Removing Winbluesoft ((Please help me!))

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

Now download ComboFix as Combo-Fix again, and try running the script.

I tried that, and this error message keeps popping up:

Anyhow, the main problem is gone. Just delete the current exe file, and re-download it as normal without renaming it, it should still work.

ComboFix 09-06-03.01 - Izumi 06/03/2009 14:30.2 - NTFSx86
Microsoft Windows Vista Business 6.0.6001.1.1252.1.1033.18.2046.1259 [GMT -7:00]
Running from: c:\users\Izumi\Desktop\ComboFix.exe
Command switches used :: c:\users\Izumi\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\DUMP36b0.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\WinBlueSoft Software
c:\program files\WinBlueSoft Software\WinBlueSoft\data.bin
c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
c:\users\Izumi\AppData\Roaming\DNA
c:\users\Izumi\AppData\Roaming\DNA\dht.dat
c:\users\Izumi\AppData\Roaming\DNA\dht.dat.old
c:\users\Izumi\AppData\Roaming\DNA\dna.lng
c:\users\Izumi\AppData\Roaming\DNA\resume.dat
c:\users\Izumi\AppData\Roaming\DNA\resume.dat.old
c:\users\Izumi\AppData\Roaming\DNA\rss.dat
c:\users\Izumi\AppData\Roaming\DNA\rss.dat.old
c:\users\Izumi\AppData\Roaming\DNA\settings.dat
c:\users\Izumi\AppData\Roaming\DNA\settings.dat.old
c:\windows\DUMP36b0.tmp
c:\windows\system32\Process.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 21:33 . 2009-06-03 21:36 -------- d-----w- c:\users\Izumi\AppData\Local\temp
2009-06-03 19:07 . 2009-06-03 19:30 -------- d-s---w- C:\Combo-Fix
2009-06-03 18:52 . 2009-06-03 18:52 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-03 03:54 . 2009-06-03 03:54 -------- d-----w- c:\users\Izumi\AppData\Roaming\Malwarebytes
2009-06-03 03:54 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 03:54 . 2009-06-03 03:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 03:54 . 2009-06-03 03:54 -------- d-----w- c:\programdata\Malwarebytes
2009-06-03 03:54 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 03:06 . 2009-06-03 03:06 -------- d-----w- c:\program files\Trend Micro
2009-06-03 03:05 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-03 03:05 . 2009-04-03 18:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-03 03:05 . 2008-12-18 19:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-03 03:05 . 2009-06-03 03:05 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-03 03:05 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-03 03:05 . 2009-06-03 19:05 -------- d-----w- c:\program files\Spyware Doctor
2009-06-03 03:05 . 2009-06-03 03:05 -------- d-----w- c:\users\Izumi\AppData\Roaming\PC Tools
2009-06-03 03:05 . 2009-06-03 03:05 -------- d-----w- c:\programdata\PC Tools
2009-05-22 20:03 . 2009-05-22 20:03 -------- d-----w- c:\programdata\WebcamMax
2009-05-22 19:57 . 2009-05-22 20:03 -------- d-----w- c:\users\Izumi\AppData\Roaming\Webcammax
2009-05-22 19:56 . 2008-12-18 14:02 1051136 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys
2009-05-21 00:11 . 2009-05-21 04:09 -------- d-----w- c:\programdata\PopCap Games
2009-05-18 07:33 . 2009-05-18 07:33 -------- d-----w- c:\program files\PowerISO
2009-05-16 04:07 . 2009-06-03 18:51 -------- d-----w- c:\users\Izumi\AppData\Roaming\skypePM
2009-05-16 04:06 . 2009-06-03 21:36 -------- d-----w- c:\users\Izumi\AppData\Roaming\Skype
2009-05-16 04:05 . 2009-05-16 04:05 -------- d-----w- c:\program files\Common Files\Skype
2009-05-16 04:05 . 2009-05-16 04:05 -------- d-----r- c:\program files\Skype
2009-05-16 04:05 . 2009-05-16 04:05 -------- d-----w- c:\programdata\Skype
2009-05-12 20:29 . 2008-12-18 02:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-12 20:29 . 2009-05-12 20:29 -------- d-----w- c:\program files\ffdshow
2009-05-12 20:29 . 2008-12-11 20:26 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-05-11 19:11 . 2009-05-11 19:11 -------- d-----w- c:\program files\Spirited Heart
2009-05-10 21:53 . 2009-05-10 21:53 -------- d-----w- c:\users\Izumi\AppData\Roaming\Megaupload
2009-05-10 21:52 . 2009-05-10 21:52 -------- d-----w- c:\program files\Megaupload
2009-05-10 21:51 . 2009-05-10 21:51 -------- d-----w- c:\users\Izumi\AppData\Roaming\InstallShield
2009-05-10 20:49 . 2009-05-10 20:49 -------- d-----w- c:\programdata\AlawarWrapper
2009-05-10 18:27 . 2009-05-10 18:27 -------- d-----w- c:\users\Izumi\AppData\Roaming\RenPy
2009-05-08 01:11 . 2009-05-08 01:11 161862 ----a-r- c:\users\Izumi\AppData\Roaming\Microsoft\Installer\{7958FD50-F724-4A8A-B7B7-F90F6DAF56C2}\_6FEFF9B68218417F98F549.exe
2009-05-08 01:11 . 2009-05-08 01:11 10134 ----a-r- c:\users\Izumi\AppData\Roaming\Microsoft\Installer\{7958FD50-F724-4A8A-B7B7-F90F6DAF56C2}\_FA19A6B6CAEDCBED7C99C2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 05:42 . 2009-02-03 21:06 680 ----a-w- c:\users\Izumi\AppData\Local\d3d9caps.dat
2009-05-18 07:13 . 2009-02-07 18:46 -------- d-----w- c:\users\Izumi\AppData\Roaming\DAEMON Tools Lite
2009-05-18 07:11 . 2009-02-03 21:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-18 07:09 . 2009-02-03 21:12 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-13 10:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-01 20:33 . 2009-05-01 04:34 -------- d-----w- c:\program files\Project64 1.6
2009-05-01 04:34 . 2009-05-01 04:34 8854 ----a-r- c:\users\Izumi\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-05-01 04:34 . 2009-05-01 04:34 40960 ----a-r- c:\users\Izumi\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-05-01 04:34 . 2009-05-01 04:34 40960 ----a-r- c:\users\Izumi\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-04-18 16:52 . 2009-02-04 16:53 -------- d-----w- c:\program files\McAfee
2009-03-17 03:38 . 2009-04-14 17:36 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 17:36 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-03-13 15:09 . 2009-03-13 15:09 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-07 03:24 . 2009-03-07 03:24 297 ----a-w- c:\windows\EReg077.dat
2009-03-06 05:01 . 2009-02-03 21:08 52568 ----a-w- c:\users\Izumi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-06 02:15 . 2009-03-06 02:16 737280 ----a-w- c:\windows\iun6002.exe
2009-02-20 07:20 . 2009-02-20 06:55 56 --sh--r- c:\windows\System32\05F0063427.sys
2009-02-26 01:42 . 2009-02-20 06:55 1890 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-03_19.24.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-03 21:08 . 2009-06-03 19:24 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-03 21:08 . 2009-06-03 21:36 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-03 21:08 . 2009-06-03 19:24 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-03 21:08 . 2009-06-03 21:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-03 21:08 . 2009-06-03 19:24 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 21:08 . 2009-06-03 21:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-03 21:34 . 2009-06-03 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-03 19:23 . 2009-06-03 19:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-03 19:23 . 2009-06-03 19:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-03 21:34 . 2009-06-03 21:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-06-03 19:29 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-03 18:55 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-03 18:55 101144 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-03 19:29 101144 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-09 39408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-13 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-23 198160]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4917048B-A8FC-44DF-B3FD-00392C573E58}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{B7E5E030-1825-455A-826E-5A4659DF28BB}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{D4220144-65E7-4323-BC63-71E0044DD33F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{893055C9-4A0A-4081-8DFA-B0D96AFB134A}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [6/2/2009 8:05 PM 130936]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\System32\drivers\CAMTHWDM.sys [5/22/2009 12:56 PM 1051136]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/2/2009 8:05 PM 348752]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [4/3/2009 9:36 AM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-04 21:32]

2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-04 21:32]

2009-06-03 c:\windows\Tasks\User_Feed_Synchronization-{C221CAC6-F9AB-4213-A05B-E3CD849A922F}.job
- c:\windows\system32\msfeedssync.exe [2009-02-06 07:33]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinBlueSoft - c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gaiaonline.com/
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 14:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2380)
c:\program files\Spyware Doctor\pctgmhk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\nexon\MapleStory\npkcmsvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\System32\msiexec.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-06-03 14:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 21:39
ComboFix2.txt 2009-06-03 19:29

Pre-Run: 17,743,147,008 bytes free
Post-Run: 17,624,576,000 bytes free

233 --- E O F --- 2009-05-27 10:01




Alright, there's the log.

Hello.
That should do it.

Try the Combofix /u command again.

ComboFix has been uninstalled.