WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Help Removing Winbluesoft when antivirus won't work

3 posters

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyHelp Removing Winbluesoft when antivirus won't work4th June 2009, 3:27 am

more_horiz
This winbluesoft recently installed itself onto my computer. I have tried several antivirus and none will work. I tried malwarebytes.org and once I install this program it won't allow me to run it. I'm not receiving any pop ups because I never opened Winbluesoft its just on my desktop. It won't allow me to remove it through Add/Remove programs. Please help

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 4:08 am

more_horiz
Hello can you doownload Hijackthis?


Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

............................................................................................

While my help is always free, please consider donating to keep this site alive: Donate

Help Removing Winbluesoft when antivirus won't work 2wg6fte

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 4:27 am

more_horiz
I was able to download hijack this and do a system scan but no notepad opened. I don't know how to copy and paste it here.

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 4:41 am

more_horiz
the information mage420 provided is not my info i'm still unable to copy my information from hijack this i'm able to open microsoft word but unable to even open notepad

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 10:51 am

more_horiz
Hello.
mage420 has been split out of your topic.

We know the reason behind the block, we can use Hijack This to unlock the problem and then tools will work.
[LIST]
[*] Open HijackThis.
[*] When Hijack This opens, click "Open the Misc Tools section"
[*] Then select "Delete a file on reboot..."
[*] Then find and select this file: C:\windows\system32\blocker.dll
[*] Select okay and select yes to reboot.
[/LIST
Let us know once that is done, and then post the normal Hijack This log, because once that blocker.dll is gone, Notepad will work.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Help Removing Winbluesoft when antivirus won't work DXwU4
Help Removing Winbluesoft when antivirus won't work VvYDg

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 11:28 am

more_horiz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:00 AM, on 6/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159822766\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Winstb] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [WinMedia] C:\3611010322575691656.exe
O4 - HKCU\..\Run: [Winstr] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstn] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winsts] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winsti] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstd] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstj] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winsty] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstz] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstp] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winste] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winsta] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstk] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstt] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winsto] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstu] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Winstf] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstv] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstx] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstg] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstl] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstm] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winsth] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstc] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstw] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Winstq] C:\3611010322575722234.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKUS\S-1-5-18\..\Run: [tempo-setup2.exe] C:\WINDOWS\system32\tempo-setup2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [tempo-setup2.exe] C:\WINDOWS\system32\tempo-setup2.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - AppInit_DLLs: blocker.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iTunes\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11992 bytes

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 2:48 pm

more_horiz
Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Delete a file on reboot..."
  • Then find and select this file: C:\windows\system32\blocker.dll
  • Select okay and select yes to reboot.

Let me know once you've done that.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Help Removing Winbluesoft when antivirus won't work DXwU4
Help Removing Winbluesoft when antivirus won't work VvYDg

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 3:00 pm

more_horiz
I'm unable to find blocker.dll, I believe you had me to delete it early because I was unable to open notepad. I looked to see if there was another blocker but was unable to find one.

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 3:03 pm

more_horiz
Oh, sorry. I help so many people per day to try and stop it building up on me that I forget who I've asked to do what.

I want to get an uninstall list, because there's some old/un-needed software I want to get rid of before doing any malwarew removal, it will be less stress on the machine.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Help Removing Winbluesoft when antivirus won't work DXwU4
Help Removing Winbluesoft when antivirus won't work VvYDg

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 3:06 pm

more_horiz
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
Advanced Registry Optimizer
Alien Outbreak 2
Ancient Sudoku
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AT&T Internet Security Wizard 1.5.11
AT&T Self Support Tool
AT&T Toolbar
AT&T Yahoo! Internet Mail
ATI Control Panel
ATI Display Driver
Bejeweled 2 Deluxe
Big Kahuna Reef
Blackhawk Striker 2
Blasterball 2 Remix
Blasterball 2 Revolution
Bonjour
Bookworm Deluxe
Bounce Symphony
CC_ccProxyExt
ccCommon
ccPxyCore
Chuzzle Deluxe
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Diner Dash
DISCover
DivxFree
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
Fairies
Family Feud
FATE
Flip Words
GemMaster Mystic
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 6.1
HP DVD Play 2.1
HP Extended Capabilities 5.3
HP Game Console
HP Image Zone Express
HP Imaging Device Functions 7.0
HP Photosmart Cameras 6.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP PSC & OfficeJet 5.3.B
HP PSC & OfficeJet 6.1.A
HP Rhapsody
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HP Web Helper
Insaniquarium Deluxe
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 6
Jewel Quest
LiveUpdate 2.7 (Symantec Corporation)
Mah Jong Quest
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Money 2006
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft Works
MSN
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
Mystery Case Files
Netscape Browser (remove only)
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
Norton WMI Update
Otto
PC-Doctor 5 for Windows
Poker Superstars
Polar Bowler
Polar Golfer
Pure Networks Port Magic
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Ricochet Lost Worlds
SCRABBLE
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Slingo Deluxe
Snowy The Bears Adventure
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC
Super Granny
SymNet
Tennis Titans
Tornado Jockey
Tradewinds
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Updates from HP (remove only)
Viewpoint Media Player
WildTangent Web Driver
WinBlueSoft
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Yahoo! Install Manager

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 3:09 pm

more_horiz
Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar
    J2SE Runtime Environment 5.0 Update 6
    Viewpoint Media Player
    WinBlueSoft

Next,

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Winstb] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [WinMedia] C:\3611010322575691656.exe
    O4 - HKCU\..\Run: [Winstr] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstn] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winsts] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winsti] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstd] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstj] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winsty] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstz] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstp] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winste] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winsta] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstk] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstt] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winsto] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstu] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstf] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstv] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstx] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstg] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstl] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstm] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winsth] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstc] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstw] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Winstq] C:\3611010322575722234.exe
    O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\b.exe
    O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
    O4 - HKUS\S-1-5-18\..\Run: [tempo-setup2.exe] C:\WINDOWS\system32\tempo-setup2.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [tempo-setup2.exe] C:\WINDOWS\system32\tempo-setup2.exe (User 'Default user')
    O20 - AppInit_DLLs: blocker.dll


  • Press "Fix Checked"
  • Close Hijack This.

Let me know once you've done that.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Help Removing Winbluesoft when antivirus won't work DXwU4
Help Removing Winbluesoft when antivirus won't work VvYDg

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 3:26 pm

more_horiz
I was unable to remove J2SE Runtime Environment 5.0 Update 6. I did everything else.

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 3:50 pm

more_horiz
Now lets see about this infection and kick it out.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Help Removing Winbluesoft when antivirus won't work CF_download_FF

    Help Removing Winbluesoft when antivirus won't work CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV. (Norton)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Help Removing Winbluesoft when antivirus won't work Rcauto10

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Help Removing Winbluesoft when antivirus won't work Whatne10

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Help Removing Winbluesoft when antivirus won't work DXwU4
Help Removing Winbluesoft when antivirus won't work VvYDg

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 4:41 pm

more_horiz
ComboFix 09-06-03.04 - HP_Administrator 06/04/2009 11:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.69 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\3611010322575691656.exe
C:\3611010322575722671.exe
C:\3611010322575723578.exe
C:\autorun.inf
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\windows\10044zro968a5.bin
c:\windows\103z45py2c89.dll
c:\windows\10565z9ckto5l441.exe
c:\windows\1089woz9255.cpl
c:\windows\117z5t5o9eb.bin
c:\windows\12119hacktooz459.bin
c:\windows\13335h5cktooz5939.bin
c:\windows\13429spyz2d5.dll
c:\windows\1351azdw9re2030.dll
c:\windows\13692wzrm558.ocx
c:\windows\13869zirus1925.exe
c:\windows\14199h5cktool5z9.dll
c:\windows\1433spywa59603z.cpl
c:\windows\14555parse2983z.ocx
c:\windows\1456zhackt9ol30c.ocx
c:\windows\14765spamzo92b5.exe
c:\windows\14829ro57z0.bin
c:\windows\14fathief9659z.bin
c:\windows\14z99t5oj2c5.cpl
c:\windows\1527wor93zb.ocx
c:\windows\15318sp9zbo518a.exe
c:\windows\15384ha9kzool5c5.bin
c:\windows\153zvir9395.bin
c:\windows\1549viz3189.bin
c:\windows\158395py57z.exe
c:\windows\15a8dowzloade91813.ocx
c:\windows\15d9threzt19894.ocx
c:\windows\16253w9rmz80.bin
c:\windows\1652szy926.bin
c:\windows\172965ot-azvir9s55d.ocx
c:\windows\1799zt9oj551.cpl
c:\windows\182z9spamb5t75d.ocx
c:\windows\18555not5a-zirus94e.exe
c:\windows\18bz9ir5435.cpl
c:\windows\1909vzr2531.exe
c:\windows\19255viru919z.bin
c:\windows\19411ha9kzool54b.dll
c:\windows\1956wozm23b.cpl
c:\windows\195z9wo5m7ef.ocx
c:\windows\19635tro55bez.exe
c:\windows\19740not-z-viru52eb.dll
c:\windows\197z0troj355.cpl
c:\windows\1987addzar51314.cpl
c:\windows\198979izus1a5.bin
c:\windows\19953not-a-virz5592.bin
c:\windows\19d3bazkd9or653.bin
c:\windows\19z5vir2729.cpl
c:\windows\19z959ro5288.dll
c:\windows\19z99s5ambot193.bin
c:\windows\1b5ct9iefz70.bin
c:\windows\1f36d5wnloz9er1554.bin
c:\windows\1f75s5zware2909.dll
c:\windows\1z569tro9556.cpl
c:\windows\1z83sp59se1304.dll
c:\windows\1ze19hief1135.cpl
c:\windows\2008bac5doz9664.cpl
c:\windows\2016azdwar597.ocx
c:\windows\2035spambz91f4.cpl
c:\windows\2050tzie92185.dll
c:\windows\20519zackt5ol4c7.dll
c:\windows\20619zpa9bo5285.bin
c:\windows\20z39h5ef2459.bin
c:\windows\212215acktzol69e.cpl
c:\windows\214z7spamb5t79d9.exe
c:\windows\2193downloader2z865.exe
c:\windows\2195sparze962.exe
c:\windows\22148not-a9virzs658.exe
c:\windows\224z9virus4b5.exe
c:\windows\225195aczt9ol674.dll
c:\windows\22625t95j1d1z.dll
c:\windows\226dthr9at4885z.cpl
c:\windows\229039ot-a-v5ruz31f.ocx
c:\windows\22939hackt5zl40a.bin
c:\windows\22a4zhief58179.cpl
c:\windows\22z52w9rm46c.ocx
c:\windows\23046not-9-v5rus6z1.dll
c:\windows\24221w9zm153.ocx
c:\windows\24692woz5d59.bin
c:\windows\255279ot-azvirus619.cpl
c:\windows\25763hazktoo99c.exe
c:\windows\2588th95at2740z.dll
c:\windows\25972n5t-a-virzs268.exe
c:\windows\25992not-a-vzruseb.dll
c:\windows\259bsp9ware31z4.ocx
c:\windows\25z51troj982.cpl
c:\windows\265869a5ktool2ze.cpl
c:\windows\2666zhacktool965.ocx
c:\windows\26884tro53zf9.cpl
c:\windows\26999spy2z85.dll
c:\windows\2705z5orm49f.bin
c:\windows\27248zackto5l902.cpl
c:\windows\27285ackdzo91110.exe
c:\windows\2833s5y4z9.exe
c:\windows\286z3sp95bot7a4.ocx
c:\windows\28937zr5j6ee.bin
c:\windows\28966h5cztool7c2.dll
c:\windows\29345spyzf3.cpl
c:\windows\2942h5cktozla4.bin
c:\windows\29597not-5zvirus32d.cpl
c:\windows\29822wozm4c5.exe
c:\windows\29938not-a-viru5375z.exe
c:\windows\29fcdow5loader1z41.dll
c:\windows\29z325orm2aa.exe
c:\windows\2bf3thrz9524795.bin
c:\windows\2c0c95r582z.dll
c:\windows\2c6cthizf15259.cpl
c:\windows\2dabackz5or2779.ocx
c:\windows\2e3zdownlo9der5141.ocx
c:\windows\2f069i5418z.ocx
c:\windows\2z095virus5dc.bin
c:\windows\2z25th9ef1553.ocx
c:\windows\2z6esteal9156.dll
c:\windows\302aaddware1z59.ocx
c:\windows\3034worz69f5.dll
c:\windows\30596not-azvirus49b.cpl
c:\windows\30650spamboz9a.cpl
c:\windows\30659zirus1f75.ocx
c:\windows\30948szambot5495.exe
c:\windows\30988z95mbot235.ocx
c:\windows\30c0adzware8549.cpl
c:\windows\30f95ddware482z.ocx
c:\windows\310705ro97za.exe
c:\windows\31559virzs3fa.dll
c:\windows\31576wzrm5229.exe
c:\windows\3199sp5rsez543.bin
c:\windows\3216sp9rsez508.dll
c:\windows\32479wzrm3495.exe
c:\windows\32d6thie5z097.bin
c:\windows\332bad9warez155.bin
c:\windows\3357viruz4449.cpl
c:\windows\3391steal15z1.ocx
c:\windows\342dsteaz97815.cpl
c:\windows\347espy5zre9215.exe
c:\windows\3489noz-a-viru94715.bin
c:\windows\3539backdozr9940.dll
c:\windows\353z59y501.ocx
c:\windows\3559addwarz1890.dll
c:\windows\35e3downloz9er1825.exe
c:\windows\36559pamboz58a.dll
c:\windows\366zroj659.cpl
c:\windows\3904th9eat253z6.ocx
c:\windows\3932w5rmz62.ocx
c:\windows\3ac3spy9are3z58.ocx
c:\windows\3c15zack9oor1793.exe
c:\windows\3cedzdd9ar5458.cpl
c:\windows\3d1dspa9ze1854.exe
c:\windows\3d95addwaze9305.exe
c:\windows\3ec9d5warez564.ocx
c:\windows\3z3fbackdo9r1576.exe
c:\windows\406cszar9e5075.ocx
c:\windows\4103s9z55f.exe
c:\windows\42zadd9ar51627.cpl
c:\windows\42zwo5m6b29.dll
c:\windows\448et9iez495.dll
c:\windows\4589szeal953.bin
c:\windows\459dspywa5e29z0.exe
c:\windows\459zvi53250.ocx
c:\windows\45z4worm3959.bin
c:\windows\4662not-9-virzs5a.bin
c:\windows\469threaz5251.bin
c:\windows\46z85ddw9re790.exe
c:\windows\4719download5r29z6.cpl
c:\windows\4750vir5399z.ocx
c:\windows\4996vi5z39.bin
c:\windows\49daste5l17z6.bin
c:\windows\49z3ad59are1638.ocx
c:\windows\49z8s9yware519.cpl
c:\windows\4a3dt5reat494z.cpl
c:\windows\4b0z5yware32589.cpl
c:\windows\4b52downlo9d5rz376.ocx
c:\windows\4be4t5reat7z09.exe
c:\windows\4bed5ackdo9z1469.dll
c:\windows\4c1ethr9at5066z.cpl
c:\windows\4c985tealz9.cpl
c:\windows\4cffthrea91537z.exe
c:\windows\4e09stzal1395.exe
c:\windows\4ezcdo9n5oader2223.cpl
c:\windows\4f96downloaz9r10555.ocx
c:\windows\4fabzt5al1918.dll
c:\windows\4z03thief9531.dll
c:\windows\4zcet9reat2570.cpl
c:\windows\4zd2sparse9559.exe
c:\windows\50fzvir2592.cpl
c:\windows\5104thzef10219.cpl
c:\windows\5114spzw5re5139.bin
c:\windows\51291zpambot586.exe
c:\windows\52244no9-a-virus3z8.ocx
c:\windows\52bz9hief5199.dll
c:\windows\5351spy49z9.bin
c:\windows\535espyware29z4.ocx
c:\windows\54146noz-9-virus776.exe
c:\windows\5419z5y9c.ocx
c:\windows\545ethrzat79379.dll
c:\windows\5592thief258z.ocx
c:\windows\5593z9yware1530.ocx
c:\windows\559zdown5o9der165.exe
c:\windows\55ebazkdo9r345.bin
c:\windows\55f5d5wnloader279z.exe
c:\windows\55f9spzware2618.ocx
c:\windows\56361z9oj327.exe
c:\windows\5651thre9z660.bin
c:\windows\56f5s95alz43.cpl
c:\windows\57435ot-a-v9rus472z.ocx
c:\windows\577719ozm572.bin
c:\windows\57z0thief5699.exe
c:\windows\5800tro5zc19.bin
c:\windows\5808virus179z.dll
c:\windows\58195wnloader158z.exe
c:\windows\58493worz24b.exe
c:\windows\58z95virus149.exe
c:\windows\58z9teal2112.ocx
c:\windows\5904zackt59l27b.exe
c:\windows\59279spy69z.exe
c:\windows\592wzr525c.dll
c:\windows\59345owzloader22579.dll
c:\windows\599z9worm5ae9.exe
c:\windows\59eeaddw9re2203z.bin
c:\windows\5a5as9yware635z.cpl
c:\windows\5abdzteal91765.dll
c:\windows\5af29ir27z5.exe
c:\windows\5b35backzoor2590.cpl
c:\windows\5c1ethief238z9.ocx
c:\windows\5cbezpywar53993.exe
c:\windows\5d3dsparse198z.bin
c:\windows\5d59sparse255z.dll
c:\windows\5d81tzreat57149.exe
c:\windows\5dzb9parse1652.ocx
c:\windows\5e51backdzo9750.exe
c:\windows\5ea75ackdoo9z545.cpl
c:\windows\5ed4zhief15629.ocx
c:\windows\5f91v9z5772.dll
c:\windows\5fcz9ir2192.exe
c:\windows\5fz4spyw9re2411.bin
c:\windows\5zc3vir3994.exe
c:\windows\5zca9dware1891.bin
c:\windows\5zf85te9l1866.exe
c:\windows\6399vir5s39az.ocx
c:\windows\63a6down5oa9er1z57.bin
c:\windows\63d9zhr5at10599.cpl
c:\windows\655fzhre9t12336.bin
c:\windows\65d19pars5z260.exe
c:\windows\65z6t9reat390.dll
c:\windows\6692z5am9ot4ed.cpl
c:\windows\6739viruz6a5.bin
c:\windows\6795addware115z.bin
c:\windows\6858virz3895.dll
c:\windows\68z7no5-a-viru94b5.cpl
c:\windows\6925szar9e2530.bin
c:\windows\692as5ywzre1449.dll
c:\windows\69595pzmbotf4.bin
c:\windows\695fspywa9e114z.ocx
c:\windows\698adownloadzr5595.cpl
c:\windows\6a7dzownl5ade91436.bin
c:\windows\6af0add5zr92601.dll
c:\windows\6c965parse5z2.cpl
c:\windows\6cb7sz9ware5.exe
c:\windows\6dadtzreat45359.bin
c:\windows\6efza5dware9777.dll
c:\windows\6f8zd5wnloader16139.bin
c:\windows\6z69s5eal3095.bin
c:\windows\6za4backdoo57039.ocx
c:\windows\7017addw9re5513z.exe
c:\windows\705zvir2094.cpl
c:\windows\7075trojz9.ocx
c:\windows\72d1doz95oader1255.dll
c:\windows\7387no9-a-vir5s7z9.cpl
c:\windows\738zthi5f20019.ocx
c:\windows\73a9spywarz1059.ocx
c:\windows\744z5ro9602.cpl
c:\windows\749zt9reat1563.exe
c:\windows\7542ba5kdo9z449.bin
c:\windows\7569spyz9re2896.dll
c:\windows\75casp95sez06.dll
c:\windows\7659spy95bz.exe
c:\windows\7993st5alz274.exe
c:\windows\7b9t5zef655.ocx
c:\windows\7c5bad9warz2759.ocx
c:\windows\7c965pyware9076z.dll
c:\windows\7f28a5dwa9e2z66.dll
c:\windows\7z4cspar9e5812.dll
c:\windows\83735ot-a-virus98az.ocx
c:\windows\83789zrus25e.dll
c:\windows\84395roz7e0.ocx
c:\windows\8542trojz49.ocx
c:\windows\8870hackzoo5719.exe
c:\windows\90059zj20a.ocx
c:\windows\90dzad5ware1916.dll
c:\windows\916535acktooz2e0.dll
c:\windows\9179znot-5-virus88.dll
c:\windows\919135rojz82.bin
c:\windows\91z45worm2415.exe
c:\windows\92559pyze5.ocx
c:\windows\92719spy55z.bin
c:\windows\9339zworm67f5.ocx
c:\windows\95012spambotzbf5.dll
c:\windows\95598spy48dz.ocx
c:\windows\9585vi5us3z29.cpl
c:\windows\95950virusfz.exe
c:\windows\9595zworm675.exe
c:\windows\95e7szarse1327.exe
c:\windows\95z00tro5568.ocx
c:\windows\95z9troj555.cpl
c:\windows\962z75py41f.exe
c:\windows\9695hackzoo51a3.dll
c:\windows\9754zorm5f8.dll
c:\windows\980downloadez2556.bin
c:\windows\98998vizus7aa5.exe
c:\windows\9927spam5ot13z.dll
c:\windows\9939s5ambztc1.exe
c:\windows\99589zrus357.exe
c:\windows\995zvir2243.cpl
c:\windows\9d4zpar5e1226.dll
c:\windows\9dcedowzlo5der948.bin
c:\windows\9de5zir53.cpl
c:\windows\9dz5v5r1407.exe
c:\windows\9ea5vir1937z.exe
c:\windows\9edavz53079.cpl
c:\windows\9z354not-a-vir5s1c9.cpl
c:\windows\b59threzt22030.dll
c:\windows\d2cazdw95e3238.cpl
c:\windows\d3spzware57379.exe
c:\windows\IE4 Error Log.txt
c:\windows\msa.exe

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 4:42 pm

more_horiz
c:\windows\system32\11670vzrus5589.bin
c:\windows\system32\119zspywar5690.ocx
c:\windows\system32\124z45ac9tool45c.ocx
c:\windows\system32\12551wo9mz44.dll
c:\windows\system32\12584tz9j65.bin
c:\windows\system32\12935worz4d5.dll
c:\windows\system32\13699hacktool590z.ocx
c:\windows\system32\13e6b5czdoo9128.cpl
c:\windows\system32\14189no9-a-5irus7bdz.dll
c:\windows\system32\1419hackto5l57az.dll
c:\windows\system32\145zd9wnloader2295.dll
c:\windows\system32\14913sp596z.dll
c:\windows\system32\14978ha5ktozl515.bin
c:\windows\system32\1519w9zm255.cpl
c:\windows\system32\152659acztool6e2.dll
c:\windows\system32\153athreaz985.cpl
c:\windows\system32\15524szambot590.exe
c:\windows\system32\1555z9orm410.bin
c:\windows\system32\15572vi5us6z9.cpl
c:\windows\system32\155899acktoolzb2.cpl
c:\windows\system32\1595baczdoor2462.dll
c:\windows\system32\1595zvirus5ce.cpl
c:\windows\system32\1597zh9cktool1d0.cpl
c:\windows\system32\1599zpyware1929.bin
c:\windows\system32\15bazdware23539.cpl
c:\windows\system32\1613zspambot99a5.cpl
c:\windows\system32\162z5not-a-virus639.bin
c:\windows\system32\16305worz7985.cpl
c:\windows\system32\16527h5c9tool9bz.dll
c:\windows\system32\16821hacktozl955.cpl
c:\windows\system32\16967tz5j520.ocx
c:\windows\system32\16968not-a-5irzs86.cpl
c:\windows\system32\16979zambot50c.exe
c:\windows\system32\16989hacktool33z5.dll
c:\windows\system32\171z959rm173.exe
c:\windows\system32\17299nzt-a5v9rus66f.ocx
c:\windows\system32\17695ha5ktoolz9f.exe
c:\windows\system32\17zfth5ef26959.bin
c:\windows\system32\180759izus559.exe
c:\windows\system32\1808ba5kdzor1090.dll
c:\windows\system32\1836zs9amb5t7b7.cpl
c:\windows\system32\19260vi5zs7e9.exe
c:\windows\system32\194759r5j4z6.ocx
c:\windows\system32\19634s9y7z5.bin
c:\windows\system32\19812zacktool575.exe
c:\windows\system32\19920trz95c1.ocx
c:\windows\system32\19z075pa9bot7c.exe
c:\windows\system32\1a775zr10399.exe
c:\windows\system32\1az15ackdoor2988.cpl
c:\windows\system32\1cd4zddw9re2556.exe
c:\windows\system32\1d59spyware1924z.bin
c:\windows\system32\1e325ackdo9rz260.bin
c:\windows\system32\1f55sparse162z9.dll
c:\windows\system32\1z345h9cktool52d.bin
c:\windows\system32\1z353sp9747.dll
c:\windows\system32\1z548troj4d9.ocx
c:\windows\system32\1z890v5rus994.cpl
c:\windows\system32\1z9asparse2965.cpl
c:\windows\system32\20564s5z4ef9.dll
c:\windows\system32\20695virus9z45.bin
c:\windows\system32\2069ownloa5erz981.cpl
c:\windows\system32\20z42tr596c5.dll
c:\windows\system32\20z57s955dc.ocx
c:\windows\system32\20z68spam5ot2c9.dll
c:\windows\system32\21345h9ef1z.exe
c:\windows\system32\21809not9a5zirus79a.exe
c:\windows\system32\2251z9ot-a-virus255.exe
c:\windows\system32\22534tz9555.cpl
c:\windows\system32\22566wor95c1z.ocx
c:\windows\system32\229bazkd5or3232.dll
c:\windows\system32\22z7spywar93256.bin
c:\windows\system32\23006vir95z0b.bin
c:\windows\system32\238z05roj39b.ocx
c:\windows\system32\23z06spam9ot552.exe
c:\windows\system32\2466zt9oj195.exe
c:\windows\system32\24894vzru5793.exe
c:\windows\system32\24z745o9m514.dll
c:\windows\system32\24zcvir24529.dll
c:\windows\system32\25403not-a-v9rzsff.cpl
c:\windows\system32\25681wormz7b9.bin
c:\windows\system32\25715vzrus759.cpl
c:\windows\system32\25839spyz91.exe
c:\windows\system32\2599zte5l1463.exe
c:\windows\system32\25d9spywarz1925.cpl
c:\windows\system32\267z5not9a5virus5f5.ocx
c:\windows\system32\27600spy359z.cpl
c:\windows\system32\27693spyz15.bin
c:\windows\system32\27984tr9j75z.exe
c:\windows\system32\280b9pyware153z5.bin
c:\windows\system32\28321hacktz95597.ocx
c:\windows\system32\2853szy9b5.ocx
c:\windows\system32\28558trojz79.bin
c:\windows\system32\28589pzmbotfb.ocx
c:\windows\system32\285z9not-a-vi9u5403.cpl
c:\windows\system32\28870ha5k9oolz7d.exe
c:\windows\system32\2887zno9-a-vir5s5a7.ocx
c:\windows\system32\28885szambot988.dll
c:\windows\system32\2888995cktool4ez.bin
c:\windows\system32\28a0s9arze1605.dll
c:\windows\system32\28z51hackto9l279.bin
c:\windows\system32\2900thr9a5472z.bin
c:\windows\system32\2907zspambot55a.exe
c:\windows\system32\2915add5are1152z.exe
c:\windows\system32\291adzware22925.dll
c:\windows\system32\29259szy555.dll
c:\windows\system32\29268t5ojfz.ocx
c:\windows\system32\29401not-a-virus359z.exe
c:\windows\system32\29529troz581.exe
c:\windows\system32\29569vi5uz14a.bin
c:\windows\system32\29z2sp5mbot544.cpl
c:\windows\system32\2ac0backzoor8959.ocx
c:\windows\system32\2d1aste951391z.ocx
c:\windows\system32\2dcfb59kzoor480.cpl
c:\windows\system32\2e3ezpar5e9106.exe
c:\windows\system32\2eaf5zeal28599.bin
c:\windows\system32\2z189no9-a-vir5s531.exe
c:\windows\system32\2z758troj29a.ocx
c:\windows\system32\2z957v5rus53f.exe
c:\windows\system32\2zb0th9eat20375.dll
c:\windows\system32\3067zwo9m556.ocx
c:\windows\system32\30z129irus5c.exe
c:\windows\system32\30z92s95259.exe
c:\windows\system32\312z4spambo9250.exe
c:\windows\system32\31441wozm549.bin
c:\windows\system32\31529orm28z.cpl
c:\windows\system32\31584not5a-v9rzs5b1.cpl
c:\windows\system32\3159zvirus5d59.cpl
c:\windows\system32\31959vzrus58d.cpl
c:\windows\system32\321e59dware115z.cpl
c:\windows\system32\322z25roj7b99.bin
c:\windows\system32\32474wozm93c5.cpl
c:\windows\system32\327et9z5f1097.cpl
c:\windows\system32\3294sparsz52329.cpl
c:\windows\system32\3357spa9boz2a4.ocx
c:\windows\system32\33b1st59l1605z.dll
c:\windows\system32\3437not-a9zir5s7da.exe
c:\windows\system32\3459threaz225885.dll
c:\windows\system32\350vir146z9.dll
c:\windows\system32\3525z9r364.bin
c:\windows\system32\369bzi5186.ocx
c:\windows\system32\381zspywar91532.dll
c:\windows\system32\3869t5oj4zd.bin
c:\windows\system32\39399z5m19a.exe
c:\windows\system32\39923hac5tool2z.cpl
c:\windows\system32\3a20addware97z55.exe
c:\windows\system32\3ba0thz591688.bin
c:\windows\system32\3d0zvir1599.cpl
c:\windows\system32\3d45a9dw5re125z.ocx
c:\windows\system32\3e2zs5yware18999.cpl
c:\windows\system32\3f6z5h9eat1651.bin
c:\windows\system32\3f97spar5e83z.exe
c:\windows\system32\3z591virus17d9.dll
c:\windows\system32\3z599t9oj5b4.exe
c:\windows\system32\3zb395arse1604.exe
c:\windows\system32\403eba5kdooz1699.exe
c:\windows\system32\425dz9arse1320.exe
c:\windows\system32\42z95ownloader1543.cpl
c:\windows\system32\439d9ackdozr2558.bin
c:\windows\system32\44445hi9fz5.bin
c:\windows\system32\4518wor935z.cpl
c:\windows\system32\4596zir2010.cpl
c:\windows\system32\45f5addware29z3.cpl
c:\windows\system32\4696bacz5oor1202.ocx
c:\windows\system32\4755vir3938z.ocx
c:\windows\system32\4909spa5sez516.bin
c:\windows\system32\4a9f5azkdoor1868.exe
c:\windows\system32\4afzt5ief10129.cpl
c:\windows\system32\4b4dspyw5rz955.exe
c:\windows\system32\4b65addwa5e1098z.bin
c:\windows\system32\4c4zteal16539.ocx
c:\windows\system32\4c89spywarz27935.bin
c:\windows\system32\4cafzpyware24509.bin
c:\windows\system32\4e5b9parse2586z.bin
c:\windows\system32\4fb9thzef1582.bin
c:\windows\system32\4z50v59us255.cpl
c:\windows\system32\4z6edownlo9der3625.exe
c:\windows\system32\4z93not-a-v5rus64a.bin
c:\windows\system32\4z99spy5d4.ocx
c:\windows\system32\5021zwor92c4.dll
c:\windows\system32\5053wzrm99d.exe
c:\windows\system32\50670zackto9l12.dll
c:\windows\system32\5100dow9z5ader1271.dll
c:\windows\system32\5155v9r318z.exe
c:\windows\system32\51869haczt9ol55f.dll
c:\windows\system32\51a9szeal1527.cpl
c:\windows\system32\5209zackdoo52876.dll
c:\windows\system32\529zaddwa5e2064.cpl
c:\windows\system32\53045zdwar9594.exe
c:\windows\system32\53545pywaz91043.ocx
c:\windows\system32\535cadzwar924.dll
c:\windows\system32\5360threat297z59.ocx
c:\windows\system32\5369stzal2998.ocx
c:\windows\system32\536dstz592505.cpl
c:\windows\system32\53716notza-vir9s5e9.dll
c:\windows\system32\53z0bac5door799.dll
c:\windows\system32\53zab5ckdo9r2455.cpl
c:\windows\system32\540b5te9l8z8.ocx
c:\windows\system32\54224virus94z.ocx
c:\windows\system32\542edow9zoader18965.exe
c:\windows\system32\549szy475.dll
c:\windows\system32\55099vz9us49d.bin
c:\windows\system32\5509st9alz296.exe
c:\windows\system32\5566zvirus9c1.bin
c:\windows\system32\5569threat3749z.ocx
c:\windows\system32\557z59dware2715.ocx
c:\windows\system32\55f5addwz9e959.ocx
c:\windows\system32\55z09tro91d6.ocx
c:\windows\system32\5600zpy169.ocx
c:\windows\system32\56107z9oj505.dll
c:\windows\system32\564ethi5f1z29.cpl
c:\windows\system32\5663w59m1fz.exe
c:\windows\system32\56931hacktool5bz.exe
c:\windows\system32\569d9ownz5ader91.dll
c:\windows\system32\56bzv5r9534.exe
c:\windows\system32\56e2st9az1598.bin
c:\windows\system32\57958spy5fz.bin
c:\windows\system32\579backdo5r131z9.cpl
c:\windows\system32\58369orz1d4.dll
c:\windows\system32\583ethrzat93341.dll
c:\windows\system32\5854bac9zoor2888.cpl
c:\windows\system32\58ez9ownloader7305.ocx
c:\windows\system32\58f0tzief3951.dll
c:\windows\system32\5906n9t-z-5irus1d8.exe
c:\windows\system32\59206s9z2b.cpl
c:\windows\system32\59532t9oz794.cpl
c:\windows\system32\59595not-a-virus5z4.bin
c:\windows\system32\5995thief544z.bin
c:\windows\system32\59ecsp9rsz5892.bin
c:\windows\system32\5a9zdownlo5der1729.dll
c:\windows\system32\5b5dthrezt549.bin
c:\windows\system32\5ba2vz9597.bin
c:\windows\system32\5c1dbaczdoor1916.dll
c:\windows\system32\5d71addwar5589z.cpl
c:\windows\system32\5dc9zief975.bin
c:\windows\system32\5dzfvir26369.exe
c:\windows\system32\5f09threat4725z.dll
c:\windows\system32\5f95ad5w9re11z5.bin
c:\windows\system32\5fa8backdzo9579.bin
c:\windows\system32\5ff1download5r98z0.exe
c:\windows\system32\5z069pyware1781.exe
c:\windows\system32\5z145pam9ote8.ocx
c:\windows\system32\5z26down9oad5r2723.cpl
c:\windows\system32\5z7dvir1329.dll
c:\windows\system32\5zb35ir2991.dll
c:\windows\system32\6069tzreat238855.exe
c:\windows\system32\6145zparse977.bin
c:\windows\system32\659badd9arz1405.ocx
c:\windows\system32\65abthiz91635.dll
c:\windows\system32\65c3backdooz895.exe
c:\windows\system32\6618ste5l95z9.ocx
c:\windows\system32\6694zpambota95.ocx
c:\windows\system32\67995ot-a-virus4zf.bin
c:\windows\system32\67e4zparse9504.bin
c:\windows\system32\6829back9zor5359.exe
c:\windows\system32\684e9ownloadez5555.cpl
c:\windows\system32\68z0spa5se3219.exe
c:\windows\system32\6965notz5-virus1969.bin
c:\windows\system32\69829pamb5t61z.ocx
c:\windows\system32\6997v5r2209z.cpl
c:\windows\system32\69c4thrzat502709.ocx
c:\windows\system32\69z45acktool260.cpl
c:\windows\system32\6b295pyware89z.ocx
c:\windows\system32\6d71th5eat7z879.cpl
c:\windows\system32\6d88spy5aze390.ocx
c:\windows\system32\6z62hackto5l399.exe
c:\windows\system32\6z89thief19495.bin
c:\windows\system32\7159t5oj2d2z.cpl

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 4:43 pm

more_horiz
c:\windows\system32\7179down5ozde91322.ocx
c:\windows\system32\71e9zddware531.dll
c:\windows\system32\7215a9zwa5e2092.ocx
c:\windows\system32\7242zt5al2619.exe
c:\windows\system32\7247z9t-a-v5rus124.dll
c:\windows\system32\72799py352z.dll
c:\windows\system32\759azp9rse1303.bin
c:\windows\system32\7700sp5war9985z.exe
c:\windows\system32\77z99ir1552.dll
c:\windows\system32\784bbackdozr9528.ocx
c:\windows\system32\7888not-a-vizu53849.exe
c:\windows\system32\790dspars51494z.cpl
c:\windows\system32\7922v9zu56e2.bin
c:\windows\system32\79z29hief2584.exe
c:\windows\system32\7ac5sp95sz2384.dll
c:\windows\system32\7b43spa5s9z965.cpl
c:\windows\system32\7b52s9azse2195.bin
c:\windows\system32\7f5dowzloader25499.cpl
c:\windows\system32\7z0dt9ie511.bin
c:\windows\system32\7z34s5eal23259.cpl
c:\windows\system32\7z5athi9f584.cpl
c:\windows\system32\7zd8add5a9e1457.ocx
c:\windows\system32\87065pamzot91.dll
c:\windows\system32\8939zir5s54a.cpl
c:\windows\system32\900thi5fz826.bin
c:\windows\system32\9056hacktozl65.cpl
c:\windows\system32\90596spazbot3cd.exe
c:\windows\system32\90ztr5j369.ocx
c:\windows\system32\91777w5zm1dd.exe
c:\windows\system32\92223sp569z.bin
c:\windows\system32\92314z5rus209.exe
c:\windows\system32\92z59vi5us529.cpl
c:\windows\system32\94bdown5oa9zr2714.bin
c:\windows\system32\94cad5warez789.cpl
c:\windows\system32\95000not-a-viruszce.dll
c:\windows\system32\959tzreat25701.ocx
c:\windows\system32\95z4vir20995.exe
c:\windows\system32\97579roj405z.exe
c:\windows\system32\97dcs5zrse610.dll
c:\windows\system32\98439vi5usz3f.ocx
c:\windows\system32\98839wo5m35cz.exe
c:\windows\system32\98zspy573.exe
c:\windows\system32\99ct5rzat31838.dll
c:\windows\system32\9ab4virz895.cpl
c:\windows\system32\9bczbackd5or3184.bin
c:\windows\system32\9cc6spzrse5779.cpl
c:\windows\system32\9cz9addware25115.bin
c:\windows\system32\9edzste5l2352.exe
c:\windows\system32\9z11v5r2491.ocx
c:\windows\system32\a91z9i5f154.cpl
c:\windows\system32\b9bsz5rse1598.exe
c:\windows\system32\bz6a5dware1792.cpl
c:\windows\system32\cb8zownload951222.dll
c:\windows\system32\e929t5al7z.exe
c:\windows\system32\f59th9e5tz1419.exe
c:\windows\system32\fc4addwa9e765z.exe
c:\windows\system32\z2145tr9540b.cpl
c:\windows\system32\z2205tro9c9.bin
c:\windows\system32\z2379tr5j5ba.exe
c:\windows\system32\z2596v95us2d2.ocx
c:\windows\system32\z2965teal2069.exe
c:\windows\system32\z2a5threa922380.ocx
c:\windows\system32\z2fethie918025.cpl
c:\windows\system32\z4549r5j24d.bin
c:\windows\system32\z4882viru9115.dll
c:\windows\system32\z5094sp5409.exe
c:\windows\system32\z5579ir630.cpl
c:\windows\system32\z561worm459.ocx
c:\windows\system32\z590s5y269.dll
c:\windows\system32\z591threat24349.ocx
c:\windows\system32\z5924not-a-virusc4.ocx
c:\windows\system32\z5a5ownlo9der2223.cpl
c:\windows\system32\z5f7thie91705.ocx
c:\windows\system32\z6098virus456.cpl
c:\windows\system32\z6741n9t-a-v5rus733.dll
c:\windows\system32\z72e95eal398.exe
c:\windows\system32\z810spyw59e3117.bin
c:\windows\system32\z885spy499.bin
c:\windows\system32\z9256v5rus50e.exe
c:\windows\system32\z94399orm458.cpl
c:\windows\system32\z94755py9e4.exe
c:\windows\system32\z9645hreat324.bin
c:\windows\system32\z97cthief26095.ocx
c:\windows\system32\z9bste9l2595.ocx
c:\windows\system32\z9csp9rs5943.exe
c:\windows\system32\z9d5steal8525.exe
c:\windows\system32\z9desparse865.exe
c:\windows\system32\zaabs9eal1955.exe
c:\windows\system32\ze15thre9t395.cpl
c:\windows\system32\ze70thief3059.bin
c:\windows\system32\zefdsteal2159.cpl
c:\windows\system32\zf68spa59e1456.cpl
c:\windows\system32\zf94a9dware4785.cpl
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\z0247ha59tool203.bin
c:\windows\z0943virus7f5.dll
c:\windows\z11backd5o9200.cpl
c:\windows\z1802hack9ool457.exe
c:\windows\z1809tr5j19f9.cpl
c:\windows\z1a3addwar91525.exe
c:\windows\z2986spy4d95.exe
c:\windows\z298sp59bot2a3.cpl
c:\windows\z318ha9k5ool5ad.exe
c:\windows\z3423troj95e.cpl
c:\windows\z411spar9e2305.bin
c:\windows\z4719hie576.exe
c:\windows\z5349hacktool31.exe
c:\windows\z599spambot732.exe
c:\windows\z5bvir16439.bin
c:\windows\z6434spambot951.exe
c:\windows\z66dt5reat29599.cpl
c:\windows\z75b9ownloader5373.ocx
c:\windows\z95fst9al794.exe
c:\windows\z969sparse1564.ocx
c:\windows\z9ebv5r1093.dll
c:\windows\zcd9ir5381.dll
c:\windows\zce75ddware2699.exe
D:\Autorun.inf
D:\Desktop.ini

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 4:44 pm

more_horiz
.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 04:51 . 2009-06-04 04:51 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-06-04 03:33 . 2009-06-04 03:33 -------- d-----w- c:\program files\Trend Micro
2009-06-02 23:24 . 2009-06-02 23:31 -------- d-----w- c:\program files\VS Revo Group
2009-06-02 04:32 . 2009-06-02 22:09 -------- d-----w- C:\Spyware Cleaner 2009
2009-06-02 03:48 . 2009-06-02 03:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-02 03:22 . 2009-06-02 03:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sammsoft
2009-06-02 03:22 . 2009-06-02 03:22 -------- d-----w- c:\program files\Advanced Registry Optimizer
2009-06-02 02:25 . 2009-06-02 02:23 1164288 ----a-w- c:\windows\system32\tempo-setup2.exe
2009-06-02 02:23 . 2009-06-02 02:23 -------- d-----w- c:\program files\WinBlueSoft Software
2009-06-02 02:22 . 2009-06-02 02:22 -------- d-----w- c:\program files\DivxFree
2009-05-19 21:32 . 2009-05-19 21:32 -------- d-----w- c:\program files\AskSearch
2009-05-18 04:02 . 2009-05-18 04:08 112384 ----a-w- c:\windows\hpoins07.dat
2009-05-18 04:02 . 2005-05-24 06:52 21124 ------w- c:\windows\hpomdl07.dat
2009-05-14 02:42 . 2009-05-14 02:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AT&T
2009-05-14 02:42 . 2009-05-14 02:42 -------- d-----w- c:\program files\AT&T
2009-05-14 02:42 . 2009-05-14 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2009-05-14 02:42 . 2009-06-04 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar
2009-05-14 02:41 . 2009-05-23 04:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ATTToolbar
2009-05-14 02:41 . 2009-05-14 02:41 -------- d-----w- c:\program files\ATTToolbar
2009-05-14 02:41 . 2009-05-14 02:41 -------- d-----w- c:\program files\Yahoo!
2009-05-14 02:39 . 2009-05-14 02:40 -------- d-----w- c:\program files\ATT-SST
2009-05-14 01:59 . 2009-05-14 02:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Motive
2009-05-14 01:58 . 2009-05-14 01:58 -------- d-----w- c:\program files\ATT-HSI
2009-05-14 01:58 . 2009-05-14 03:11 -------- d-----w- c:\program files\Common Files\Motive
2009-05-14 01:56 . 2009-05-14 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 16:30 . 2006-05-14 09:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-27 04:26 . 2006-10-10 04:05 676 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-05-19 21:43 . 2006-10-03 00:10 -------- d-----w- c:\program files\LimeWire
2009-05-15 02:38 . 2009-04-09 01:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-05-14 03:09 . 2006-10-02 21:00 -------- d-----w- c:\program files\AOL Deskbar
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-06 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-14 180269]
"HostManager"="c:\program files\Common Files\AOL\1159822766\ee\AOLSoftware.exe" [2006-09-26 50736]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-02 77312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-5-14 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159822766\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 4:44 pm

more_horiz
--- Other Services/Drivers In Memory ---

*NewlyCreated* - ATWPKT2
*NewlyCreated* - COMHOST
*Deregistered* - ATWPKT2
.
Contents of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-05-30 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-12-30 22:42]

2009-06-01 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-05-14 21:21]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\patttbc.att
Trusted Zone: trymedia.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 11:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2076)
c:\program files\AOL Deskbar\deskbar.dll
c:\program files\Common Files\AOL\AOL Toolbar\AOLHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\AOL\1159822766\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\iTunes\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
.
**************************************************************************
.
Completion time: 2009-06-04 11:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-04 16:38

Pre-Run: 215,560,114,176 bytes free
Post-Run: 216,774,676,480 bytes free

927 --- E O F --- 2009-06-01 08:21

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 4:47 pm

more_horiz
Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\tempo-setup2.exe

Folder::
C:\Spyware Cleaner 2009
c:\program files\WinBlueSoft Software
c:\program files\AskSearch
c:\program files\LimeWire

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-

Domains::


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Help Removing Winbluesoft when antivirus won't work Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Help Removing Winbluesoft when antivirus won't work DXwU4
Help Removing Winbluesoft when antivirus won't work VvYDg

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 5:13 pm

more_horiz
ComboFix 09-06-03.04 - HP_Administrator 06/04/2009 11:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.132 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\windows\system32\tempo-setup2.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\LimeWire
c:\program files\LimeWire\commons-httpclient.jar
c:\program files\LimeWire\GenericWindowsUtils.dll
c:\program files\LimeWire\hs_err_pid3512.log
c:\program files\LimeWire\i18n.jar
c:\program files\LimeWire\id3v2.jar
c:\program files\LimeWire\jl011.jar
c:\program files\LimeWire\LimeWire20.dll
c:\program files\LimeWire\MessagesBundles.jar
c:\program files\LimeWire\mp3sp14.jar
c:\program files\LimeWire\vorbis.jar
c:\program files\LimeWire\WindowsFirewall.dll
c:\program files\LimeWire\WindowsV5PlusUtils.dll
c:\program files\LimeWire\xerces.jar
c:\program files\LimeWire\xml-apis.jar
c:\program files\WinBlueSoft Software
c:\program files\WinBlueSoft Software\WinBlueSoft\data.bin
c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
C:\Spyware Cleaner 2009
c:\spyware cleaner 2009\UP\up.rn
c:\windows\system32\tempo-setup2.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-04 04:51 . 2009-06-04 04:51 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-06-04 03:33 . 2009-06-04 03:33 -------- d-----w- c:\program files\Trend Micro
2009-06-02 23:24 . 2009-06-02 23:31 -------- d-----w- c:\program files\VS Revo Group
2009-06-02 03:48 . 2009-06-02 03:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-02 03:22 . 2009-06-02 03:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sammsoft
2009-06-02 03:22 . 2009-06-02 03:22 -------- d-----w- c:\program files\Advanced Registry Optimizer
2009-06-02 02:22 . 2009-06-02 02:22 -------- d-----w- c:\program files\DivxFree
2009-05-18 04:02 . 2009-05-18 04:08 112384 ----a-w- c:\windows\hpoins07.dat
2009-05-18 04:02 . 2005-05-24 06:52 21124 ------w- c:\windows\hpomdl07.dat
2009-05-14 02:42 . 2009-05-14 02:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AT&T
2009-05-14 02:42 . 2009-05-14 02:42 -------- d-----w- c:\program files\AT&T
2009-05-14 02:42 . 2009-05-14 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2009-05-14 02:42 . 2009-06-04 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar
2009-05-14 02:41 . 2009-05-23 04:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ATTToolbar
2009-05-14 02:41 . 2009-05-14 02:41 -------- d-----w- c:\program files\ATTToolbar
2009-05-14 02:41 . 2009-05-14 02:41 -------- d-----w- c:\program files\Yahoo!
2009-05-14 02:39 . 2009-05-14 02:40 -------- d-----w- c:\program files\ATT-SST
2009-05-14 01:59 . 2009-05-14 02:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Motive
2009-05-14 01:58 . 2009-05-14 01:58 -------- d-----w- c:\program files\ATT-HSI
2009-05-14 01:58 . 2009-05-14 03:11 -------- d-----w- c:\program files\Common Files\Motive
2009-05-14 01:56 . 2009-05-14 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 16:50 . 2006-05-14 09:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-27 04:26 . 2006-10-10 04:05 676 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-05-15 02:38 . 2009-04-09 01:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-05-14 03:09 . 2006-10-02 21:00 -------- d-----w- c:\program files\AOL Deskbar
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-06 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-14 180269]
"HostManager"="c:\program files\Common Files\AOL\1159822766\ee\AOLSoftware.exe" [2006-09-26 50736]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-02 77312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-5-14 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159822766\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 5:13 pm

more_horiz
--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-05-30 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-12-30 22:42]

2009-06-01 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-05-14 21:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 11:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1656)
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\program files\AOL Deskbar\deskbar.dll
c:\program files\Common Files\AOL\AOL Toolbar\AOLHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\AOL\1159822766\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\iTunes\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\hp\KBD\kbd.exe
.
**************************************************************************
.
Completion time: 2009-06-04 12:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-04 17:09
ComboFix2.txt 2009-06-04 16:38

Pre-Run: 216,799,539,200 bytes free
Post-Run: 216,779,063,296 bytes free

224 --- E O F --- 2009-06-01 08:21

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 5:15 pm

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Help Removing Winbluesoft when antivirus won't work CF_Cleanup

This will also reset your restore points.

How is the machine running now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Help Removing Winbluesoft when antivirus won't work DXwU4
Help Removing Winbluesoft when antivirus won't work VvYDg

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 5:24 pm

more_horiz
The machine is running great. You guys are amazing! I will be giving a donation. I thought my computer was GONE. I was getting frustrated because nothing was working. Thank you so much. Also, when my computer was infected, I put a USB flash into my computer to get some music I didn't want to lose. The computer was in Safe Mode when I did so. Do you think I should still use the flash drive or throw it away? thanks

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 5:41 pm

more_horiz
You can still use it, we just need to make sure it's clean.

Please download USBNoRisk to your Desktop and run it by double clicking the program's icon.

  1. Wait a couple of seconds for initial scan to finish.
  2. Connect all of your USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds.
  3. If there are more USB storage devices to scan, please take a note about the order in which these were connected.
  4. After all the devices are scanned, right click in the Monitor tab, and choose "Save log". That will open the log in Notepad. Please copy and paste the log into this thread.
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Help Removing Winbluesoft when antivirus won't work DXwU4
Help Removing Winbluesoft when antivirus won't work VvYDg

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 5:56 pm

more_horiz
Thanks, also is it ok to remove Hijackthis or should I keep it on my desktop?










USBNoRisk 2.4 (1 June 2009) by bobby

Started at 6/4/2009 12:53:48 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {6f3462f6-4c1b-11db-95ac-806d6172696f}
D: {6f3462f7-4c1b-11db-95ac-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 6f3462f6-4c1b-11db-95ac-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 6f3462f7-4c1b-11db-95ac-806d6172696f
----------------------------------------
Desktop.ini found at D:\cmdcons\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[ShellvRTF]
RTFPath="protect.ed"
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll
----------------------------------------
Desktop.ini found at D:\MiniNT\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[ShellvRTF]
RTFPath="protect.ed"
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll
----------------------------------------
Desktop.ini found at D:\PRELOAD\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[ShellvRTF]
RTFPath="protect.ed"
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll
----------------------------------------
Desktop.ini found at D:\I386\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[ShellvRTF]
RTFPath="protect.ed"
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll
----------------------------------------
Desktop.ini found at D:\HP\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[ShellvRTF]
RTFPath="protect.ed"
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll
----------------------------------------
Desktop.ini found at D:\TOOLS\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[ShellvRTF]
RTFPath="protect.ed"
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll
----------------------------------------
Desktop.ini found at D:\RECOVERY\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[ShellvRTF]
RTFPath="protect.ed"
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\WINDOWS\system32\ShellvRTF.dll
----------------------------------------
Desktop.ini found at D:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 6/4/2009 12:54:09 PM

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 6/4/2009 12:54:12 PM

Scanning for connected USB mass storage...
----------------------------------------
K: {60fa02ad-1a8a-11de-96c1-00038a000015}
Added K:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on K:
----------------------------------------
No Autorun.inf files found on K:
No mountpoint found for 60fa02ad-1a8a-11de-96c1-00038a000015
----------------------------------------

No Desktop.ini files found on K:
----------------------------------------

No mimics found on drive K:
========================================



New device connected at 6/4/2009 12:54:13 PM

Scanning for connected USB mass storage...
----------------------------------------

========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on K:
----------------------------------------
No Autorun.inf files found on K:
No mountpoint found for 60fa02ad-1a8a-11de-96c1-00038a000015
----------------------------------------

No Desktop.ini files found on K:
----------------------------------------

No mimics found on drive K:
========================================



New device connected at 6/4/2009 12:54:13 PM

Scanning for connected removable storage...
----------------------------------------

========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on K:
----------------------------------------
No Autorun.inf files found on K:
No mountpoint found for 60fa02ad-1a8a-11de-96c1-00038a000015
----------------------------------------

No Desktop.ini files found on K:
----------------------------------------

No mimics found on drive K:
========================================

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work4th June 2009, 5:59 pm

more_horiz
Hello.
Your external hardware is fine, no autorun files on them.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Help Removing Winbluesoft when antivirus won't work DXwU4
Help Removing Winbluesoft when antivirus won't work VvYDg

descriptionHelp Removing Winbluesoft when antivirus won't work EmptyRe: Help Removing Winbluesoft when antivirus won't work

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum