe - c:\windows\system32\setup2.exe
SafeBoot-procexp90.Sys


.
------- 而外的扫描 -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\08cebujr.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-31 09:15
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

扫描被隐藏的进程 。。。

扫描被隐藏的启动组 。。。

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Double Desktop Switcher = c:\program files\Double Desktop Switcher\DoubleDesktop.exe??p??\???l???E????M????K?\???$??G??$??O??M????K?8??j ??p??????E?8???F?x??p??p??????h???E????????????????$??G??$??
扫描被隐藏的文件 。。。

扫描完成
被隐藏的档案: 0

**************************************************************************
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'winlogon.exe'(1276)
c:\program files\PC Tools Internet Security\TFEngine\TFNI.dll

- - - - - - - > 'lsass.exe'(1332)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\PC Tools Internet Security\TFEngine\TFWAH.dll

- - - - - - - > 'explorer.exe'(4664)
c:\program files\PC Tools Internet Security\TFEngine\TFWAH.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\program files\Lingoes\Translator2\opentext2.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\MSVCR71.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools Internet Security\pctsSvc.exe
c:\windows\system32\conime.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\Double Desktop Switcher\DDE.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Tools Internet Security\TFEngine\TFService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
完成时间: 2009-05-30 9:21 - 电脑已重新启动
ComboFix-quarantined-files.txt 2009-05-30 23:20

Pre-Run: 60,431,450,112 bytes free
Post-Run: 61,533,822,976 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

1684 --- E O F --- 2009-05-27 11:59

mickey_owen7
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-05-28
OS : XP

View user profile

Back to top Go down

Re: win blue soft HELP

Post by Belahzur on Sat May 30, 2009 7:50 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Ask Toolbar
  • Limewire

Now open a new notepad file.
Input this into the notepad file:

Driver::
Winsy58
D4ACF08D
cusbohcn

File::
c:\windows\system32\blocker.dll

Folder::
c:\program files\LimeWire
c:\program files\AskBarDis

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsy58.sys]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win blue soft HELP

Post by mickey_owen7 on Sat May 30, 2009 8:01 pm

yes i have unintalled limewire and ask toolbar and dragged the txt onto combofix, it is now running.

mickey_owen7
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-05-28
OS : XP

View user profile

Back to top Go down

Re: win blue soft HELP

Post by mickey_owen7 on Sat May 30, 2009 8:17 pm

ComboFix 09-05-29.01 - user 5/2009 Sun 10:02.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.1023.365 [GMT 10:00]
执行位置: c:\documents and settings\user\Desktop\Fix-Combo.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: Internet Security Anti-Virus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Internet Security Firewall *disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}

FILE ::
"c:\windows\system32\blocker.dll"
.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\user\LOCALS~1\Temp\{0E9D8BD9-F856-44F1-B21E-77ED2F483EB5}\_extra\objects\cmdline.dll
c:\documents and settings\user\Local Settings\Temp\{0E9D8BD9-F856-44F1-B21E-77ED2F483EB5}\_extra\objects\cmdline.dll
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid3656.log
c:\windows\system32\blocker.dll

.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CUSBOHCN
-------\Legacy_D4ACF08D
-------\Service_cusbohcn
-------\Service_D4ACF08D
-------\Service_Winsy58


((((((((((((((((((((((((( 2009-04-28 至 2009-05-31 的新的档案 )))))))))))))))))))))))))))))))
.

2009-05-28 23:51 . 2009-05-28 23:51 -------- d-----w c:\documents and settings\LocalService\Application Data\Talkback
2009-05-28 23:50 . 2009-05-28 23:50 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-05-28 23:45 . 2009-05-28 23:45 -------- d-----w c:\program files\MoviesPlay
2009-05-03 08:00 . 2009-05-03 08:00 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 00:11 . 2009-02-27 07:02 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-30 23:14 . 2009-02-27 07:02 -------- d-----w c:\program files\PC Tools Internet Security
2009-05-28 05:39 . 2008-12-27 04:37 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-17 10:42 . 2006-07-08 04:40 -------- d-----w c:\documents and settings\user\Application Data\AdobeUM
2009-04-17 02:13 . 2008-05-07 08:01 -------- d-----w c:\documents and settings\user\Application Data\LimeWire
2009-04-15 21:53 . 2009-03-13 07:45 -------- d-----w c:\program files\3 MobileBroadband
2009-03-15 08:21 . 2006-07-05 10:47 83008 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-12 23:06 . 2009-02-27 07:02 157568 ----a-w c:\windows\PCTBDRes.dll
2009-03-12 23:06 . 2009-02-27 07:02 1587072 ----a-w c:\windows\PCTBDCore.dll
2009-03-12 05:33 . 2009-02-27 07:02 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 01:21 . 2009-02-27 07:02 921 ----a-w c:\windows\UDB.zip
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-05-01 11:42 . 2006-07-03 05:13 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-05-01 11:42 . 2006-07-03 05:13 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-05-01 11:42 . 2009-03-02 09:40 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-05-01 11:42 . 2009-03-02 09:40 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-05-01 11:42 . 2006-07-03 05:13 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-31 00:09 . 2009-05-31 00:09 16384 c:\windows\Temp\Perflib_Perfdata_3f8.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"iIWiper"="c:\program files\iISystem Wiper\SystemWiper.exe" [2005-09-11 258048]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]
"Lingoes"="c:\program files\Lingoes\Translator2\Lingoes.exe" [2008-12-29 2473984]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Double Desktop Switcher"="c:\program files\Double Desktop Switcher\DoubleDesktop.exe" [2002-11-22 1266688]

mickey_owen7
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-05-28
OS : XP

View user profile

Back to top Go down

Re: win blue soft HELP

Post by mickey_owen7 on Sat May 30, 2009 8:18 pm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-14 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"USB Keyboard"="c:\program files\USB Keyboard Driver\kb_2k.exe" [2004-03-30 155648]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-27 136600]
"Desktop Service Centre"="c:\program files\OptusNet DSL Internet\DSC.exe" [2005-11-30 2919831]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-30 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"ISTray"="c:\program files\PC Tools Internet Security\pctsTray.exe" [2008-12-08 1173416]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-14 1519616]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2001-12-23 4608]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\user\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-9-16 155648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-4 113664]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-5-15 1528880]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Cisco Systems\\VPN Client\\cvpnd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [4/07/2006 9:12 PM 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [4/07/2006 9:12 PM 5248]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [27/02/2009 5:02 PM 130424]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [27/02/2009 5:02 PM 51520]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [27/02/2009 5:02 PM 38208]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [27/02/2009 5:02 PM 159600]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Browser Defender\BDTUpdateService.exe [27/02/2009 5:02 PM 108416]
R2 ClickView Home Service;ClickView Home Service;c:\program files\ClickView\ClickView Library\ClickViewHomeService.exe [8/05/2008 4:23 PM 262144]
R2 ClickView Library Server;ClickView Library Server;c:\program files\ClickView\ClickView Library\ClickViewServerService.exe [30/04/2008 5:07 PM 249856]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [15/03/2009 6:16 PM 55152]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [27/02/2009 5:02 PM 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Internet Security\pctsAuxs.exe [27/02/2009 5:02 PM 348752]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [27/02/2009 5:02 PM 95656]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [27/02/2009 5:02 PM 64424]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [27/02/2009 5:02 PM 33088]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 5:08 PM 533360]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\YH-820.sys [4/07/2006 8:41 PM 7552]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 7:01 AM 2799808]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
‘计划任务’ 文件夹 里的内容

2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 02:34]

2006-10-05 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21152009576.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 10:38]

2009-05-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-08 09:40]
.
.
------- 而外的扫描 -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\08cebujr.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-31 10:10
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

扫描被隐藏的进程 。。。

扫描被隐藏的启动组 。。。

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Double Desktop Switcher = c:\program files\Double Desktop Switcher\DoubleDesktop.exe??p??\???l???E????M????K?\???$??G??$??O??M????K?8??j ?p??????E?8???F?x??p??p??????h???E????????????????$??G??$??
扫描被隐藏的文件 。。。

扫描完成
被隐藏的档案: 0

**************************************************************************
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'winlogon.exe'(1276)
c:\program files\PC Tools Internet Security\TFEngine\TFNI.dll

- - - - - - - > 'lsass.exe'(1332)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\PC Tools Internet Security\TFEngine\TFWAH.dll

- - - - - - - > 'explorer.exe'(2116)
c:\program files\PC Tools Internet Security\TFEngine\TFWAH.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\MSVCR71.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools Internet Security\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\conime.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Tools Internet Security\TFEngine\TFService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\Double Desktop Switcher\DDE.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
完成时间: 2009-05-31 10:15 - 电脑已重新启动
ComboFix-quarantined-files.txt 2009-05-31 00:15
ComboFix2.txt 2009-05-30 23:21

Pre-Run: 61,857,320,960 bytes free
Post-Run: 61,706,838,016 bytes free

240 --- E O F --- 2009-05-27 11:59

mickey_owen7
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-05-28
OS : XP

View user profile

Back to top Go down

Re: win blue soft HELP

Post by Belahzur on Sat May 30, 2009 8:24 pm

Hello.
Combofix found some malware that keeps coming back, I've seen someone else with it and I think I know the cause, so to do that, we need to get an uninstall list.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win blue soft HELP

Post by mickey_owen7 on Sat May 30, 2009 8:29 pm

??2??¤èˉ3???°?
3D World Atlas
3DVIA Player 4.1
Adobe Acrobat 6.0 Standard
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 6.0.1
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Bonjour
Brother MFL-Pro Suite
Browser Defender 2.0.6.6
Choice Guard
ClickView Library Server
ClickView Player
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Double Desktop Switcher
DVD Decrypter (Remove Only)
EndNote 9 Volume License Edition
Eyewitness Encyclopedia of Science 2.0
Eyewitness History of the World 2.1
Free YouTube Download 2.2
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Graphmatica
High Definition Audio Driver Package - KB888111
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
iISystem Wiper 2.4.1
ImageTool
InterActual Player
IrfanView (remove only)
ISI ResearchSoft - Export Helper
iTunes
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
Keyboard driver
K-Lite Mega Codec Pack 1.52
Lingoes 2.5.3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Speech API 4.0
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
MoviesPlay
Mozilla Firefox (2.0.0.20)
MSDN Library for Visual Studio 2005
MSDN Library for Visual Studio 2005
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Multimedia Keyboard Driver
Nero Suite
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
OpenOffice.org 2.0
OptusNet DSL
PaperPort Image Printer
PC Connectivity Solution
PC Tools Internet Security 2009
Pivot Stickfigure Animator
PowerDVD
QuickTime
ReadPlease 2003/ReadPlease PLUS 2003
Realtek High Definition Audio Driver
Samsung Music Studio
ScanSoft PaperPort 11
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB925674)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937060)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Shockwave
Siemens Subscriber Networks SpeedStream DSL
Smart Menus (Windows Live Toolbar)
SoftK56 Data Fax Voice Speakerphone CARP
Sony Picture Utility
TheSage
TI Connect 1.6
Uninstall 1.0.0.1
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Videora iPod Converter 4.01
VPN Client
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
Yahoo!7 Toolbar
ZipCentral 4.01

mickey_owen7
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-05-28
OS : XP

View user profile

Back to top Go down

Re: win blue soft HELP

Post by Belahzur on Sat May 30, 2009 8:35 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Java 2 Runtime Environment, SE v1.4.2_04
  • Java(TM) 6 Update 11
  • Java(TM) 6 Update 5
  • Java(TM) 6 Update 7


OptusNet DSL <== this is the problem.

Before uninstalling it, I need to know if you use dial-up, or ethernet DSL. Either way, this software is only for USB ethernet connectio


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win blue soft HELP

Post by mickey_owen7 on Sat May 30, 2009 8:38 pm

i use dsl, cable. but optusnet is my internet connection program. are you asking me to uninstall it?

mickey_owen7
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-05-28
OS : XP

View user profile

Back to top Go down

Re: win blue soft HELP

Post by mickey_owen7 on Sat May 30, 2009 8:44 pm

btw i have uninstalled the java programs

mickey_owen7
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-05-28
OS : XP

View user profile

Back to top Go down

Re: win blue soft HELP

Post by mickey_owen7 on Sat May 30, 2009 8:46 pm

also i have a usb internet connection as well.

mickey_owen7
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-05-28
OS : XP

View user profile

Back to top Go down

Re: win blue soft HELP

Post by Belahzur on Sat May 30, 2009 8:50 pm

Ah, then keep it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win blue soft HELP

Post by mickey_owen7 on Sat May 30, 2009 8:57 pm

um, so way do i do? are we done. my computer works better now, but the desktop background is still : WARNING, your system is infected."

mickey_owen7
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-05-28
OS : XP

View user profile

Back to top Go down

Re: win blue soft HELP

Post by Belahzur on Sat May 30, 2009 9:02 pm

Keep OptusNet DSL. Just uninstall the old Java, and then follow my instructions below to install the newest version.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "This release is Windows 7 support-ready and includes support for Internet Explorer 8...".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
    [
  • Repeat as many times as necessary to remove each Java versions.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe that you downloaded to install the newest version.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win blue soft HELP

Post by mickey_owen7 on Sat May 30, 2009 9:09 pm

i have done so. Thanks again. What do i need to do next?

mickey_owen7
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-05-28
OS : XP

View user profile

Back to top Go down

Re: win blue soft HELP

Post by Belahzur on Sat May 30, 2009 9:20 pm

Nothing, that should do it.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: win blue soft HELP

Post by mickey_owen7 on Sat May 30, 2009 9:27 pm

THANKS SO MUCH MATE

mickey_owen7
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-05-28
OS : XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum