WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


winbluesoft removal any ideas pleases help...

3 posters

descriptionwinbluesoft removal any ideas pleases help... - Page 1 EmptyRe: winbluesoft removal any ideas pleases help...18th May 2009, 5:19 am

more_horiz
i did that and this was the results

========== SERVICES/DRIVERS ==========
Service\Driver gxvxcserv.sys not found.
Service\Driver gxvxcserv.sys not found.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05182009_151623

descriptionwinbluesoft removal any ideas pleases help... - Page 1 EmptyRe: winbluesoft removal any ideas pleases help...18th May 2009, 1:26 pm

more_horiz

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    winbluesoft removal any ideas pleases help... - Page 1 CF_download_FF

    winbluesoft removal any ideas pleases help... - Page 1 CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    winbluesoft removal any ideas pleases help... - Page 1 Rcauto10

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    winbluesoft removal any ideas pleases help... - Page 1 Whatne10

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
winbluesoft removal any ideas pleases help... - Page 1 DXwU4
winbluesoft removal any ideas pleases help... - Page 1 VvYDg

descriptionwinbluesoft removal any ideas pleases help... - Page 1 Emptypart 124th May 2009, 11:42 am

more_horiz
ComboFix 09-05-23.04 - Ergu 24/05/2009 21:10.1 - NTFSx86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6000.0.1252.61.1033.18.2046.1042 [GMT 10:00]
Running from: c:\users\Ergu\Downloads\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\windows\10697not-a-vir5z5db.exe
c:\windows\10738s9azbot53c.exe
c:\windows\11z22hackt9ol351.cpl
c:\windows\121zst95l252.ocx
c:\windows\12223zp93eb5.exe
c:\windows\12398not5a-zirus1d0.ocx
c:\windows\12580zack9oo5783.exe
c:\windows\12733not-a-ziru5593.ocx
c:\windows\12739spam5zt14e.exe
c:\windows\12935orz6c9.cpl
c:\windows\12a5bac5zoo93025.ocx
c:\windows\13331hac5t9ol698z.dll
c:\windows\13531zroj9aa.cpl
c:\windows\138985iru9z71.cpl
c:\windows\1458zi9573.dll
c:\windows\145vz91951.cpl
c:\windows\14751zr9j1f65.dll
c:\windows\14996sp9mbo5z.bin
c:\windows\150855azktoo92d9.dll
c:\windows\15091zp534e9.dll
c:\windows\150spambo5z819.dll
c:\windows\1548z59rm40.dll
c:\windows\15546spyz1c9.dll
c:\windows\15894not-a-vzrus59e5.bin
c:\windows\15937sp9mbot595z.bin
c:\windows\15z6backdoor28609.dll
c:\windows\16329spa9boz4c5.ocx
c:\windows\16352viz5s6769.dll
c:\windows\164z7spambot495.ocx
c:\windows\16591t5ojze4.exe
c:\windows\16bszeal2592.cpl
c:\windows\1819d5wnlz9der1847.cpl
c:\windows\183439zoj95.bin
c:\windows\1837virzs559.dll
c:\windows\18522spazb5t19c.cpl
c:\windows\18955zot-a-9i5us152.cpl
c:\windows\18971vizus4a5.ocx
c:\windows\190z9not-a-vi9us50c.bin
c:\windows\19177worm5z95.dll
c:\windows\19217s5ycz.ocx
c:\windows\19359virus25dz.exe
c:\windows\19517zacktool6595.exe
c:\windows\1955steal7z9.bin
c:\windows\1971dzwnloader5990.ocx
c:\windows\19744szam5ot2f4.dll
c:\windows\1986zworm435.exe
c:\windows\1991t5rzat27021.dll
c:\windows\19zbdownloader1735.ocx
c:\windows\1a6zspy59re821.exe
c:\windows\1a8ft5rza95719.dll
c:\windows\1bc0a9dwaze1435.cpl
c:\windows\1bcfspywar592z.ocx
c:\windows\1c8ds5ywzre5549.ocx
c:\windows\1d509hre5tz55.bin
c:\windows\1e8bbac5door789z.ocx
c:\windows\1f53backdoz92867.exe
c:\windows\1z859troj14e.exe
c:\windows\202659roz3f6.ocx
c:\windows\20508tr9j45z.cpl
c:\windows\20509w5zm67b.dll
c:\windows\20599spz9d3.ocx
c:\windows\208adzw5re11559.cpl
c:\windows\20a9v5r318z.bin
c:\windows\21118v59us5z2.cpl
c:\windows\21451hacktoz970c.cpl
c:\windows\2153sp9w5rez64.dll
c:\windows\21994spzmbot365.ocx
c:\windows\22089zoj534.exe
c:\windows\22593spa9bot7z.bin
c:\windows\22905pambot4dbz.dll
c:\windows\22950viruszb85.dll
c:\windows\22z9v5r1879.cpl
c:\windows\2359zworm9e6.dll
c:\windows\24058hackzoo9385.ocx
c:\windows\2405wzr946b.bin
c:\windows\24381za5ktool4369.cpl
c:\windows\245z4vir9549c.bin
c:\windows\24z92worm9135.bin
c:\windows\25255spy4z9.cpl
c:\windows\25305sp553z9.bin
c:\windows\25559trz995.dll
c:\windows\25958hacktool395z.dll
c:\windows\25962zpamb9t4e1.dll
c:\windows\2599znot-a-viru59e5.exe
c:\windows\26767vzru956b.exe
c:\windows\2757zworm1915.exe
c:\windows\2796threaz90145.dll
c:\windows\28182vir591zd.exe
c:\windows\2822z95t-a-virus630.exe
c:\windows\28311zackt9ol3a5.bin
c:\windows\28564zpa9bot2e4.exe
c:\windows\2859ackdoor223z.bin
c:\windows\29086zor5599.ocx
c:\windows\29234not-a-vi59s1az.ocx
c:\windows\29247not-a-vi5us12fz.exe
c:\windows\29573worm49az.bin
c:\windows\2959vzr559.dll
c:\windows\295fth9ef50z9.cpl
c:\windows\29857spamboz73e.exe
c:\windows\29985ir1598z.ocx
c:\windows\29995spyzb75.dll
c:\windows\299ath5ef987z.cpl
c:\windows\299fthzeat5159.cpl
c:\windows\29fbaddware18z5.ocx
c:\windows\29z06spy445.cpl
c:\windows\29z36hack5ool32.exe
c:\windows\29z51tr9jfa.ocx
c:\windows\2az4spywa5e2892.cpl
c:\windows\2ccfdoznloader28955.ocx
c:\windows\2d5dthief1903z.cpl
c:\windows\2e859ownzoader2657.bin
c:\windows\2z20w9rm78f5.bin
c:\windows\2z538not-a-vi5u954f.dll
c:\windows\3056zvirus18f9.exe
c:\windows\3091zworm589.exe
c:\windows\3134zs9a5bot533.exe
c:\windows\319z75acktool454.dll
c:\windows\32223wzr9259.ocx
c:\windows\32439virus4z5.bin
c:\windows\3292downlzader15835.cpl
c:\windows\3309zown9oader1557.bin
c:\windows\3325spamboz25e9.cpl
c:\windows\3497zddware19955.bin
c:\windows\3498vi51889z.dll
c:\windows\3557s9y7bz.dll
c:\windows\355bt5i9f22z4.dll
c:\windows\3584zownlo9der2107.dll
c:\windows\35z16vi9us4d3.bin
c:\windows\3639acktool5a1z.exe
c:\windows\3656h9cktool3ze5.exe
c:\windows\3785zir19.dll
c:\windows\3797sp5z9re3083.bin
c:\windows\37z5hacktool2d9.dll
c:\windows\38f2addware595z.dll
c:\windows\39485zarse1240.exe
c:\windows\39bspazse25425.ocx
c:\windows\39f4addzar51282.dll
c:\windows\3bdds9ezl5971.dll
c:\windows\3c5zstea9364.bin
c:\windows\3e9bbaczdoor15675.dll
c:\windows\3f61thzea96593.cpl
c:\windows\3z705sp5mbot569.cpl
c:\windows\3ze4dow9loa5er548.ocx
c:\windows\4159notza-virus487.cpl
c:\windows\4187wo9z5ae5.bin
c:\windows\429ddoznlo5der427.bin
c:\windows\43z9ste5l62.ocx
c:\windows\4409backz9or305.dll
c:\windows\4418s5e9l218z.exe
c:\windows\4475vizus6f9.bin
c:\windows\44z25pambo929a.exe
c:\windows\4518thief299z.exe
c:\windows\451zvi9372.cpl
c:\windows\45fcspy9arez02.exe
c:\windows\45z4threa916151.ocx
c:\windows\47cs9yware7z5.ocx
c:\windows\4958wzr5279.exe
c:\windows\496wo5m7ez.bin
c:\windows\4974s9azbo578a.ocx
c:\windows\4990vzr1665.exe
c:\windows\49badd9are3z55.bin
c:\windows\49bazkdo9r1245.exe
c:\windows\49z1ba5kdoor1936.exe
c:\windows\4c9a5t9al47z.cpl
c:\windows\4ef79ddware51z7.ocx
c:\windows\4f0es95warz2801.bin
c:\windows\4z9fdownloa5er1532.exe

descriptionwinbluesoft removal any ideas pleases help... - Page 1 Emptypart 224th May 2009, 11:45 am

more_horiz
c:\windows\5012dz9nl5ader2689.dll
c:\windows\5080spambo9z95.dll
c:\windows\50f9downloader5z04.dll
c:\windows\5145d9wnloader32z2.ocx
c:\windows\51a29hre5z6842.ocx
c:\windows\528zdownloade9738.cpl
c:\windows\52z89or5629.cpl
c:\windows\52z9spy67b.dll
c:\windows\530spazse1059.exe
c:\windows\5343backdoo9164z.ocx
c:\windows\5396spam5ot7cz.dll
c:\windows\539spambot2e6z.ocx
c:\windows\54194zorm1b5.ocx
c:\windows\547795oj289z.bin
c:\windows\547zvir9463.dll
c:\windows\54a5spyw9rez47.bin
c:\windows\553ath9efz269.cpl
c:\windows\5556sp9zca.exe
c:\windows\5569zpy9are5060.dll
c:\windows\55735spa9bzt139.bin
c:\windows\558zdownl9ader2941.cpl
c:\windows\5595backdoorz749.dll
c:\windows\559zthreat59360.dll
c:\windows\55f9addwaze4595.ocx
c:\windows\5653s9ambotzf3.bin
c:\windows\5657zackdoor2459.bin
c:\windows\56659a5ktool5zb.dll
c:\windows\5723hac9tool53ez.exe
c:\windows\5729bzckdo9r1677.ocx
c:\windows\5794downlo5der1z03.bin
c:\windows\57c5zparse9479.cpl
c:\windows\57zespyware12659.cpl
c:\windows\5839backdoo950z5.exe
c:\windows\58f9zteal1059.bin
c:\windows\59595otza-virus5bb.exe
c:\windows\59cft9izf2202.dll
c:\windows\59zado5nloade92814.exe
c:\windows\5a0zthrea95261.exe
c:\windows\5a97dow9loader29z.bin
c:\windows\5c5zdo5nload9r295.dll
c:\windows\5c79threat217z4.bin
c:\windows\5cd6zdd59re1547.ocx
c:\windows\5e4ztea93027.bin
c:\windows\5z25thie95931.cpl
c:\windows\5z2v9r379.exe
c:\windows\5z569py2e95.ocx
c:\windows\5z5est5al9954.cpl
c:\windows\5z93worm925.exe
c:\windows\5zbcst9al451.dll
c:\windows\6005tzief31579.ocx
c:\windows\6022tr957z8.cpl
c:\windows\6051szarse4895.ocx
c:\windows\617zadd5ar92580.bin
c:\windows\6195spyware2z58.cpl
c:\windows\61a9sp5zare11779.ocx
c:\windows\6256sp9wa5z1491.dll
c:\windows\62c9spy95re1726z.exe
c:\windows\62z5ow9loader2688.ocx
c:\windows\6395ad5wa9e15z3.cpl
c:\windows\63f5vzr2449.ocx
c:\windows\64edazd59re3090.bin
c:\windows\653cst9al1z6.bin
c:\windows\653dv9z2814.bin
c:\windows\654spy5z9.cpl
c:\windows\655et9zef2647.ocx
c:\windows\65abthief95z5.bin
c:\windows\65d5addwzre3195.cpl
c:\windows\6803not9a-vir5zb6.exe
c:\windows\6823viru59z3.ocx
c:\windows\6885szy295.exe
c:\windows\6919noz-a5vir9s2c0.ocx
c:\windows\6934spyzda5.dll
c:\windows\6950hacktool6z4.ocx
c:\windows\6962th5ef1z18.bin
c:\windows\69999ackto5lz4d.bin
c:\windows\69e5spywaze948.ocx
c:\windows\69z1stea52317.ocx
c:\windows\6a52baczdo9r19425.dll
c:\windows\6b17szea52938.bin
c:\windows\6ce15a9kdzor576.exe
c:\windows\6d7bsteal905z.bin
c:\windows\6e74stea92z65.ocx
c:\windows\6f59s5yware19z2.dll
c:\windows\6zae5ir1992.ocx
c:\windows\7035spa5b9t4ze.cpl
c:\windows\709zspar5e649.bin
c:\windows\70d2ad9warz5508.dll
c:\windows\7146spy95re195z.ocx
c:\windows\71dd5teal1z219.dll
c:\windows\753zadd9are497.dll
c:\windows\7564bzc9door1544.exe
c:\windows\7599addwaze119.dll
c:\windows\75a2sparsz2039.cpl
c:\windows\75c3do9nloadz52275.dll
c:\windows\76755dz9are2099.ocx
c:\windows\7796szarse25905.bin
c:\windows\79335oznloader3072.dll
c:\windows\7beddoznloade528319.ocx
c:\windows\7czdth5ef9590.bin
c:\windows\7e5espy95re89z.cpl
c:\windows\7edzhr9at56344.ocx
c:\windows\7f70t9re5t17z97.dll
c:\windows\7z55vir9897.bin
c:\windows\7zbat9ief7465.cpl
c:\windows\852zs5ambot969.cpl
c:\windows\855zworm94c.cpl
c:\windows\85z2hacktool4695.exe
c:\windows\90198spy5a5z.ocx
c:\windows\901add5arez267.dll
c:\windows\9060notza-vi5us4c19.bin
c:\windows\91350spazbot16c.exe
c:\windows\92391zirus9f5.dll
c:\windows\92590spz5bot5b8.exe
c:\windows\92873s5y7z4.exe
c:\windows\9290spazb9t58a5.dll
c:\windows\93089worz29f5.bin
c:\windows\93135spy6z3.ocx
c:\windows\9399tzo93b75.dll
c:\windows\948zspambo54f2.exe
c:\windows\95491nzt-a-virus58f.exe
c:\windows\9555zpy6d9.ocx
c:\windows\9665zviruse3.ocx
c:\windows\96z5b5ckdoor2410.dll
c:\windows\96zspyf25.exe
c:\windows\971dvir5269z.ocx
c:\windows\9746h5c9tooz180.cpl
c:\windows\9781spam5oz4f29.exe
c:\windows\97847spz559.bin
c:\windows\984t5reat98450z.exe
c:\windows\99585not-a-virus6cz.exe
c:\windows\9960troj58z.cpl
c:\windows\9989wor53z.ocx
c:\windows\9bz2v5r3098.ocx
c:\windows\9c3dbackdooz595.cpl
c:\windows\9c9fadd5are1z26.exe
c:\windows\9ed5doznloade51261.exe
c:\windows\9z058virus1a2.cpl
c:\windows\9z658spy652.bin
c:\windows\9z99wo5m5289.cpl
c:\windows\azct9ief527.exe
c:\windows\b899ac5zoor1526.dll
c:\windows\b90szy5are1545.bin
c:\windows\d0fst5zl891.ocx
c:\windows\d61sp9rs5764z.bin
c:\windows\e995pywaze2937.ocx
c:\windows\system32\100495ot-z-virus695.exe
c:\windows\system32\1011s9arse570z.dll
c:\windows\system32\1091sz9ware22295.ocx
c:\windows\system32\10963nzt-a5virus6c1.dll
c:\windows\system32\10977zirus5ca5.cpl
c:\windows\system32\10f6ste95818z.ocx
c:\windows\system32\1105t9zj215.ocx
c:\windows\system32\1114szy9c05.dll
c:\windows\system32\11234not-z59irus6ae.exe
c:\windows\system32\115319pz715.dll
c:\windows\system32\11a0addwa5e9z5.ocx
c:\windows\system32\12258spamzot7159.cpl
c:\windows\system32\12751virus99z.cpl
c:\windows\system32\12978s5zmbot120.exe
c:\windows\system32\1299thiefz350.ocx
c:\windows\system32\129ath5eat52z6.cpl
c:\windows\system32\12az5ir9752.cpl
c:\windows\system32\12c2thre5t119z1.exe
c:\windows\system32\12z9spyw5re2093.exe
c:\windows\system32\13379spy2za5.exe
c:\windows\system32\13414zroj5279.bin
c:\windows\system32\13591hacktozl27c5.exe
c:\windows\system32\1377d5wnzoader2952.ocx
c:\windows\system32\13979noz5a-virus56.cpl
c:\windows\system32\139szea53179.ocx
c:\windows\system32\13fe5hreat1z2159.dll
c:\windows\system32\13z95virus950.bin
c:\windows\system32\1400d5wnlzader369.dll
c:\windows\system32\14139szy10e5.exe
c:\windows\system32\14515zi9us5e0.dll
c:\windows\system32\14952virus3d3z.dll
c:\windows\system32\14959wozm7ac9.cpl
c:\windows\system32\14z65spy2595.dll
c:\windows\system32\1516adz5are9956.bin
c:\windows\system32\15192not-a-virus6z4.exe
c:\windows\system32\15192troj5zd.exe
c:\windows\system32\1523zworm56f9.dll
c:\windows\system32\1541thiez8129.dll
c:\windows\system32\15469wo5z29c9.bin
c:\windows\system32\154s9ealz004.ocx
c:\windows\system32\15552szam9ot362.cpl
c:\windows\system32\15575wo9m7b5z.dll
c:\windows\system32\15805zot-a-viruse9.cpl
c:\windows\system32\16057z5rm5b9.dll
c:\windows\system32\16579spa9zot7cc.bin
c:\windows\system32\16695hacktool70z.exe
c:\windows\system32\1681vi5301z9.bin
c:\windows\system32\16932vz5u9180.bin
c:\windows\system32\17065spamb5z599.bin
c:\windows\system32\17175tz5jc9.cpl
c:\windows\system32\17459worz53.dll
c:\windows\system32\17z50tr9j5b9.exe
c:\windows\system32\180dtz95f160.ocx
c:\windows\system32\182z69i5use9.exe
c:\windows\system32\18562viz9s7985.dll
c:\windows\system32\1856not-a-v9r5z114.dll
c:\windows\system32\1875backd5z9315.dll
c:\windows\system32\1896steaz5500.dll
c:\windows\system32\19185woz915.ocx
c:\windows\system32\195ddownlo9der1z.bin
c:\windows\system32\1aaz5a9kdoor3089.bin
c:\windows\system32\1adsp9r5z369.dll
c:\windows\system32\1b5caddware9z0.cpl
c:\windows\system32\1c4c9ddwar5715z.exe
c:\windows\system32\1d29viz58099.dll
c:\windows\system32\1d9zt5reat31690.exe
c:\windows\system32\1de2addwz9e456.cpl
c:\windows\system32\1z054spambot12b9.ocx
c:\windows\system32\1z264t9o5216.cpl
c:\windows\system32\1z4fs5eal1192.exe
c:\windows\system32\1z5bs9eal809.cpl
c:\windows\system32\1zf5threat129759.dll
c:\windows\system32\2011wozm259.cpl
c:\windows\system32\2034495oj2zc.ocx
c:\windows\system32\20492sp5z09.dll
c:\windows\system32\205troj499z.cpl
c:\windows\system32\20742vir5za9.ocx
c:\windows\system32\20808spa59ot2z8.dll
c:\windows\system32\20a2z5arse2996.bin
c:\windows\system32\21143ha9ktool541z.dll
c:\windows\system32\21299tzoj358.ocx
c:\windows\system32\21z5st5al1979.ocx
c:\windows\system32\22415wzrm99b.bin
c:\windows\system32\22955h9zktool765.exe
c:\windows\system32\237z19pamb5t222.ocx
c:\windows\system32\240a5pywarz2975.dll
c:\windows\system32\24184s9ambzt6d5.bin
c:\windows\system32\24589not-a-zi5us962.cpl
c:\windows\system32\2479z9p5mbot59.bin
c:\windows\system32\247z7vir5s49.dll
c:\windows\system32\248475orz699.ocx
c:\windows\system32\25436hac9tooz11f.ocx
c:\windows\system32\25695hacktool2az.exe
c:\windows\system32\25acbz5k9oor3006.bin
c:\windows\system32\25d9thiefz95.cpl
c:\windows\system32\25efad9warez665.dll
c:\windows\system32\25ezvir9213.bin
c:\windows\system32\25f19zeal996.bin
c:\windows\system32\25z90ha5ktool11.cpl
c:\windows\system32\26054not5a-zi9us38a.ocx
c:\windows\system32\262z4hacktool2195.ocx
c:\windows\system32\2634zhack9ool450.ocx
c:\windows\system32\26395sp5a0z.cpl
c:\windows\system32\26599virusz85.exe
c:\windows\system32\26674tro596z.dll
c:\windows\system32\26879s9am5ot79z.exe
c:\windows\system32\26955ddzare9151.bin
c:\windows\system32\27025tzoj3b9.ocx
c:\windows\system32\270745oz-a-viru9685.dll
c:\windows\system32\275z9worm256.cpl
c:\windows\system32\28285zr398.cpl
c:\windows\system32\28376t5zj509.bin
c:\windows\system32\2854thre5tz3932.exe
c:\windows\system32\28744tro52f9z.dll
c:\windows\system32\28zdba5kdoor24139.exe
c:\windows\system32\290179iru5z4.exe
c:\windows\system32\290zspa5se2907.ocx
c:\windows\system32\29304spazbot4fe5.dll
c:\windows\system32\2953spamboz264.dll
c:\windows\system32\295zvi93274.exe
c:\windows\system32\29856not9a-virus4d1z.cpl
c:\windows\system32\29c35azk9oor3000.dll
c:\windows\system32\29dzsparse3165.bin
c:\windows\system32\2a9cthreaz56025.bin
c:\windows\system32\2a9ezir575.ocx
c:\windows\system32\2abfszy9are543.exe
c:\windows\system32\2b35ackdooz17859.ocx
c:\windows\system32\2c6thr5a910z92.cpl
c:\windows\system32\2d5fd9wnl5adez754.ocx
c:\windows\system32\2da2spywzr523949.cpl
c:\windows\system32\2dc1azdw59e2571.dll
c:\windows\system32\2de9stea9355z.exe
c:\windows\system32\2e4b5hief2079z.bin
c:\windows\system32\2f4fthie915z4.cpl
c:\windows\system32\2f9czownload5r89.bin
c:\windows\system32\2z504t5oj389.cpl
c:\windows\system32\2z526vir5s291.bin
c:\windows\system32\2z7do5nloader5309.exe
c:\windows\system32\2z8655py197.bin
c:\windows\system32\2z923viru5a9.dll
c:\windows\system32\2z997spam5ot689.cpl
c:\windows\system32\2z9edownloader3054.exe
c:\windows\system32\301715z9mbote5.ocx
c:\windows\system32\30915wo9z13.ocx
c:\windows\system32\3113zac59oor3062.exe
c:\windows\system32\31155troj93z.cpl
c:\windows\system32\3122095zmbot2a1.ocx
c:\windows\system32\31379sp5mboz7bc.dll
c:\windows\system32\31506zp9m5ot4a0.exe
c:\windows\system32\3163addwaze509.ocx
c:\windows\system32\31783hacztool295.exe
c:\windows\system32\31905spambzt3b9.exe
c:\windows\system32\31959hacztool8b.exe
c:\windows\system32\319895orm789z.cpl
c:\windows\system32\31z089ot-a-virus5a0.cpl
c:\windows\system32\32635vzru5698.ocx
c:\windows\system32\32e65tea9z9.cpl
c:\windows\system32\32z95w9rm588.ocx
c:\windows\system32\3493thief58z0.bin
c:\windows\system32\34b5zief9078.exe
c:\windows\system32\3507dzwn9oade53093.ocx
c:\windows\system32\3554zackt5o920d.cpl
c:\windows\system32\3559thzeat91698.exe
c:\windows\system32\35699spz1b6.cpl
c:\windows\system32\3570thzeat19375.ocx
c:\windows\system32\3575bzckd9or404.exe
c:\windows\system32\35c5spyzar91874.dll
c:\windows\system32\3708sp5wzr91597.exe
c:\windows\system32\38cbbac5door964z.exe
c:\windows\system32\39495rmz41.dll
c:\windows\system32\3981threa52z401.bin
c:\windows\system32\39dzst9a53163.exe
c:\windows\system32\3b75zackdoor5296.cpl
c:\windows\system32\3c9d5azkdo9r578.cpl
c:\windows\system32\3ce5vir7z9.cpl
c:\windows\system32\3db5viz10729.ocx
c:\windows\system32\3ece5ddwarez496.exe
c:\windows\system32\3f90addware5z8.ocx
c:\windows\system32\3za5addwa5e139.cpl
c:\windows\system32\3zf6backdoo95464.dll
c:\windows\system32\4019haz5tool939.cpl
c:\windows\system32\425caddwar92z25.ocx
c:\windows\system32\4330hzc5tool4cd9.bin
c:\windows\system32\435zdownloader209.dll
c:\windows\system32\4385acz9oor2602.cpl
c:\windows\system32\44davi5z769.cpl
c:\windows\system32\453zs5y339.bin
c:\windows\system32\4543baz59oor785.ocx
c:\windows\system32\4545t9reat1755z.ocx
c:\windows\system32\458bb5ckdooz2989.ocx
c:\windows\system32\4593wozm104.exe
c:\windows\system32\459ethief9485z.exe
c:\windows\system32\459zth5eat28034.ocx
c:\windows\system32\45c9addzare9972.bin
c:\windows\system32\45ddsp9warz3244.ocx
c:\windows\system32\46abzck5oo92361.cpl
c:\windows\system32\46zdthrea59493.exe
c:\windows\system32\47445zrus59.cpl
c:\windows\system32\479ba9kzoor1531.bin
c:\windows\system32\47b59ddware54z.dll
c:\windows\system32\48759pzmbote3.dll
c:\windows\system32\4938s9ambot5z5.ocx
c:\windows\system32\495c5ackdoor2701z.bin
c:\windows\system32\4af3szyw9r51989.dll
c:\windows\system32\4f1db5ckzoor1669.dll
c:\windows\system32\4z99thief155.ocx

descriptionwinbluesoft removal any ideas pleases help... - Page 1 EmptyRe: winbluesoft removal any ideas pleases help...24th May 2009, 11:45 am

more_horiz
c:\windows\system32\5007z95rse1599.exe
c:\windows\system32\50749zrm2b7.dll
c:\windows\system32\5097b5zkdoor469.dll
c:\windows\system32\50e5ba9kdoor462z.exe
c:\windows\system32\51066hacktoo9z8.bin
c:\windows\system32\51517sp94z.cpl
c:\windows\system32\5275zhreat19350.dll
c:\windows\system32\53595not-a-v9rzsdb.ocx
c:\windows\system32\53897wzrm430.bin
c:\windows\system32\53919worz70b.cpl
c:\windows\system32\55572troj3z59.cpl
c:\windows\system32\557dthzef9332.bin
c:\windows\system32\55azdd5are9840.bin
c:\windows\system32\55ecdownlo5der3009z.ocx
c:\windows\system32\5622stez91524.dll
c:\windows\system32\5697spambzt9a9.ocx
c:\windows\system32\56d9s5a9ze76.cpl
c:\windows\system32\5749stz9l3053.exe
c:\windows\system32\57597zirus6a5.dll
c:\windows\system32\576azi929955.cpl
c:\windows\system32\576zthre9t18284.bin
c:\windows\system32\58833hzckt9ol557.bin
c:\windows\system32\59545zy6d4.ocx
c:\windows\system32\595fzparse1667.cpl
c:\windows\system32\5976zir745.bin
c:\windows\system32\597bspa9sz3045.ocx
c:\windows\system32\5996sparse3194z.ocx
c:\windows\system32\59a0down9zader2215.exe
c:\windows\system32\59c3st5al1z07.exe
c:\windows\system32\59f85ackdoor110z.exe
c:\windows\system32\5a56st9al102z5.cpl
c:\windows\system32\5a5z5ir18919.exe
c:\windows\system32\5a65s9arsz3005.bin
c:\windows\system32\5b5zth9eat18430.cpl
c:\windows\system32\5bf6stea9984z.bin
c:\windows\system32\5c98addwaze59.ocx
c:\windows\system32\5d01zpy9are26805.cpl
c:\windows\system32\5d2e9teal21z.ocx
c:\windows\system32\5d95z5reat29971.dll
c:\windows\system32\5dd5threat10191z.dll
c:\windows\system32\5dfesteal1z49.exe
c:\windows\system32\5e17d5wz9oader2825.cpl
c:\windows\system32\5e19vir5z69.exe
c:\windows\system32\5e5evi93z58.bin
c:\windows\system32\5f07b9ckdzor358.exe
c:\windows\system32\5f38thi5f19z9.cpl
c:\windows\system32\5feevz5905.ocx
c:\windows\system32\5z109spy609.ocx
c:\windows\system32\5z4199roj245.bin
c:\windows\system32\5zc9steal9655.exe
c:\windows\system32\6029spazbo52e4.bin
c:\windows\system32\6070z5dw9re2489.cpl
c:\windows\system32\6155doznloader690.ocx
c:\windows\system32\62aste9l265z5.ocx
c:\windows\system32\6385addw9re1254z.cpl
c:\windows\system32\6452thiefz5929.cpl
c:\windows\system32\64989zeal24345.ocx
c:\windows\system32\6542spy945z.bin
c:\windows\system32\659z9i5339.exe
c:\windows\system32\668zdo5nload9r1198.cpl
c:\windows\system32\671ztroj954.bin
c:\windows\system32\67a7steal98z5.dll
c:\windows\system32\68d395wzloader1897.dll
c:\windows\system32\694dbaczdoor18365.cpl
c:\windows\system32\6993spyware5z75.ocx
c:\windows\system32\6a31szeal5599.dll
c:\windows\system32\6a9add5are199z.bin
c:\windows\system32\6acbackzo9r28975.bin
c:\windows\system32\6bfvi591z.ocx
c:\windows\system32\6c4zspa9se2350.exe
c:\windows\system32\6d34t9izf1225.ocx
c:\windows\system32\6d81spywaze15159.cpl
c:\windows\system32\6z09backdo5r9291.bin
c:\windows\system32\6z9athre9t50962.bin
c:\windows\system32\7055thie914z9.ocx
c:\windows\system32\707cspars5z089.exe
c:\windows\system32\70dbbzc9door5135.dll
c:\windows\system32\7135vizu5494.exe
c:\windows\system32\7201spzr9e1957.cpl
c:\windows\system32\72bb5p9waze1491.ocx
c:\windows\system32\72c9vir54z9.dll
c:\windows\system32\7456szeal1998.cpl
c:\windows\system32\74b1spa9se6z05.ocx
c:\windows\system32\7565hackz9ol645.dll
c:\windows\system32\7565hief205z9.exe
c:\windows\system32\757azhreat91326.exe
c:\windows\system32\7587t9reat715z.dll
c:\windows\system32\7597stea95286z.cpl
c:\windows\system32\75c5vir300z9.exe
c:\windows\system32\75z5do9nloader881.dll
c:\windows\system32\7648vi52z90.dll
c:\windows\system32\76b49pars51258z.dll
c:\windows\system32\779vizu526e.cpl
c:\windows\system32\791d5ir578z.exe
c:\windows\system32\7937not-z-v5rus209.exe
c:\windows\system32\7955vzrus319.dll
c:\windows\system32\79765ddwzre1146.dll
c:\windows\system32\7995steaz2555.cpl
c:\windows\system32\799th5zat24292.ocx
c:\windows\system32\79z95ormb3.cpl
c:\windows\system32\7a51addwaze2951.exe
c:\windows\system32\7c9zst5al1591.cpl
c:\windows\system32\7dc9thr5at409z.bin
c:\windows\system32\7e99szar5e2432.exe
c:\windows\system32\7f41dozn5oader2079.cpl
c:\windows\system32\7fedad9wzr51706.ocx
c:\windows\system32\80215azktool479.bin
c:\windows\system32\8263t5zj97a.ocx
c:\windows\system32\85c9ir337z.cpl
c:\windows\system32\8758spazbot69a9.exe
c:\windows\system32\8959noz9a-virus31d.dll
c:\windows\system32\917835acktooz2b8.cpl
c:\windows\system32\92393zr5j559.dll
c:\windows\system32\9252tro915z.bin
c:\windows\system32\927265acktool647z.ocx
c:\windows\system32\93596troj3z05.dll
c:\windows\system32\93b6szeal5552.dll
c:\windows\system32\9415not-a-vizus569.exe
c:\windows\system32\94569spamzot779.bin
c:\windows\system32\94z9sp5mbot3c2.exe
c:\windows\system32\9505zspambot2a.exe
c:\windows\system32\95a2zparse3229.dll
c:\windows\system32\95a5vzr1207.cpl
c:\windows\system32\9650zspambot520.exe
c:\windows\system32\96549spa5botz2a.dll
c:\windows\system32\9839tz5j269.bin
c:\windows\system32\994z5troj18e.exe
c:\windows\system32\99eevir5768z.ocx
c:\windows\system32\9f5cstzal2721.bin
c:\windows\system32\9ff5zir1642.bin
c:\windows\system32\9fz5thief75.dll
c:\windows\system32\a4thrz5t159389.cpl
c:\windows\system32\ad5st9zl2597.dll
c:\windows\system32\c24vi91z95.cpl
c:\windows\system32\c4zs5eal3198.bin
c:\windows\system32\ca0b5ck9ozr1559.ocx
c:\windows\system32\cabaddzare9259.cpl
c:\windows\system32\d28stea518z79.dll
c:\windows\system32\e5c9hrzat28503.exe
c:\windows\system32\e65th9eat2313z.cpl
c:\windows\system32\f76spa5z92828.cpl
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcdbvprqtjfhiircrsremircuhopjbjqje.dll
c:\windows\system32\setup2.exe
c:\windows\system32\z0704t9o56e5.ocx
c:\windows\system32\z095w5rm2b79.ocx
c:\windows\system32\z0968virus17f5.cpl
c:\windows\system32\z1506not-a-viru55ff9.cpl
c:\windows\system32\z1815virus15f9.dll
c:\windows\system32\z295a9dware252.dll
c:\windows\system32\z358a9dware1212.bin
c:\windows\system32\z42cbackdoo9533.bin
c:\windows\system32\z4476not5a-v9rus68b.bin
c:\windows\system32\z4a79ackdoor541.exe
c:\windows\system32\z506t9reat2548.bin
c:\windows\system32\z5159acktool7c1.bin
c:\windows\system32\z539vi518.cpl
c:\windows\system32\z56309ot-a-virus218.bin
c:\windows\system32\z566hacktool965.bin
c:\windows\system32\z59ebackdoor2390.bin
c:\windows\system32\z6515s9y57f.cpl
c:\windows\system32\z65219roj59f.exe
c:\windows\system32\z75919acktool7ed.ocx
c:\windows\system32\z846vi514889.exe
c:\windows\system32\z89csp5w9re729.bin
c:\windows\system32\z9459parse4535.dll
c:\windows\system32\z9faddware19589.bin
c:\windows\system32\za9steal1511.exe
c:\windows\system32\zc89t59ef2451.exe
c:\windows\z13829ot-a-vir5s411.exe
c:\windows\z1este5l2649.cpl
c:\windows\z1f9bac9door1505.cpl
c:\windows\z23539ot-a-virus6cd.cpl
c:\windows\z336859rm597.exe
c:\windows\z4048s9ambo559b.ocx
c:\windows\z448sp59bot83.bin
c:\windows\z5053vi9us1b7.cpl
c:\windows\z50899orm436.ocx
c:\windows\z5119roj513.dll
c:\windows\z514spy9are31905.bin
c:\windows\z55dth9ef2484.bin
c:\windows\z5641t9oj255.exe
c:\windows\z6294t5o9670.bin
c:\windows\z755troj9a.dll
c:\windows\z7622wor95f15.cpl
c:\windows\z84055pamb9t4eb.cpl
c:\windows\z8794v5rus459.bin
c:\windows\z8872s955f4.cpl
c:\windows\z89dsteal17515.dll
c:\windows\z9065ackdoor1229.bin
c:\windows\z915spyware9.dll
c:\windows\z9435wo5m5dc9.dll
c:\windows\za9b5ir2779.ocx
c:\windows\za9fdo5nloader1188.ocx
c:\windows\zbe0back9oor3250.ocx
c:\windows\zd4spyw95e2241.cpl
c:\windows\zfcfdownloade91541.cpl

descriptionwinbluesoft removal any ideas pleases help... - Page 1 EmptyRe: winbluesoft removal any ideas pleases help...24th May 2009, 11:47 am

more_horiz
.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-24 11:14 . 2009-05-24 11:14 -------- d-----w c:\users\Ergu\AppData\Local\temp
2009-05-24 04:25 . 2006-10-23 14:37 290 ----a-w c:\programdata\Symantec\Definitions\SymcData\nco1.0defs\20090524.001\hub.scr
2009-05-24 03:27 . 2009-05-12 22:23 89104 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090523.003\NAVENG.SYS
2009-05-24 03:27 . 2009-05-12 22:23 876144 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090523.003\NAVEX15.SYS
2009-05-24 03:27 . 2009-05-12 22:23 177520 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090523.003\NAVENG32.DLL
2009-05-24 03:27 . 2009-05-12 22:23 1181040 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090523.003\NAVEX32A.DLL
2009-05-24 03:27 . 2009-05-12 22:23 371248 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090523.003\EECTRL.SYS
2009-05-24 03:27 . 2009-05-12 22:23 259368 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090523.003\ECMSVR32.DLL
2009-05-24 03:27 . 2009-05-12 22:23 101936 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090523.003\ERASER.SYS
2009-05-24 03:27 . 2009-05-12 22:23 2414128 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090523.003\CCERASER.DLL
2009-05-24 03:26 . 2006-10-23 14:37 290 ----a-w c:\programdata\Symantec\Definitions\SymcData\nco1.0defs\20090523.003\hub.scr
2009-05-21 15:25 . 2009-05-12 22:23 89104 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090521.003\NAVENG.SYS
2009-05-21 15:25 . 2009-05-12 22:23 876144 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090521.003\NAVEX15.SYS
2009-05-21 15:25 . 2009-05-12 22:23 177520 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090521.003\NAVENG32.DLL
2009-05-21 15:25 . 2009-05-12 22:23 1181040 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090521.003\NAVEX32A.DLL
2009-05-21 15:25 . 2009-05-12 22:23 371248 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090521.003\EECTRL.SYS
2009-05-21 15:25 . 2009-05-12 22:23 259368 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090521.003\ECMSVR32.DLL
2009-05-21 15:25 . 2009-05-12 22:23 2414128 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090521.003\CCERASER.DLL
2009-05-21 15:25 . 2009-05-12 22:23 101936 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\20090521.003\ERASER.SYS
2009-05-20 00:28 . 2009-04-03 17:44 173432 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090519.001\SymIDSI.dll
2009-05-20 00:28 . 2009-04-03 17:44 685432 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090519.001\IDSxpx86.dll
2009-05-20 00:28 . 2009-04-03 17:44 370224 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090519.001\IDSviA64.sys
2009-05-20 00:28 . 2009-04-03 17:44 272432 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090519.001\IDSvix86.sys
2009-05-20 00:28 . 2009-04-03 17:44 251768 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090519.001\SymIDSCo.sys
2009-05-20 00:28 . 2009-04-03 17:44 157120 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090519.001\IDS9xx86.dll
2009-05-18 05:16 . 2009-05-18 05:16 -------- d-----w C:\_OTMoveIt
2009-05-17 12:35 . 2009-04-03 17:44 251768 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090506.001\SymIDSCo.sys
2009-05-17 12:35 . 2009-04-03 17:44 173432 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090506.001\SymIDSI.dll
2009-05-17 12:35 . 2009-04-03 17:44 685432 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090506.001\IDSxpx86.dll
2009-05-17 12:35 . 2009-04-03 17:44 370224 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090506.001\IDSviA64.sys
2009-05-17 12:35 . 2009-04-03 17:44 272432 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090506.001\IDSvix86.sys
2009-05-17 12:35 . 2009-04-03 17:44 157120 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\20090506.001\IDS9xx86.dll
2009-05-17 12:35 . 2009-04-03 17:44 370224 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSviA64.sys
2009-05-16 07:46 . 2009-05-16 07:46 -------- d--h--w c:\windows\PIF
2009-05-16 07:42 . 2009-04-03 17:44 157120 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\ids9xx86.dll
2009-05-16 07:42 . 2009-04-03 17:44 685432 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\idsxpx86.dll
2009-05-16 07:42 . 2009-04-03 17:44 272432 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSvix86.sys
2009-05-16 07:42 . 2009-04-03 17:44 251768 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\symidsco.sys
2009-05-16 07:42 . 2009-04-03 17:44 173432 ----a-w c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\SymIDSI.dll
2009-05-16 07:38 . 2009-05-19 00:00 -------- d-----w c:\program files\Norton Internet Security
2009-05-16 07:37 . 2009-05-19 00:00 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-16 07:36 . 2009-05-19 00:00 -------- d-----w c:\program files\Symantec
2009-05-16 07:36 . 2009-05-19 01:06 -------- d-----w c:\programdata\Symantec
2009-05-16 07:35 . 2009-05-19 00:00 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-14 07:41 . 2009-05-14 07:41 8854 ----a-r c:\users\Ergu\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
2009-05-14 07:41 . 2009-05-14 07:41 40960 ----a-r c:\users\Ergu\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2009-05-14 07:41 . 2009-05-14 07:41 10134 ----a-r c:\users\Ergu\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
2009-05-14 07:41 . 2009-05-14 07:41 -------- d-----w c:\program files\Western Digital Technologies
2009-05-11 07:25 . 2009-05-11 07:25 -------- d-----w c:\users\Ergu\AppData\Roaming\U3
2009-05-07 05:20 . 2009-05-07 07:08 -------- d-----w c:\program files\MioNet
2009-04-28 08:44 . 2009-04-28 08:44 -------- d-----w c:\users\Ergu\AppData\Roaming\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 11:04 . 2008-11-22 22:18 -------- d-----w c:\users\Ergu\AppData\Roaming\BitTorrent
2009-05-24 02:34 . 2008-11-22 21:27 -------- d-----w c:\users\Ergu\AppData\Roaming\LimeWire
2009-05-24 02:33 . 2009-03-25 04:35 -------- d-----w c:\programdata\Google Updater
2009-05-19 00:00 . 2009-05-16 07:37 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-05-19 00:00 . 2009-05-16 07:37 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-18 18:42 . 2009-03-25 04:35 -------- d-----w c:\program files\Google
2009-05-13 13:09 . 2009-01-29 10:39 -------- d-----w c:\program files\AskTBar
2009-05-13 13:02 . 2008-11-22 21:36 -------- d-----w c:\users\Ergu\AppData\Roaming\DNA
2009-05-13 10:32 . 2008-11-22 21:36 -------- d-----w c:\program files\DNA
2009-05-12 22:23 . 2009-05-16 07:40 101936 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2009-05-12 22:23 . 2009-05-16 07:40 89104 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2009-05-12 22:23 . 2009-05-16 07:40 371248 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2009-05-12 22:23 . 2009-05-16 07:40 259368 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2009-05-12 22:23 . 2009-05-16 07:40 177520 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2009-05-12 22:23 . 2009-05-16 07:40 876144 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2009-05-12 22:23 . 2009-05-16 07:40 2414128 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-05-12 22:23 . 2009-05-16 07:40 1181040 ----a-w c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2009-05-10 13:10 . 2009-02-10 02:09 -------- d-----w c:\program files\SuperDVD Player 5.0
2009-05-09 08:33 . 2008-11-05 08:37 112440 ----a-w c:\users\Ergu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-21 12:12 . 2009-01-29 10:25 -------- d-----w c:\programdata\Nero
2009-03-28 10:57 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-28 10:50 . 2009-03-28 10:50 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-28 10:49 . 2009-03-28 10:49 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-28 10:49 . 2009-03-28 10:49 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-28 10:48 . 2009-03-28 10:48 268800 ----a-w c:\windows\system32\es.dll
2009-03-28 10:47 . 2009-03-28 10:47 428032 ----a-w c:\windows\system32\EncDec.dll
2009-03-28 10:47 . 2009-03-28 10:47 292352 ----a-w c:\windows\system32\psisdecd.dll
2009-03-28 10:47 . 2009-03-28 10:47 1244672 ----a-w c:\windows\system32\mcmde.dll
2009-03-28 10:46 . 2009-03-28 10:46 8147968 ----a-w c:\windows\system32\wmploc.DLL
2009-03-28 10:46 . 2009-03-28 10:46 7680 ----a-w c:\windows\system32\spwmp.dll
2009-03-28 10:46 . 2009-03-28 10:46 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-03-28 10:45 . 2009-03-28 10:45 269824 ----a-w c:\windows\system32\schannel.dll
2009-03-28 10:36 . 2009-03-28 10:36 96760 ----a-w c:\windows\system32\dfshim.dll
2009-03-28 10:36 . 2009-03-28 10:36 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-03-28 10:36 . 2009-03-28 10:36 282112 ----a-w c:\windows\system32\mscoree.dll
2009-03-28 10:36 . 2009-03-28 10:36 83968 ----a-w c:\windows\system32\mscories.dll
2009-03-28 10:36 . 2009-03-28 10:36 158720 ----a-w c:\windows\system32\mscorier.dll
2009-03-28 10:29 . 2009-03-28 10:29 2028032 ----a-w c:\windows\system32\win32k.sys
2009-03-25 06:49 . 2009-03-25 06:49 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2009-03-05 12:59 . 2009-03-05 12:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 12:59 . 2009-03-05 12:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-04 12:56 . 2009-04-03 02:49 4604240 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{5CF6D6C6-8A3E-4C6D-A812-BF5C2C4D46CE}\mpengine.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-03 06:03 2854912 ----a-w c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-03 06:03 2854912 ----a-w c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-01-19 1232896]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-01-22 417792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-09-27 77824]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-11 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-23 538744]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-03 49168]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-09-11 155648]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\internet download\internet programs\iTunesHelper.exe" [2009-03-12 342312]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-03 4702208]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\users\Ergu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\internet download\LimeWire\LimeWire.exe [2008-9-19 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 05:50 90112 ----a-w c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

descriptionwinbluesoft removal any ideas pleases help... - Page 1 EmptyRe: winbluesoft removal any ideas pleases help...24th May 2009, 11:47 am

more_horiz
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{745679E8-6D91-4C36-844E-A76183D5B83E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1721FD81-4CFB-40EF-AA56-DC19574D95A8}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{CBA94820-BC3F-4761-AE8F-B32C7CA16A68}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{F561B852-89D0-4AA9-97BE-A9EDCBAF61BE}"= UDP:c:\internet download\LimeWire\LimeWire.exe:LimeWire
"{486EC855-88D1-4645-900A-39911CE95D3D}"= TCP:c:\internet download\LimeWire\LimeWire.exe:LimeWire
"{98BA9096-2F96-43EF-A0EE-25B0A731296A}"= UDP:c:\internet download\Bit Torrent\BitTorrent.exe:BitTorrent (TCP-In)
"{70D8E56E-A753-4B2B-84E4-CE9C1393827E}"= TCP:c:\internet download\Bit Torrent\BitTorrent.exe:BitTorrent (UDP-In)
"{C7D179C6-82A2-40E4-9B12-D14682F17795}"= UDP:c:\internet download\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{9FB9D720-7F17-47E4-9690-4A6BA1F3060E}"= TCP:c:\internet download\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{1826C8C3-6CA0-4648-AB8A-C4E27CE0CE7B}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{4829317B-B8CA-4F7C-9315-F09C4F808860}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
"TCP Query User{B776C2B7-FBBF-4C1F-8FBA-4E5A6F48A246}c:\\internet download\\limewire\\limewire.exe"= UDP:c:\internet download\limewire\limewire.exe:LimeWire
"UDP Query User{D3E3D458-B610-41AB-910A-C4225A5C3B54}c:\\internet download\\limewire\\limewire.exe"= TCP:c:\internet download\limewire\limewire.exe:LimeWire
"TCP Query User{1588CFB8-4AEB-420F-ADB2-5B123C41392B}c:\\internet download\\bittorrent\\bittorrent.exe"= UDP:c:\internet download\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{AC1A8C43-E1BA-4954-B23E-F995BB11C3E3}c:\\internet download\\bittorrent\\bittorrent.exe"= TCP:c:\internet download\bittorrent\bittorrent.exe:BitTorrent
"{C75D7369-5522-4E47-9B0B-012D18DB1B36}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CFDA004D-B49D-4800-811A-284F1C2013B9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F3B30122-1441-45B5-BB5D-689C5EE6C747}"= UDP:c:\internet download\internet programs\iTunes.exe:iTunes
"{C535C596-7CA8-4024-B328-865BD0FBB7D8}"= TCP:c:\internet download\internet programs\iTunes.exe:iTunes
"TCP Query User{5CACF86F-A5CF-4FED-A450-1B478F96D38F}c:\\program files\\mionet\\jvm\\bin\\mionet.exe"= UDP:c:\program files\mionet\jvm\bin\mionet.exe:Java(TM) Platform SE binary
"UDP Query User{1C53949F-AB07-4FE6-957F-879BF87EF21D}c:\\program files\\mionet\\jvm\\bin\\mionet.exe"= TCP:c:\program files\mionet\jvm\bin\mionet.exe:Java(TM) Platform SE binary
"{6F343D22-C33B-43F6-A1B1-46029ACCF8C3}"= UDP:1700:MioNet Remote Drive Access 0
"{4609E406-170B-4751-B3B7-2AEE3EA8F76F}"= UDP:1701:MioNet Remote Drive Access 1
"{2D67FBD8-D20A-4C80-A131-31072192FBAD}"= UDP:1702:MioNet Remote Drive Access 2
"{C627D5FD-0C9A-4524-B16C-766D856A41ED}"= UDP:1703:MioNet Remote Drive Access 3
"{9CFD3335-03FE-4B0D-B884-09623C068C89}"= UDP:1704:MioNet Remote Drive Access 4
"{BD02CCCA-3419-4B4C-AF2E-3BC2D74A28B9}"= UDP:1705:MioNet Remote Drive Access 5
"{616A1960-D9D1-48CE-8766-E9F7389D1BF7}"= UDP:1706:MioNet Remote Drive Access 6
"{DDD4D975-FE04-4CB1-95AE-E06D759DBE72}"= UDP:1707:MioNet Remote Drive Access 7
"{937A5AC5-D277-48A7-ABDA-EE94881704A6}"= UDP:1708:MioNet Remote Drive Access 8
"{9AE7751B-191E-4680-AC51-F4B27FB48AE6}"= UDP:1709:MioNet Remote Drive Access 9
"{E0E8B091-7FDF-40EF-903A-B30E15801F36}"= UDP:1641:MioNet Remote Drive Verification
"{435D61FC-A9AE-4045-A47B-EE65D2AFEA4B}"= UDP:1647:MioNet Storage Device Configuration
"{2BEC5499-4CBB-44CD-B429-94183DCB07BA}"= TCP:5432:MioNet Storage Device Discovery
"{8CE0DA4F-E3EE-46C6-9818-80A49CD61CA0}"= UDP:c:\program files\MioNet\MioNetManager.exe:MioNetManager
"{93FEE0A6-EEE4-417D-9A63-49E46EF2C166}"= TCP:c:\program files\MioNet\MioNetManager.exe:MioNetManager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\internet download\\BitTorrent\\bittorrent.exe"= c:\internet download\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090519.001\IDSvix86.sys [20/05/2009 10:28 AM 272432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [18/05/2009 2:57 AM 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [3/10/2008 2:14 PM 37936]
S2 gupdate1c9ad03371df0d0;Google Update Service (gupdate1c9ad03371df0d0);c:\program files\Google\Update\GoogleUpdate.exe [25/03/2009 2:36 PM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 04:35]

2009-05-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 04:36]

2009-05-18 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Ergu.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 01:09]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HWSetup - \HWSetup.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ergu\AppData\Roaming\Mozilla\Firefox\Profiles\0ys71sad.default\
FF - plugin: c:\internet download\internet programs\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 21:14
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????EW???? ??? ??????P???`?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Completion time: 2009-05-24 21:15
ComboFix-quarantined-files.txt 2009-05-24 11:15

Pre-Run: 133,609,259,008 bytes free
Post-Run: 137,168,355,328 bytes free

991 --- E O F --- 2009-03-28 10:50

descriptionwinbluesoft removal any ideas pleases help... - Page 1 EmptyRe: winbluesoft removal any ideas pleases help...24th May 2009, 9:20 pm

more_horiz
I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Limewire 4.18.8



I see that you are running BitTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If BitTorrent is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • BitTorrent




Now open a new notepad file.
Input this into the notepad file:

File::
c:\users\Ergu\AppData\Roaming\BitTorrent
c:\users\Ergu\AppData\Roaming\LimeWire
c:\program files\AskTBar
c:\program files\DNA



Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
winbluesoft removal any ideas pleases help... - Page 1 Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

............................................................................................

While my help is always free, please consider donating to keep this site alive: Donate

winbluesoft removal any ideas pleases help... - Page 1 2wg6fte

descriptionwinbluesoft removal any ideas pleases help... - Page 1 EmptyRe: winbluesoft removal any ideas pleases help...

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum