WinBlueSoft crap Virus Need help!!!!

3 posters

WiredWX Hobby Weather Tools :: Archive :: Technical Support

WinBlueSoft crap Virus Need help!!!!25th May 2009, 7:19 am

Have the same problem as every one else heres my hijackthis log any help would be much appreiciated.;-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:39 AM, on 25/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\setup2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

Re: WinBlueSoft crap Virus Need help!!!!25th May 2009, 7:22 am

2nd part of file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:39 AM, on 25/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://au.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://au.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://au.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://au.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\real\IEeREAD.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\real\WebHook.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PKR Pal] "C:\Users\Robbie\Desktop\Games\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [UFaster] C:\Program Files\UFaster\UFaster.exe -a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {00000005-0007-0000-0000-100011000004} - http://c.imputati.com/l/defbc968c42946502eb6675ef41744c0_35.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.readyforcrysis.com/sysreqlab2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - http://66.98.196.24/DGTx.CAB
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85B9B08C-0FE2-46E4-87A9-8877B711D0EA}: NameServer = 85.255.112.15,85.255.112.215
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.15,85.255.112.215
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.15,85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.15,85.255.112.215
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9bd81f2468201) (gupdate1c9bd81f2468201) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 17639 bytes

Re: WinBlueSoft crap Virus Need help!!!!25th May 2009, 7:12 pm

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
If you didn't set these restrictions then fix these as well
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O17 - HKLM\System\CCS\Services\Tcpip\..\{85B9B08C-0FE2-46E4-87A9-8877B711D0EA}: NameServer = 85.255.112.15,85.255.112.215
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.15,85.255.112.215
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.15,85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.15,85.255.112.215
Press "Fix Checked"
Close Hijack This.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

Leave the script box empty.
Leave the ticked box "Scan for rootkit" ticked.
Then tick "Disable any rootkits found"
Now click on the Execute to begin execution of the script.
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

3. Please copy/paste the content of c:\avenger.txt into your reply.

Re: WinBlueSoft crap Virus Need help!!!!26th May 2009, 12:33 am

Heres the log file I think.It started a file log automaticallly at startup,I couldn't get into c\avenger.txt as it required a password.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

Re: WinBlueSoft crap Virus Need help!!!!27th May 2009, 12:18 am

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

WinBlueSoft crap Virus Need help!!!! CF_download_FF

WinBlueSoft crap Virus Need help!!!! CF_download_FF

WinBlueSoft crap Virus Need help!!!! CF_download_rename

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV..

Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:43 am

ComboFix 09-05-26.05 - Robbie 28/05/2009 21:16.1 - NTFSx86
Microsoft

Windows Vista

Home Premium 6.0.6001.1.1252.61.1033.18.2047.988 [GMT 10:00]
Running from: c:\users\Robbie\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\2.exe
c:\users\Robbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download programs.url
c:\users\Robbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games.url
c:\users\Robbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator.url
c:\users\Robbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\Robbie\FAVORI~1\Translator.url
c:\users\Robbie\Favorites\Translator.url
c:\windows\1065a5zware869.ocx
c:\windows\10935spamzo522f.dll
c:\windows\10zfvi95457.exe
c:\windows\11475ziru5589.bin
c:\windows\11890viru56z6.bin
c:\windows\120z4not-a-virus985.cpl
c:\windows\12548not-a-virusz209.cpl
c:\windows\12z09t5oj469.exe
c:\windows\1379zt5oj5ea.ocx
c:\windows\14145v5zus99b.cpl
c:\windows\1444spz59e830.dll
c:\windows\1469zack5ool599.dll
c:\windows\150705ir9s24z.cpl
c:\windows\15152spamb9t5z9.cpl
c:\windows\15301vzr9s461.cpl
c:\windows\15423hack9ool3bz.bin
c:\windows\15532n9t-a-virus6z1.exe
c:\windows\15552worm9b7z.bin
c:\windows\155z2tro93ba.exe
c:\windows\15c2thre9t1z101.cpl
c:\windows\15z34v9rus586.ocx
c:\windows\16109tzo57ba.ocx
c:\windows\163z59orm585.exe
c:\windows\166989pzm5ot90.ocx
c:\windows\168eszywar91755.cpl
c:\windows\16eedownload9rz185.exe
c:\windows\17495spy1z29.cpl
c:\windows\17500w9rmz12.exe
c:\windows\17509vir5sz09.cpl
c:\windows\175395zus2ca.bin
c:\windows\17675zorm9a0.exe
c:\windows\17739spazb9t5d4.cpl
c:\windows\1798z95oj335.dll
c:\windows\18129zirus5c3.exe
c:\windows\18177zroj4e59.exe
c:\windows\18299tro5z849.ocx
c:\windows\18785viz9s5d5.cpl
c:\windows\1895vir1878z.ocx
c:\windows\1899not-a-z9rus15e.ocx
c:\windows\19179w5rm79dz.bin
c:\windows\1930zsp5mb9t605.dll
c:\windows\195fd5wnloadez2707.bin
c:\windows\19z4vir5s438.bin
c:\windows\1c5d9wnloadez655.exe
c:\windows\1d34s9ywa5e6z9.exe
c:\windows\1e85threzt12779.bin
c:\windows\1z577vi9us5fa.cpl
c:\windows\1z81steal9159.cpl
c:\windows\1zh5ckt9ol178.cpl
c:\windows\20361vir9z55.cpl
c:\windows\20958wzrm2289.ocx
c:\windows\209zvi5293.exe
c:\windows\20da5zw9re3044.ocx
c:\windows\21581sz5mbot6a89.ocx
c:\windows\21699ot-azvirus5c.dll
c:\windows\21csz5w9re175.cpl
c:\windows\21z50spy1b9.ocx
c:\windows\220z2not-a-vir9s561.bin
c:\windows\2247zwor9665.cpl
c:\windows\22483spambzt6b59.bin
c:\windows\22515spamb9529dz.bin
c:\windows\23336ha5kto9lz4.dll
c:\windows\2372sp9rse2504z.ocx
c:\windows\23z08not-a5v9rus3bb.bin
c:\windows\24058tz9j162.ocx
c:\windows\24416not-a-9irzs53.cpl
c:\windows\24527spamzot93e.exe
c:\windows\25400n9t-5-vizus317.ocx
c:\windows\2551spy9bz.ocx
c:\windows\2586th9eat1z778.exe
c:\windows\25933wor945z.dll
c:\windows\25cabackdoorz6909.dll
c:\windows\25z7add9ar51671.ocx
c:\windows\25z9vir1415.dll
c:\windows\26340viru578z9.dll
c:\windows\266325oz-a-9irus557.bin
c:\windows\273z0spam5ot299.bin
c:\windows\279z5sp97b5.cpl
c:\windows\27f19hrezt59481.dll
c:\windows\28825dd9arz994.cpl
c:\windows\291bspy5are95z.dll
c:\windows\2940859yz30.dll
c:\windows\29996zirus25d9.dll
c:\windows\2a18zp9ware625.ocx
c:\windows\2a9bv9r65z5.ocx
c:\windows\2bb0d9w5loaderz453.ocx
c:\windows\2e55ddwar9z967.exe
c:\windows\2z76159rm4e1.bin
c:\windows\2z915tro51f79.ocx
c:\windows\30111not5a-vir9z4c3.cpl
c:\windows\30259tzoj592.exe
c:\windows\303z3s955d5.bin
c:\windows\30455spzmbot9bc.bin
c:\windows\31062zackto5l4619.exe
c:\windows\31533n5t-a9virus2cz.cpl
c:\windows\31d8zpywa95780.ocx
c:\windows\31f7sp9rse211z5.bin
c:\windows\323825ackto9l479z.dll
c:\windows\3324vir3z975.exe
c:\windows\3352wzr9ee.dll
c:\windows\33925teal3z17.dll
c:\windows\3392tzre5t31964.cpl
c:\windows\3456vir9z92.exe
c:\windows\345spzrse3195.cpl
c:\windows\3527tz5j956.dll
c:\windows\35409zeal2733.dll
c:\windows\35474vi9us46z.bin
c:\windows\35a2ad9warez011.exe
c:\windows\35d0ste9l131z5.exe
c:\windows\35f0steal5994z.exe
c:\windows\365zpa95e2259.ocx
c:\windows\374back9oor30z5.cpl
c:\windows\376bs5ea9z48.cpl
c:\windows\37a9zir5956.cpl
c:\windows\3915virus1z8.exe
c:\windows\3961threat3509z.bin
c:\windows\396ctzief23675.dll
c:\windows\3aa7s9yzare1582.bin
c:\windows\3ac65zreat22859.exe
c:\windows\3b75addzare2659.ocx
c:\windows\3c46z95ef911.cpl
c:\windows\3ca0baczd9o544.exe
c:\windows\3f83do5nloa9er2212z.exe
c:\windows\3z87b5ckdo9r2555.dll
c:\windows\4155zpa9se2507.cpl
c:\windows\416z5ir9s9d.exe

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:45 am

c:\windows\4202steal9055z.cpl
c:\windows\4291tzre5t90889.dll
c:\windows\42b59pyware1345z.cpl
c:\windows\48019hiefz75.exe
c:\windows\483t95ezt9192.exe
c:\windows\4860down5oa9ez2725.bin
c:\windows\487d5pyzare709.exe
c:\windows\4945th95at23z67.cpl
c:\windows\49ad5ackdoor29z2.ocx
c:\windows\49f2downlo5der2z87.ocx
c:\windows\4b319ddwaze21125.bin
c:\windows\4cz65hief3291.dll
c:\windows\4e2sp9rsz5009.dll
c:\windows\4f1aad9waze1195.dll
c:\windows\4f38threat251z99.exe
c:\windows\4z55stea91206.exe
c:\windows\4z9dth5eat11169.bin
c:\windows\4zp9r5e1260.exe
c:\windows\5045addware284z9.bin
c:\windows\504eszarse9757.ocx
c:\windows\5051addware9z8.dll
c:\windows\5090tz95193.bin
c:\windows\51169t5al2z98.bin
c:\windows\5159b9ckdozr770.bin
c:\windows\5169sparze429.ocx
c:\windows\5185spz954.dll
c:\windows\51fsparse19z.ocx
c:\windows\52591hacktzol782.ocx
c:\windows\5262addware65z9.exe
c:\windows\526zir1937.dll
c:\windows\5390zpy359.ocx
c:\windows\5405nzt-9-virus563.dll
c:\windows\54cat9izf2555.exe
c:\windows\5504zpar951145.exe
c:\windows\5529addwaze1691.dll
c:\windows\553bviz2797.exe
c:\windows\5555back9oorz657.bin
c:\windows\556zaddware27219.cpl
c:\windows\557zthie91591.dll
c:\windows\55a2spyw9r548z.cpl
c:\windows\55fzvir3965.dll
c:\windows\5689t9oz4875.exe
c:\windows\5714zw9rm333.ocx
c:\windows\5719thi5f309z.exe
c:\windows\57558trojz9b.cpl
c:\windows\57cfaddwzr91653.cpl
c:\windows\5805szambo975a.exe
c:\windows\5879downzoader439.bin
c:\windows\5883vir29z8.cpl
c:\windows\58e3zddware2298.exe
c:\windows\5959addwar5z09.bin
c:\windows\595doznloader511.exe
c:\windows\5968spamzot35c.exe
c:\windows\59881not-a-vir9sz78.exe
c:\windows\59b5v5rz174.cpl
c:\windows\59cdvir509z.bin
c:\windows\59czdownload9r2002.ocx
c:\windows\5aed9pzrse73.exe
c:\windows\5be9s9arsz902.ocx
c:\windows\5d8thz9f2294.ocx
c:\windows\5d95s9zal2749.dll
c:\windows\5d99backdoor2805z.dll
c:\windows\5dd6downlo9der28z9.dll
c:\windows\5e205ir2z749.exe
c:\windows\5ebcsteal3z90.dll
c:\windows\5z5dt59eat1125.bin
c:\windows\5z859t9oj59c.bin
c:\windows\60e9zackdoo52990.exe
c:\windows\62135h9ef174z.dll
c:\windows\65389aczdoor2827.ocx
c:\windows\6726s9a5bzt166.cpl
c:\windows\6750t5oj693z.cpl
c:\windows\68a6s9ealz95.bin
c:\windows\6a54back9ozr5061.exe
c:\windows\6ea9spyware105z.bin
c:\windows\70a9sparse2z855.ocx
c:\windows\71b95pa9se30z4.dll
c:\windows\72z9w5rm779.cpl
c:\windows\7431adzwar51095.cpl
c:\windows\765spywarz9570.dll
c:\windows\76b1threzt8945.dll
c:\windows\77495t-a-viruz7b3.cpl
c:\windows\7829spars91z25.ocx
c:\windows\796f5zief28779.ocx
c:\windows\7a31s9arsz16575.ocx
c:\windows\7a99vzr27545.dll
c:\windows\7b50vi9258z5.ocx
c:\windows\7bdzd9wnl5ader2784.cpl
c:\windows\7c92z5eal1650.ocx
c:\windows\7ccethreat52569z.exe
c:\windows\7e3bd5wnloazer32549.cpl
c:\windows\7f4zs5e9l743.exe
c:\windows\7z54addwar52391.bin
c:\windows\7z95thi5f2922.exe
c:\windows\8534viruz4f59.cpl
c:\windows\85fthz9f453.dll
c:\windows\8975worz125.cpl
c:\windows\8z36virus59e.dll
c:\windows\90956virus53az.ocx
c:\windows\9153thief1z35.ocx
c:\windows\9215otza-viru9640.bin
c:\windows\9220s5arse3z12.exe
c:\windows\9283zpywa5e1641.ocx
c:\windows\94495zoj12.bin
c:\windows\9545s9y1zf.cpl
c:\windows\959aspywa5z2315.exe
c:\windows\95z1vir95229.exe
c:\windows\95z45troj5bd.dll
c:\windows\96092zpa5bot266.cpl
c:\windows\96541ha5ktozl56f.cpl
c:\windows\96588worm501z.ocx
c:\windows\9735z9y5ba.cpl
c:\windows\9781wozm94e5.cpl
c:\windows\9955zwormbf.exe
c:\windows\995z5wo5m264.dll
c:\windows\9968viruz45d5.dll
c:\windows\9bbf5zdware1857.cpl
c:\windows\9be4s5ealz174.dll
c:\windows\9bzspywa5e1910.exe
c:\windows\9cf5backdooz3217.ocx
c:\windows\9d7tzief2954.cpl
c:\windows\9e05vzr2459.ocx
c:\windows\9z18sp5644.cpl
c:\windows\9z199virus43c5.cpl
c:\windows\9z79w5rm334.ocx
c:\windows\a9ast95z2536.cpl
c:\windows\acaz9arse255.ocx
c:\windows\acead9war5139z.cpl
c:\windows\f65zparse9933.dll
c:\windows\f6baczdoor25869.bin
c:\windows\system32\10119s9ambzt59f.cpl
c:\windows\system32\10264sp5mbot4z9.exe
c:\windows\system32\1041znot-a-virus529.ocx
c:\windows\system32\10488ha5kt9oz659.exe
c:\windows\system32\105969r5z41f.cpl
c:\windows\system32\11205hac5tzo9c9.cpl
c:\windows\system32\1128sp9mboz533.exe
c:\windows\system32\11527s9y1z25.cpl
c:\windows\system32\118fthre9t2z957.bin
c:\windows\system32\12084t9oj1z05.bin
c:\windows\system32\122359ormz57.ocx
c:\windows\system32\12269ackdo5z1626.ocx
c:\windows\system32\1291495rus215z.bin
c:\windows\system32\1467noz-a-5iru9609.ocx
c:\windows\system32\1516wor594cz.cpl
c:\windows\system32\1519addwaze59499.dll
c:\windows\system32\1525not-a-viz5s65b9.cpl
c:\windows\system32\15557virus17z9.dll
c:\windows\system32\15635nzt-a-virus940.exe
c:\windows\system32\15794woz59ef.exe
c:\windows\system32\15799zroj2f3.bin
c:\windows\system32\157h9cktzol5c5.exe
c:\windows\system32\15995s5azbot192.cpl
c:\windows\system32\1606add9arez257.exe
c:\windows\system32\161z5hreat21929.dll
c:\windows\system32\16905z5rus784.bin
c:\windows\system32\1712zw9rm4635.bin
c:\windows\system32\1733z5roj5b9.ocx
c:\windows\system32\17514not-a-v5ru96ebz.cpl
c:\windows\system32\179005py574z.exe
c:\windows\system32\17949hackt5zl639.dll
c:\windows\system32\179z5ownloader2757.cpl
c:\windows\system32\18025hackz5ol97a.bin
c:\windows\system32\18845hi9f1z36.dll
c:\windows\system32\1888threatz9567.exe
c:\windows\system32\1891not-a-zirus3579.ocx
c:\windows\system32\18edownzoa9e5918.dll
c:\windows\system32\19153wor55z9.dll
c:\windows\system32\19344not-a-virus52z.ocx
c:\windows\system32\1943zspamb5t471.exe
c:\windows\system32\19891spam5oz7.ocx
c:\windows\system32\198virusz59.bin
c:\windows\system32\19b65h9ef788z.ocx
c:\windows\system32\19zbsteal5313.exe
c:\windows\system32\1d3zaddware50579.bin
c:\windows\system32\1ezd9hief1995.bin
c:\windows\system32\1f9fd5wnlo9zer2097.dll
c:\windows\system32\1z675hi9f1004.ocx
c:\windows\system32\20560not-9-ziru51f4.dll
c:\windows\system32\206695rmz57.cpl
c:\windows\system32\20865ha5k9zol57b.ocx
c:\windows\system32\20993s9yz7f5.dll
c:\windows\system32\211329pamb5tzd9.cpl
c:\windows\system32\2159threat3z700.exe
c:\windows\system32\22003nzt-5-vir9s25d.bin
c:\windows\system32\22e39hiez2598.dll
c:\windows\system32\23297sp53az.cpl
c:\windows\system32\2346359ojz58.dll
c:\windows\system32\23517h5cztool91e.ocx
c:\windows\system32\237085r9j71z.dll
c:\windows\system32\2375t5reatz898.bin
c:\windows\system32\23batz9e5t18793.bin
c:\windows\system32\2404szarse52079.cpl
c:\windows\system32\243z35pam9ot39b.cpl
c:\windows\system32\24479spz9d75.cpl
c:\windows\system32\25031not-a-vzrus1a39.cpl
c:\windows\system32\250509pzmbot18d.dll
c:\windows\system32\25076not-z-vi9us56.cpl
c:\windows\system32\2525zhi9f2539.bin
c:\windows\system32\25292spy5cbz.bin
c:\windows\system32\2532ad9ware523z.cpl
c:\windows\system32\2553hack5ool199z.ocx
c:\windows\system32\257e9oz5loader144.dll
c:\windows\system32\25895not-a-v5rus66z.bin
c:\windows\system32\2594dzwnloa9er2874.dll
c:\windows\system32\259wo5m5efz.dll
c:\windows\system32\25acz9reat203205.cpl
c:\windows\system32\25z49w59m97.cpl
c:\windows\system32\25z709ir5sfa.dll
c:\windows\system32\25z7wo9m3e.ocx
c:\windows\system32\26218szy9b5.bin
c:\windows\system32\2628th9ef5055z.exe
c:\windows\system32\2653z5oj7e9.cpl
c:\windows\system32\26a9vir29z5.dll
c:\windows\system32\27195trzj55b.dll
c:\windows\system32\2735zno5-a-virus95b.exe
c:\windows\system32\27479v5ruz1b.ocx
c:\windows\system32\27539tro93z5.ocx
c:\windows\system32\27719spazbot518.cpl
c:\windows\system32\277zdownl5ader8399.ocx
c:\windows\system32\27905tr9j7z8.ocx
c:\windows\system32\279zhi5f1696.cpl
c:\windows\system32\2832haczt9o525.cpl
c:\windows\system32\28555s9y4z7.dll
c:\windows\system32\28aest5al1897z.dll
c:\windows\system32\28azthrea529999.bin
c:\windows\system32\28c9backzo5r995.cpl
c:\windows\system32\2911zv5rus5cd.exe
c:\windows\system32\29151not9a-vizus625.ocx
c:\windows\system32\29246spazbo576d.ocx
c:\windows\system32\29514not5a-virzs5169.ocx
c:\windows\system32\29626hazktool655.ocx
c:\windows\system32\29655t9oj55dz.dll
c:\windows\system32\29778worz259.cpl
c:\windows\system32\299z5spy152.exe
c:\windows\system32\29c5thzef2691.bin
c:\windows\system32\2a96vi51z06.bin
c:\windows\system32\2d39sp5wa9ez202.exe
c:\windows\system32\2d6steaz15469.ocx
c:\windows\system32\2dzas5eal996.exe
c:\windows\system32\2z175orm3c89.ocx
c:\windows\system32\2z252tro95d5.dll
c:\windows\system32\2z435virus495.dll
c:\windows\system32\2z6599p5mbot590.exe
c:\windows\system32\2z9479orm345.exe
c:\windows\system32\301tzoj95a.dll
c:\windows\system32\3038z9orm5a1.exe
c:\windows\system32\30726not-9-vir5s3az.ocx
c:\windows\system32\30985virus6f3z.cpl
c:\windows\system32\31019t59z7e4.ocx
c:\windows\system32\31655hackt9oz4bd5.dll
c:\windows\system32\31991hacktoz5a9.cpl
c:\windows\system32\321159iruz15e.ocx
c:\windows\system32\32295trzj7ff.cpl
c:\windows\system32\3239vz51235.exe
c:\windows\system32\32526vi95s3z.exe
c:\windows\system32\32559zro92515.bin
c:\windows\system32\3264az95are2680.cpl
c:\windows\system32\3399sp9mbzt5505.dll
c:\windows\system32\33cfstzal13659.cpl
c:\windows\system32\3409spywar5202z.bin
c:\windows\system32\35094zorm6199.ocx
c:\windows\system32\358faddw5re18z99.exe
c:\windows\system32\359z7hacktool99b.bin
c:\windows\system32\35a7spzrse194.ocx
c:\windows\system32\35e7virz509.dll
c:\windows\system32\36589ddware53z5.bin
c:\windows\system32\3750thief539z.cpl
c:\windows\system32\389av5r1z82.exe
c:\windows\system32\38a1down9zade52013.ocx
c:\windows\system32\3a629py5zre2848.dll
c:\windows\system32\3d57spywa9ez065.ocx
c:\windows\system32\3d85thiefz9689.ocx
c:\windows\system32\3edesteaz23495.cpl
c:\windows\system32\3z927spa5b9t357.exe
c:\windows\system32\3zd5threa926759.bin
c:\windows\system32\4160wormz509.exe
c:\windows\system32\4189s5y7cz.cpl
c:\windows\system32\4282spy5aze9514.ocx
c:\windows\system32\42f9s5zrse30.cpl
c:\windows\system32\4403not-azv5ru937d.exe
c:\windows\system32\444adownlz5der1692.dll
c:\windows\system32\4513not-z-v95us119.ocx
c:\windows\system32\4518vir1954z.ocx
c:\windows\system32\451spyw9re76z.cpl
c:\windows\system32\4550addware2290z.bin
c:\windows\system32\457cspa9se217z.cpl
c:\windows\system32\45b9zteal1811.bin
c:\windows\system32\45fzt5ie91221.dll
c:\windows\system32\4955dowzloader23509.exe
c:\windows\system32\4965spy3z5.dll
c:\windows\system32\49d6tzrea517993.ocx
c:\windows\system32\4c4spy95re3122z.bin
c:\windows\system32\4c7cv9r28z15.bin

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:46 am

c:\windows\system32\4cz3spy5are3129.bin
c:\windows\system32\4dbfszy59re89.bin
c:\windows\system32\4z959pambot5af.exe
c:\windows\system32\5035virzs1c19.bin
c:\windows\system32\50789spy7d8z.bin
c:\windows\system32\509zt9reat23570.ocx
c:\windows\system32\50z5hre9t23200.dll
c:\windows\system32\5141hazkt95l1cb.cpl
c:\windows\system32\51d0s5eal209z.ocx
c:\windows\system32\5265downl9ader2483z.ocx
c:\windows\system32\5285spar5ez799.dll
c:\windows\system32\52c9backzoor2338.bin
c:\windows\system32\52z90troj902.cpl
c:\windows\system32\530bt5iez14319.cpl
c:\windows\system32\5349steal296z.bin
c:\windows\system32\53697vi9us64bz.cpl
c:\windows\system32\53d4zownloader5903.ocx
c:\windows\system32\5445addware83z9.dll
c:\windows\system32\54658not-a-viz9s6c3.bin
c:\windows\system32\54b89i51997z.exe
c:\windows\system32\54z5backdoo51917.dll
c:\windows\system32\54za9hief2432.bin
c:\windows\system32\55105tr9j4z2.bin
c:\windows\system32\551ddowzloader28419.exe
c:\windows\system32\5549zhie9113.cpl
c:\windows\system32\55597s9y440z.cpl
c:\windows\system32\55eebackdoor92z9.cpl
c:\windows\system32\56126not9a-vizus325.bin
c:\windows\system32\570dzt9al3200.cpl
c:\windows\system32\57zeth5e9t16217.ocx
c:\windows\system32\5824w9rm5z4.bin
c:\windows\system32\5959ztroj29f.exe
c:\windows\system32\595backdozr9217.cpl
c:\windows\system32\5967spywarez54.cpl
c:\windows\system32\597spazbot60b.dll
c:\windows\system32\59bds59rsz949.ocx
c:\windows\system32\5a2aspywzre5917.bin
c:\windows\system32\5a54ba9zdoor909.dll
c:\windows\system32\5b1zvir21799.ocx
c:\windows\system32\5ba3downlzad5r1999.ocx
c:\windows\system32\5c6fthreat9z74.ocx
c:\windows\system32\5c9espyzare761.bin
c:\windows\system32\5ccaazdw9re22325.cpl
c:\windows\system32\5cf59a5zdoor3223.ocx
c:\windows\system32\5d91zparse2590.bin
c:\windows\system32\5dea5zar9e1069.cpl
c:\windows\system32\5e54s9eal19z5.cpl
c:\windows\system32\5eb8b59kzoor938.ocx
c:\windows\system32\5zb9spyware8935.ocx
c:\windows\system32\603c9pyware1505z.cpl
c:\windows\system32\6090zi924895.ocx
c:\windows\system32\6194tzreat23353.ocx
c:\windows\system32\61d4stea91559z.exe
c:\windows\system32\638ath9ef5406z.dll
c:\windows\system32\63b9tzal4955.bin
c:\windows\system32\6439zhief2574.ocx
c:\windows\system32\6519spywzre2612.dll
c:\windows\system32\655espyzare9255.cpl
c:\windows\system32\6653s9arze1154.ocx
c:\windows\system32\67ze9hi5f1483.ocx
c:\windows\system32\6832s9zware1955.bin
c:\windows\system32\6850addwa9e7z3.bin
c:\windows\system32\6855vzr5s96b.exe
c:\windows\system32\6898th5zat11125.bin
c:\windows\system32\68e5vi5493z.ocx
c:\windows\system32\6956thief236z.cpl
c:\windows\system32\699cback5oor1951z.exe
c:\windows\system32\69c3zteal5677.bin
c:\windows\system32\69z8thr9at27855.exe
c:\windows\system32\69z9backdo5r549.bin
c:\windows\system32\6b4f5hrz9t26115.dll
c:\windows\system32\6bb9v5rz863.bin
c:\windows\system32\6ce2do5nloader943z.ocx
c:\windows\system32\6f2dthizf5489.dll
c:\windows\system32\6z59threat25299.ocx
c:\windows\system32\7059zackdoo518709.cpl
c:\windows\system32\7153threzt47839.bin
c:\windows\system32\71575ot-a-vzr9s18c.bin
c:\windows\system32\71zd5h9eat29779.cpl
c:\windows\system32\72c79par5e1570z.cpl
c:\windows\system32\7491s5ealz4329.cpl
c:\windows\system32\7541zot-a-virus5739.bin
c:\windows\system32\77c2bazkdo5r9704.bin
c:\windows\system32\78aeb9ckdoor1350z.bin
c:\windows\system32\794zh9cktool5db.dll
c:\windows\system32\79z3steal58.bin
c:\windows\system32\79z5backdoor62.ocx
c:\windows\system32\79zca5dware1611.dll
c:\windows\system32\7c9aszea527819.cpl
c:\windows\system32\7c9cspzr5e1231.dll
c:\windows\system32\7df59zwnloader753.dll
c:\windows\system32\7f4ezdd5are15349.dll
c:\windows\system32\7z95vir19855.ocx
c:\windows\system32\8698hackzoo529d.exe
c:\windows\system32\8795s5y5bz.cpl
c:\windows\system32\8872virus5z95.ocx
c:\windows\system32\8959hackto9z4f8.dll
c:\windows\system32\89749azk5ool4e0.ocx
c:\windows\system32\8a5ack9ozr2432.dll
c:\windows\system32\9018worz75e.exe
c:\windows\system32\90939zor5448.ocx
c:\windows\system32\9105hazktool395.dll
c:\windows\system32\9167virus1d5z.bin
c:\windows\system32\919ztroj665.ocx
c:\windows\system32\9244za9k5ool54f.bin
c:\windows\system32\93aaspzwa5e1065.exe
c:\windows\system32\9406vi9zs3595.cpl
c:\windows\system32\94357virus7z0.ocx
c:\windows\system32\9521not-a5vizus30e.dll
c:\windows\system32\9529zorm2af.dll
c:\windows\system32\9553hack5ool5za.cpl
c:\windows\system32\9553zot-9-virus24b.dll
c:\windows\system32\95579wo5m12fz.ocx
c:\windows\system32\95afbackdoor2z72.exe
c:\windows\system32\95ffbackdzor2125.cpl
c:\windows\system32\9678vir3z005.exe
c:\windows\system32\97245parsz2812.exe
c:\windows\system32\9765tz5j750.exe
c:\windows\system32\9782hacztool4f5.ocx
c:\windows\system32\99095ziru541.exe
c:\windows\system32\9993virz9351.ocx
c:\windows\system32\999645roj27z.cpl
c:\windows\system32\9d29vir5z6.bin
c:\windows\system32\9dc8threzt73885.ocx
c:\windows\system32\9df2downzoader2599.cpl
c:\windows\system32\9e4aaddware1549z.bin
c:\windows\system32\9f01viz5574.dll
c:\windows\system32\9f04spzrs5558.ocx
c:\windows\system32\a49d9wnlza5er1976.ocx
c:\windows\system32\a9zbackd5or1890.ocx
c:\windows\system32\c74thre5t92644z.bin
c:\windows\system32\drivers\gxvxceyoyuatewbxxcowhpocvssrocbfdshsp.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ed5sparse5z95.cpl
c:\windows\system32\f1atzi9f3515.ocx
c:\windows\system32\f51t5rez919239.ocx
c:\windows\system32\gxvxccounter
c:\windows\system32\Packet.dll
c:\windows\system32\setup2.exe
c:\windows\system32\wpcap.dll
c:\windows\system32\z0877troj1599.dll
c:\windows\system32\z122th9ea531626.ocx
c:\windows\system32\z1924not5a-virus69e.dll
c:\windows\system32\z1945not-a-virus32.cpl
c:\windows\system32\z196worm595.exe
c:\windows\system32\z313v9r5s39e.exe
c:\windows\system32\z4024spa5bot792.bin
c:\windows\system32\z40605ot-a-vir9s519.dll
c:\windows\system32\z47159orm556.dll
c:\windows\system32\z58519irus2d3.dll
c:\windows\system32\z5928tr9j663.ocx
c:\windows\system32\z595h9cktool557.ocx
c:\windows\system32\z5dcdownload5r1629.cpl
c:\windows\system32\z8917no9-5-virus488.dll
c:\windows\system32\z9157vi5us1b3.ocx
c:\windows\system32\zc53spywa5e26489.exe
c:\windows\system32\zd59steal912.bin
c:\windows\system32\zd9bth5ef921.bin
c:\windows\z0985sp9m5ot1af.dll
c:\windows\z15659ckdoor1140.exe
c:\windows\z2e1sp5rs92161.bin
c:\windows\z479addw9re2529.ocx
c:\windows\z5527tr5j3cc9.cpl
c:\windows\z6eth9eat25412.ocx
c:\windows\z76vi56149.ocx
c:\windows\z7979tr5j402.exe
c:\windows\z7des5e9l586.ocx
c:\windows\z899sparse18395.dll
c:\windows\z9629s5y12d.bin
c:\windows\z99th5ef2930.bin
c:\windows\zb5fs9arse870.exe
c:\windows\zdf0thi9f18825.bin
c:\windows\zff7v9r1015.ocx
G:\Autorun.inf
G:\desktop.ini

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:47 am

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys
-------\Service_iWinGamesInstaller
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-28 11:22 . 2009-05-28 11:25 -------- d-----w c:\users\Robbie\AppData\Local\temp
2009-05-28 11:22 . 2009-05-28 11:22 -------- d-----w c:\users\Kelly\AppData\Local\temp
2009-05-27 23:55 . 2009-05-27 23:55 -------- d-----w c:\users\Kelly\Program Files
2009-05-27 23:55 . 2009-05-28 05:58 -------- d-----w c:\users\Kelly\AppData\Roaming\uTorrent
2009-05-27 01:27 . 2009-05-27 01:27 -------- d-----w c:\users\Kelly\AppData\Roaming\Apple Computer
2009-05-27 01:27 . 2009-05-27 01:27 -------- d-----w c:\users\Kelly\AppData\Local\Apple Computer
2009-05-26 06:50 . 2009-05-26 06:53 -------- d-----w c:\users\TEMP
2009-05-26 03:19 . 2009-05-26 03:19 -------- d-----w c:\users\Robbie\AppData\Local\Ahead
2009-05-26 02:34 . 2009-05-26 02:34 -------- d-----w c:\program files\XBCD
2009-05-26 01:12 . 2008-06-24 03:45 1414440 ----a-w c:\windows\system32\ShellManager310E2D762.dll
2009-05-25 06:39 . 2009-05-25 06:39 -------- d-----w c:\users\Robbie\AppData\Roaming\Malwarebytes
2009-05-25 06:39 . 2009-03-26 06:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-25 06:39 . 2009-03-26 06:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 06:39 . 2009-05-25 06:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 06:39 . 2009-05-25 06:39 -------- d-----w c:\progra~2\Malwarebytes
2009-05-24 23:44 . 2009-05-24 23:44 16750 ----a-w c:\windows\system32\7461tz5j9.dll
2009-05-24 23:05 . 2009-05-24 23:05 -------- d-----w c:\program files\Uniblue1
2009-05-24 22:56 . 2009-05-24 22:56 -------- d-----w c:\program files\Trend Micro
2009-05-24 22:35 . 2009-05-24 22:42 -------- d-----w c:\users\Robbie\AppData\Roaming\GetRightToGo
2009-05-17 05:42 . 2009-05-17 05:42 -------- d-----w c:\users\Robbie\AppData\Roaming\Nero
2009-05-17 05:36 . 2009-05-17 05:36 -------- d-----w c:\program files\Nero
2009-05-17 04:52 . 2009-05-17 04:52 -------- d-----w c:\users\Robbie\AppData\Local\CyberLink
2009-05-17 04:48 . 2009-05-17 04:48 -------- d-----w c:\users\Robbie\AppData\Local\PowerDVDCox
2009-05-17 04:48 . 2009-05-19 03:21 -------- d-----w c:\users\Robbie\AppData\Local\PowerDVDCinema
2009-05-17 04:47 . 2009-05-17 04:47 -------- d-----w c:\users\Public\CyberLink
2009-05-17 04:46 . 2009-05-17 04:52 -------- d-----w c:\progra~2\CyberLink
2009-05-17 04:44 . 2009-05-17 04:44 -------- d-----w c:\program files\Common Files\CyberLink
2009-05-17 04:42 . 2009-05-17 04:41 29480 ----a-w c:\windows\system32\msxml3a.dll
2009-05-17 03:06 . 2009-05-19 03:21 -------- d-----w c:\users\Robbie\AppData\Roaming\CyberLink
2009-05-17 03:01 . 2009-05-17 04:43 -------- d-----w c:\program files\CyberLink
2009-05-17 02:30 . 2009-05-17 02:30 -------- d-----w c:\program files\Ahead
2009-05-16 05:44 . 2009-05-25 00:49 -------- d-----w c:\users\Robbie\Tracing
2009-05-13 11:54 . 2009-05-13 11:54 23600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2009-05-13 02:48 . 2009-05-13 02:48 -------- d-----w c:\program files\VID_0E8F&PID_0003

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 02:15 . 2009-04-15 04:21 -------- d-----w c:\progra~2\Google Updater
2009-05-26 03:14 . 2007-12-31 09:05 -------- d-----w c:\program files\Common Files\Nero
2009-05-26 03:08 . 2007-11-05 03:01 -------- d-----w c:\progra~2\Nero
2009-05-25 06:55 . 2008-05-27 00:19 -------- d-----w c:\users\Robbie\AppData\Roaming\uTorrent
2009-05-25 02:02 . 2008-05-08 03:15 -------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-05-19 07:43 . 2007-11-08 09:23 -------- d-----w c:\program files\Ubisoft
2009-05-17 11:11 . 2007-12-22 08:22 -------- d-----w c:\users\Robbie\AppData\Roaming\Canon
2009-05-17 04:44 . 2007-10-27 08:18 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-17 04:41 . 2003-03-19 03:14 505128 ----a-w c:\windows\system32\msvcp71.dll
2009-05-17 04:41 . 2003-02-21 11:42 353576 ----a-w c:\windows\system32\msvcr71.dll
2009-05-16 07:53 . 2008-01-31 06:21 -------- d-----w c:\users\Robbie\AppData\Roaming\Azureus
2009-05-15 18:40 . 2008-03-23 00:13 -------- d-----w c:\program files\Google
2009-05-15 14:15 . 2008-01-31 06:23 182 ----a-w c:\users\Robbie\AppData\Roaming\Azureus\restart.bat
2009-05-15 14:11 . 2008-01-31 06:21 -------- d-----w c:\program files\Azureus
2009-05-15 08:27 . 2007-10-27 09:23 -------- d-----w c:\progra~2\NVIDIA
2009-05-13 23:42 . 2007-10-30 01:50 -------- d-----w c:\progra~2\Microsoft Help
2009-05-13 23:39 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-13 02:55 . 2009-02-03 23:28 -------- d-----w c:\progra~2\DriverScanner
2009-05-06 00:11 . 2008-06-06 10:48 -------- d-----w c:\program files\Join ME
2009-05-02 05:38 . 2007-10-27 01:45 99816 ----a-w c:\users\Kelly\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 06:59 . 2007-10-26 08:14 99816 ----a-w c:\users\Robbie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 06:38 . 2007-10-30 01:54 -------- d-----w c:\program files\Microsoft Works
2009-04-26 13:28 . 2009-04-26 13:28 -------- d-----w c:\users\Robbie\AppData\Roaming\Joost
2009-04-26 13:27 . 2008-07-29 11:49 -------- d-----w c:\program files\Joost
2009-04-21 14:20 . 2009-04-21 14:20 14311680 ----a-w c:\windows\system32\xlive.dll
2009-04-21 14:20 . 2009-04-21 14:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll
2009-04-16 02:19 . 2009-04-16 02:19 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-04-16 02:19 . 2007-11-18 09:33 -------- d-----w c:\program files\Windows Live
2009-04-16 02:18 . 2009-04-16 02:18 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-16 02:17 . 2009-04-16 02:17 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-16 02:16 . 2009-02-03 21:43 -------- d-----w c:\program files\Microsoft
2009-04-16 02:16 . 2009-04-16 02:16 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-16 01:29 . 2009-04-16 01:29 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-11 05:19 . 2007-11-11 07:19 -------- d-----w c:\program files\Norton 360
2009-04-09 03:13 . 2008-09-25 12:01 -------- d-----w c:\program files\ActivIcons
2009-04-05 08:51 . 2008-12-09 01:13 1356 ----a-w c:\users\Robbie\AppData\Local\d3d9caps.dat
2009-03-17 03:38 . 2009-04-15 01:33 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 01:33 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-08 18:19 . 2008-12-15 07:19 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-03-27 23:12 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-27 23:12 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-27 23:12 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-27 23:12 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-27 23:12 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-27 23:12 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-27 23:12 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-27 23:12 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-27 23:12 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-27 23:12 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-27 23:12 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-27 23:12 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-27 23:12 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-27 23:12 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-27 23:12 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-27 23:12 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-27 23:12 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-27 23:12 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-15 01:33 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 01:33 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 01:33 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 01:33 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 01:33 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 01:33 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 01:33 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 01:33 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 01:33 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 01:33 17408 ----a-w c:\windows\system32\iashost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2008-01-28 02:47 1555480 ----a-w c:\program files\The_Pirate_Bay\tbThe_.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-06-24 132392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Uniblue SpyEraser"="c:\program files\Uniblue1\SpyEraser\SpyEraser.exe" [2007-08-15 1269000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 223984]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-26 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-26 6707744]
"QuickTime Task"="c:\program files\VistaCodecPack\QT\QTTask.exe" [2008-01-31 385024]
"PKR Pal"="c:\users\Robbie\Desktop\Games\PKR\pkrpal.exe" [2009-05-25 2296936]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Device Detector"="c:\program files\Common Files\ACD Systems\EN\DevDetect.exe" [2004-09-02 221184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"UFaster"="c:\program files\UFaster\UFaster.exe" [2008-10-27 1465344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-15 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-30 75048]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-07 2221352]

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:48 am

c:\users\Robbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3739652879-568182252-1516034588-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{9D3DABCF-6CC1-4D9B-9A29-720C75C0D40E}c:\\users\\robbie\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\robbie\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{841506D0-9554-47F3-9A7C-9B43F64358CA}c:\\users\\robbie\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\robbie\program files\utorrent\utorrent.exe:utorrent.exe
"{35C8F6C9-F023-4ADF-B242-9C55AACFE6DF}"= UDP:c:\users\Robbie\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A748A025-CCDC-495A-B96E-405ED6A66D8A}"= TCP:c:\users\Robbie\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{0519E261-F088-4415-9FAE-7861DF011138}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{303A74E3-A255-4BBD-8802-7C4749604B06}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{83265AC3-5307-4CA7-90A4-581CD9690B5E}c:\\users\\robbie\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\robbie\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{592BA6EA-6EF9-42B7-BB4A-3331404E45E8}c:\\users\\robbie\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\robbie\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{8E17418D-C012-4DE8-B61F-D511E6A6BFB6}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"UDP Query User{60652446-D937-487A-B4BE-5ED9C239FE8B}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"TCP Query User{CE5E9146-0FAF-4632-B6E9-52B5541A5336}c:\\program files\\codwaw-kaos\\codwaw.exe"= UDP:c:\program files\codwaw-kaos\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{270B4E5A-D84D-415B-B52F-315B2B6E2C81}c:\\program files\\codwaw-kaos\\codwaw.exe"= TCP:c:\program files\codwaw-kaos\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"{A8D5856F-BEF6-44FC-8D07-BD2F3DDEEFE3}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{E7952FB7-3057-419F-8DE9-BE90C51C35D4}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{3B39ACF3-C757-4737-942C-6509380DC8E0}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{BB6A2F45-202F-47CC-907B-F0AFD834A2A5}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"TCP Query User{E2BE898B-12FC-4383-BA4B-0FBC3C154AA3}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{D4C0D9FB-8E63-4361-AB50-49FEB7B3E031}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{49F5EB73-0B7F-457C-9608-E9DD8761E615}"= UDP:c:\windows\System32\ftp.exe:FileTransferProtocol
"{B1045D21-4F5D-47D9-BB98-DA966FAE8778}"= TCP:c:\windows\System32\ftp.exe:FileTransferProtocol
"TCP Query User{ED4FA026-BBE2-495D-B273-8B94B2EFFE33}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox
"UDP Query User{F1EE2115-67B0-4DC3-8B13-65C0A91F5AA6}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox
"{0CE2C2BB-050D-4956-A151-C9D5CFD606EA}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{FD20AA6F-553B-41EA-8095-BAA3FC6451DF}"= c:\program files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:CyberLink PowerDVD 9.0
"{C3867558-6D54-4FAA-AB6C-89B72A270F3E}"= c:\program files\CyberLink\PowerDVD9\PowerDVD9.EXE:CyberLink PowerDVD 9.0
"TCP Query User{26337655-55C8-49A1-B730-9335AEACA889}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{77B403F8-1FCA-4019-8808-B25A651529E7}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{B4F9E829-2ED2-45EE-AA46-5E1233F26B16}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{8D650ABB-41E5-4E8C-86A5-CF77D2DDC5AA}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{3D570078-A537-4215-9D9C-A2207AEDFAEA}c:\\users\\robbie\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\robbie\appdata\local\temp\onlineupdate8\setupxu.exe:Nero Installer
"UDP Query User{C6C35DAB-A9B1-4280-9339-0ECB8334B270}c:\\users\\robbie\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\robbie\appdata\local\temp\onlineupdate8\setupxu.exe:Nero Installer
"TCP Query User{C0BD4ADA-B8D8-41CF-9C9B-75902126B2A0}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{FCD2D577-A957-44D4-A22C-C137028D13C8}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{FF5970F1-347C-4456-B262-DE742EB089AD}c:\\users\\kelly\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\kelly\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{B60C31FC-DECF-458C-B168-6722E8CF7179}c:\\users\\kelly\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\kelly\program files\utorrent\utorrent.exe:utorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [9/02/2009 7:46 AM 17920]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\Definitions\SymcData\ipsdefs\20090520.001\IDSvix86.sys [21/05/2009 9:54 PM 272432]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/17 14:45];c:\program files\CyberLink\PowerDVD9\000.fcl [30/03/2009 5:53 PM 87536]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 4:50 PM 30312]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 8:37 PM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [28/02/2009 5:09 PM 101936]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [22/09/2008 10:20 AM 43520]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 10:31 AM 41008]
S2 gupdate1c9bd81f2468201;Google Update Service (gupdate1c9bd81f2468201);c:\program files\Google\Update\GoogleUpdate.exe [15/04/2009 2:23 PM 133104]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [13/01/2008 3:32 AM 23888]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [16/04/2009 12:19 PM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 6:08 PM 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [8/01/2009 7:51 PM 33752]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 9:31 PM 29263712]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-15 04:21]

2009-05-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 04:23]

2009-03-04 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-02-04 21:23]

2009-05-28 c:\windows\Tasks\User_Feed_Synchronization-{37A40C4A-7D14-4926-A4F3-517C5037DEBD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-27 11:31]

2009-05-28 c:\windows\Tasks\User_Feed_Synchronization-{5842B63F-9EE7-463E-9604-F3403BF33423}.job
- c:\windows\system32\msfeedssync.exe [2009-03-27 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
SafeBoot-procexp90.Sys

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:49 am

.
------- Supplementary Scan -------
.
uStart Page = hxxp://au.yahoo.com/
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://au.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: {00000005-0007-0000-0000-100011000004} - hxxp://c.imputati.com/l/defbc968c42946502eb6675ef41744c0_35.exe
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://66.98.196.24/DGTx.CAB
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\trlurjdm.default\
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/
FF - component: c:\program files\Mozilla Firefox 3 Beta 5\components\coFFPlgn.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 21:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3739652879-568182252-1516034588-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F070DAD-EABA-9919-E257-825840B6C1A6}*]
"bbmpceojlonabniifakjckamejlkmfgcmnng"=hex:61,62,62,64,70,68,65,70,6c,70,6c,6a,
70,62,6e,6e,65,67,62,65,6a,65,67,6d,65,6d,68,66,6d,69,67,61,64,68,00,62
"abmpceojlonabniifajjhjbaapcbfmemmo"=hex:62,62,6d,67,63,62,67,64,64,6a,68,70,
66,70,69,68,6e,61,68,6f,68,66,6d,65,63,6d,6c,6c,6d,6e,65,62,70,6c,67,62,00,\

[HKEY_USERS\S-1-5-21-3739652879-568182252-1516034588-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:76,65,77,b6,24,31,ea,cd,1d,a0,88,40,b5,ff,79,3c,17,2a,f4,36,93,18,52,
3d,9a,ca,2b,0d,00,04,d3,2a,b3,66,6c,7a,7c,4c,1f,d7,dc,c9,9d,bc,4b,72,52,9a,\
"??"=hex:1e,fe,d3,ea,11,ca,c0,6b,f9,11,36,71,ee,56,33,52

[HKEY_USERS\S-1-5-21-3739652879-568182252-1516034588-1000\Software\SecuROM\License information*]
"datasecu"=hex:47,1e,d4,6f,7e,5e,c3,db,aa,b4,f7,fd,74,28,05,d4,43,3c,93,6f,bb,
ae,d5,0c,b9,ed,2c,5e,cf,79,d7,fd,a3,0d,66,ed,d9,ff,13,09,83,a8,cf,43,8e,d4,\
"rkeysecu"=hex:67,b3,24,46,33,63,1b,8a,29,76,48,15,92,5e,60,99

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:49 am

.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-05-28 21:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-28 11:30

Pre-Run: 21,472,239,616 bytes free
Post-Run: 21,653,000,192 bytes free

966 --- E O F --- 2009-05-27 10:35

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:59 am

I cant get over how much shit i have on this computer have all the malware's gone?

Re: WinBlueSoft crap Virus Need help!!!!29th May 2009, 3:12 pm

Nope, not all of it.

Open HijackThis.
When Hijack This opens, click "Open the Misc Tools section"
Then select "Open Uninstall Manager"
Click on "Save List..." (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Re: WinBlueSoft crap Virus Need help!!!!31st May 2009, 10:10 am

18 Wheels of Steel: American Long Haul
3D Ultra Minigolf Adventures
ACDSee for PENTAX 2.0
Acrobat.com
Acrobat.com
ActivIcons version 3.37
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1.1
Adobe Shockwave Player
AppCore
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 7.32
Ashampoo Internet Accelerator 2.10
Ashampoo WinOptimizer 5.04
Azureus Vuze
Backup
Bonjour
Bubble Bobble Gold Edition
Business Contact Manager for Outlook 2007 SP2
Business Contact Manager for Outlook 2007 SP2
CA Yahoo! Anti-Spy (remove only)
Canon MP Navigator 2.0
Canon MP500
ccCommon
CD-LabelPrint
Choice Guard
Crazy Taxi
Crysis(R)
CSI-Hard Evidence
CyberLink PowerDVD 9
CyberLink PowerDVD 9
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Drive Manager
Drive Manager
DriverGuide Toolkit
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EA Download Manager
EA SPORTS online 2008
EA SPORTS(TM) Cricket 07
EA SPORTS

Rugby 08
Easy-WebPrint
FIFA 09
Full Tilt Poker
Full Tilt Poker.Org
GameShadow
GameSpot Download Manager
GameSpy Arcade
GearDrvs
GearDrvs
getPlus(R) for Adobe
Google Earth
Google Update Helper
Google Updater
Grand Theft Auto IV
HijackThis 2.0.2
Holdem Genius v1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
John Deere American Farmer Deluxe
Join ME
Joost (tm) Beta 1.1.4
Junk Mail filter update
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Easy Assist v2
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Monopoly 3 (remove only)
Mozilla Firefox (3.0.10)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nero 8
neroxml
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
NVIDIA Drivers
NVIDIA PhysX
NVIDIA WDM Drivers
OGA Notifier 1.7.0105.35.0
OpenAL
OpenOffice.org Installer 1.0
PC DUAL SHOCK
PKR
PKRCasino
Poker Superstars II
PowerISO
PunkBuster Services
QuickTime
Race Driver 3
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Rockstar Games Social Club
Safari
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
SPBBC 32bit
Spelling Dictionaries Support For Adobe Reader 9
Sproink (remove only)
SSH2 Spider
Steam
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
System Requirements Lab
Texas Holdem (remove only)
Texas Hold'em Poker 3D - Deluxe Edition 1.0
The_Pirate_Bay Toolbar
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009
Uniblue PowerSuite
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009
Uniblue SpeedUpMyPC 2009
Uniblue SpeedUpMyPC 2009
Uniblue SpyEraser
UnZixWin Extractor
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Outlook 2007 Junk Email Filter (kb968503)
UseNeXT
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
VIA Platform Device Manager
VIA Rhine Family Fast Ethernet Adapter
Vista Codec Package
Win AVI HelixSDK
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinFast(R) Display Driver
WinRAR archiver
XBCD 1.07
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo!7 Toolbar

WinBlueSoft crap Virus Need help!!!!

descriptionWinBlueSoft crap Virus Need help!!!!25th May 2009, 7:19 am

descriptionRe: WinBlueSoft crap Virus Need help!!!!25th May 2009, 7:22 am

descriptionRe: WinBlueSoft crap Virus Need help!!!!25th May 2009, 7:12 pm

descriptionRe: WinBlueSoft crap Virus Need help!!!!26th May 2009, 12:33 am

descriptionRe: WinBlueSoft crap Virus Need help!!!!27th May 2009, 12:18 am

descriptionRe: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:43 am

descriptionRe: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:45 am

descriptionRe: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:46 am

descriptionRe: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:47 am

descriptionRe: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:48 am

descriptionRe: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:49 am

descriptionRe: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:49 am

descriptionRe: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:59 am

descriptionRe: WinBlueSoft crap Virus Need help!!!!29th May 2009, 3:12 pm

descriptionRe: WinBlueSoft crap Virus Need help!!!!31st May 2009, 10:10 am

descriptionRe: WinBlueSoft crap Virus Need help!!!!

WinBlueSoft crap Virus Need help!!!!25th May 2009, 7:19 am

Re: WinBlueSoft crap Virus Need help!!!!25th May 2009, 7:22 am

Re: WinBlueSoft crap Virus Need help!!!!25th May 2009, 7:12 pm

Re: WinBlueSoft crap Virus Need help!!!!26th May 2009, 12:33 am

Re: WinBlueSoft crap Virus Need help!!!!27th May 2009, 12:18 am

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:43 am

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:45 am

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:46 am

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:47 am

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:48 am

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:49 am

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:49 am

Re: WinBlueSoft crap Virus Need help!!!!28th May 2009, 11:59 am

Re: WinBlueSoft crap Virus Need help!!!!29th May 2009, 3:12 pm

Re: WinBlueSoft crap Virus Need help!!!!31st May 2009, 10:10 am

Re: WinBlueSoft crap Virus Need help!!!!