WiredWX Hobby Weather ToolsLog in

 


I've been infected with Winbluesoft

4 posters

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
Here's the combofix log:

ComboFix 09-05-31.06 - Pete 06/01/2009 10:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.625 [GMT -5:00]
Running from: c:\documents and settings\Pete\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\windows\10216not5a9vzrus345.ocx
c:\windows\1029no5-a-virus5bz.cpl
c:\windows\10334hzc9tooled5.dll
c:\windows\104095zy492.exe
c:\windows\105939roj2z7.exe
c:\windows\1059b5ckdoor67z.exe
c:\windows\10805ot-a-9irus4zd.ocx
c:\windows\10ebspz59re1333.exe
c:\windows\10z5s59al858.bin
c:\windows\10z969py19e5.cpl
c:\windows\1147spy5are2z639.exe
c:\windows\11599viruz7.ocx
c:\windows\1170b5zkdoor9599.bin
c:\windows\118959zoj520.ocx
c:\windows\118cspa5sz219.cpl
c:\windows\11938hacktzol795.bin
c:\windows\11956vizus7a15.dll
c:\windows\11f15pyware229z.exe
c:\windows\125119pz7205.cpl
c:\windows\12599trojz29.ocx
c:\windows\126925pambot73z.bin
c:\windows\129eadd5arz600.dll
c:\windows\12d7down9zad5r3176.ocx
c:\windows\12z75hackto9l193.bin
c:\windows\131865zrm2d9.dll
c:\windows\135cszyware491.dll
c:\windows\135z0ha59tool7c5.ocx
c:\windows\13757wormz92.bin
c:\windows\139539pambzt2e8.dll
c:\windows\139569roz76d.dll
c:\windows\13z92t5oj381.bin
c:\windows\140099pambotz5f.cpl
c:\windows\14051ha9ktzol2c.exe
c:\windows\14499hacktool2b5z.bin
c:\windows\1449z5orm784.exe
c:\windows\1476z5irus917.bin
c:\windows\1488zno9-a-vi5us39c.bin
c:\windows\14950spazb5t56a.ocx
c:\windows\1497zpambot588.bin
c:\windows\14a95ir22z3.exe
c:\windows\14z735py99a.bin
c:\windows\15079troj6bz.bin
c:\windows\15238virus99z.ocx
c:\windows\15261worz9d5.exe
c:\windows\1528zvi5us93d.bin
c:\windows\1529thzeat9922.bin
c:\windows\153369zrm684.cpl
c:\windows\15392not-a5viruszbd.cpl
c:\windows\15392worm42z9.cpl
c:\windows\15453sp94d6z.cpl
c:\windows\15589not-a-5iru9589z.bin
c:\windows\1582vzr15759.bin
c:\windows\159bdownlo9derz251.bin
c:\windows\159bs9arse47z.bin
c:\windows\15c5szarse1919.exe
c:\windows\16394hackt95l21cz.bin
c:\windows\164z6n95-a-virus69c.exe
c:\windows\166065zrm192.cpl
c:\windows\16839vi5zs594.dll
c:\windows\1697zvirus145.exe
c:\windows\17095hazkt5ol2dc.ocx
c:\windows\17152viruzd9.exe
c:\windows\17259zpambot5a9.ocx
c:\windows\17442s5a9bzt44b.dll
c:\windows\17730szam9o54bc.exe
c:\windows\17869hreat25z29.dll
c:\windows\178bt9reaz16415.dll
c:\windows\17e6add95ze2128.ocx
c:\windows\18085virz929f.dll
c:\windows\181999p5z9d.exe
c:\windows\18506not-z-9irus70f.bin
c:\windows\18650s5azb9t70f.cpl
c:\windows\18675v5ru9zd6.ocx
c:\windows\189125rzj9a1.dll
c:\windows\18caback9ozr2455.ocx
c:\windows\1905thi9z7.cpl
c:\windows\19095virz55a3.cpl
c:\windows\19295roj3zb.bin
c:\windows\193a5pzware2425.bin
c:\windows\1941zorm4519.exe
c:\windows\19519zp9mbot8f.exe
c:\windows\1965zackt9ol4d8.dll
c:\windows\1967doznlo5der2810.bin
c:\windows\196cbackdoz51987.exe
c:\windows\1983zor5194.exe
c:\windows\19891noz-a-virus1af5.cpl
c:\windows\198z59r380.bin
c:\windows\19979zot-a-v5rus1a7.bin
c:\windows\1997zvirus35b.bin
c:\windows\19dcaddwzre54639.bin
c:\windows\1a87s9zrs542.dll
c:\windows\1c72th5ezt20959.ocx
c:\windows\1c95stzal103.cpl
c:\windows\1cc3adz5are9312.bin
c:\windows\1d5c9hief2643z.ocx
c:\windows\1d6fsparze985.dll
c:\windows\1db05i9295z.exe
c:\windows\1dd69hief1522z.ocx
c:\windows\1e8do5nloadez14369.dll
c:\windows\1f56vir8z19.bin
c:\windows\1ff3d5wnloadzr2429.ocx
c:\windows\1ffezt5a92202.ocx
c:\windows\1z0dspars912045.dll
c:\windows\1z1e9teal1455.exe
c:\windows\1z322s95a.exe
c:\windows\1z470vi5us9ea.bin
c:\windows\1z545s95450.ocx
c:\windows\1z7699orm65c.exe
c:\windows\1z82795rus527.ocx
c:\windows\1z93n9t-a-v5rus489.bin
c:\windows\1za5addware19899.exe
c:\windows\200955orz3889.exe
c:\windows\201329ot-a-5irus4f9z.exe
c:\windows\202239irus7z5.dll
c:\windows\2034spzwa9e2056.ocx
c:\windows\209819izus35e.ocx
c:\windows\209csparse199z5.cpl
c:\windows\209z7worm556.dll
c:\windows\20f9downloaderz885.cpl
c:\windows\20z68not-a-9iru5167.ocx
c:\windows\20zcspars59519.cpl
c:\windows\210385zcktool359.dll
c:\windows\21155zi5us259.bin
c:\windows\214015orz6569.ocx
c:\windows\216z9t5oj5b6.cpl
c:\windows\217znot-a-v5r9s734.exe
c:\windows\219bthrezt198195.cpl
c:\windows\21z5spy9are1846.cpl
c:\windows\21z75wo9539a.ocx
c:\windows\22047spzmb9t4255.cpl
c:\windows\2205sparze2139.exe
c:\windows\222fstea59352z.dll
c:\windows\223spaz5e1999.dll
c:\windows\2244azdw5re13599.cpl
c:\windows\22699not9a-vzr5s193.ocx
c:\windows\22758hzc5tool599.cpl
c:\windows\22758t5oj9ez.dll
c:\windows\22805haz9toolce.bin
c:\windows\23251zr5j994.bin
c:\windows\23471zor965b.bin
c:\windows\235dsparse952z.ocx
c:\windows\23705pazbot9c.ocx
c:\windows\23759yware18z2.bin
c:\windows\2390znot-a-viru52d.dll
c:\windows\23dcspaz5e659.dll
c:\windows\2416zhr9at5995.dll
c:\windows\24257spa95ot2zf.dll
c:\windows\24344zor9756.ocx
c:\windows\24407szy79d5.exe
c:\windows\24599notz5-virus4da.dll
c:\windows\246bbackdoo9z9265.ocx
c:\windows\247z9vir5s598.bin
c:\windows\24845v9rus2z15.ocx
c:\windows\24870s5ambo976z.exe
c:\windows\24998hacktzol51f5.cpl
c:\windows\24b9threaz59380.exe
c:\windows\25052not-9-5irusza2.ocx
c:\windows\25098hacktool39cz.cpl
c:\windows\250z1hacktool596.ocx
c:\windows\25160vir9s5zb.dll
c:\windows\25336trz53d69.ocx
c:\windows\25399zpy2b1.cpl
c:\windows\2539zspy3b7.exe
c:\windows\253cback9oor5z45.exe
c:\windows\253zbackdoor9665.ocx
c:\windows\2540zwor945f5.bin
c:\windows\2546szyware9921.cpl
c:\windows\25475h9cktooz15.bin
c:\windows\25560sp9mbot76z.exe
c:\windows\255789py1bbz.dll
c:\windows\25594worm3z59.dll
c:\windows\2559spy9a5e21z2.bin
c:\windows\25869pywa5e734z.ocx
c:\windows\25956wo9z156.dll
c:\windows\2596z5r9j477.dll

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
c:\windows\2596zir6595.dll
c:\windows\259fzir9316.bin
c:\windows\259spamb5z69b.exe
c:\windows\25aadownzoad5r839.exe
c:\windows\25z89vi5us679.dll
c:\windows\26210ha9kzo5l1f.exe
c:\windows\2625sparse1297z.bin
c:\windows\263z69a5ktool4a6.dll
c:\windows\26459hazktool9d5.dll
c:\windows\26531szambo95ec.dll
c:\windows\26622spamz9t33a5.ocx
c:\windows\2695dz59loader1721.cpl
c:\windows\26985s5ambot7z6.dll
c:\windows\2698backdz5r1961.ocx
c:\windows\270015rojz49.exe
c:\windows\27268spzmb9t5d5.ocx
c:\windows\2750backdo9r2584z.exe
c:\windows\2753zw9rm1e1.cpl
c:\windows\275fzddware15939.dll
c:\windows\2795bazkdoor1297.bin
c:\windows\27b5spy9zre3035.ocx
c:\windows\27edbac9zoor350.exe
c:\windows\27f5zp95se1715.exe
c:\windows\27z59o5m7cb.cpl
c:\windows\2821tzoj9a55.dll
c:\windows\28419orm25z.bin
c:\windows\28850troz699.exe
c:\windows\288czpy9are1549.bin
c:\windows\28z91spam5ot3e9.dll
c:\windows\29014wzrm1c59.ocx
c:\windows\2908sp93fz5.ocx
c:\windows\2916095z-a-virus468.ocx
c:\windows\29190v5zus184.bin
c:\windows\29199noz-a-v5rus4fa.cpl
c:\windows\29236spazbo9665.exe
c:\windows\293ste5l9z9.dll
c:\windows\29491spy57dz.ocx
c:\windows\29499wozm1b95.cpl
c:\windows\2952thiez9065.exe
c:\windows\29559szambot956.cpl
c:\windows\2955spywzr5569.dll
c:\windows\295ddownzoader9321.ocx
c:\windows\29620zpy550.dll
c:\windows\29678v9z5s53f.bin
c:\windows\297at5izf3039.cpl
c:\windows\299165pz4e9.ocx
c:\windows\29979z5am9ot29c.cpl
c:\windows\29e3downloade5z409.ocx
c:\windows\29z05sp9159.ocx
c:\windows\29z57h5cktool64e.ocx
c:\windows\2bz0backdo5r25779.ocx
c:\windows\2c2abazk59or3150.ocx
c:\windows\2d1baczdoo99735.cpl
c:\windows\2z03s9ambot605.ocx
c:\windows\2z076not-a-vi5us39e.ocx
c:\windows\2z155parse21129.ocx
c:\windows\2z2a5pyware9149.bin
c:\windows\2z38addwa95684.bin
c:\windows\2z505w9rm7f7.exe
c:\windows\2z6319irus85.cpl
c:\windows\2z651hackt5o9261.bin
c:\windows\2z67st9al2625.cpl
c:\windows\2z95virus59.exe
c:\windows\2z965hief2605.cpl
c:\windows\2zf9vir4205.cpl
c:\windows\301v5z1897.ocx
c:\windows\302z3v5rus7969.ocx
c:\windows\302z95irus4d.cpl
c:\windows\30394zo5956e.cpl
c:\windows\3056thi9z109.dll
c:\windows\30a8spa5ze2988.dll
c:\windows\30ha95tzol2e6.bin
c:\windows\30z49s5y90.ocx
c:\windows\30z76troj4945.dll
c:\windows\30zft95ef2880.bin
c:\windows\31008not5a-viruz944.dll
c:\windows\3135th9efz231.exe
c:\windows\31755pzwar91546.cpl
c:\windows\31a7ste9l57z.dll
c:\windows\31ezth5eat19904.bin
c:\windows\32099viruz25.exe
c:\windows\323z5hack9ool2f5.cpl
c:\windows\323z9hackto5l55c.bin
c:\windows\3245zspambo56f79.cpl
c:\windows\32749troz755.dll
c:\windows\3412w95m50z.bin
c:\windows\3416zpa9bot225.exe
c:\windows\349zv5rus9ba.bin
c:\windows\350adown95zder3235.exe
c:\windows\3535addzare953.ocx
c:\windows\3539spz9bot5af.ocx
c:\windows\353h5ckzool67c9.cpl
c:\windows\3545v9r671z.cpl
c:\windows\354baddwarez6149.cpl
c:\windows\3565zpy299.ocx
c:\windows\35911zroj1ae.exe
c:\windows\3595zackdo9r545.exe
c:\windows\3599zi91992.ocx
c:\windows\35fzteal9047.cpl
c:\windows\361et9reat51764z.cpl
c:\windows\3639addware57z.ocx
c:\windows\3664v5r90z0.cpl
c:\windows\369zspy15f.dll
c:\windows\36fthr9zt23854.exe
c:\windows\36zath9ef451.cpl
c:\windows\379ftz5eat29468.exe
c:\windows\387cszars52494.dll
c:\windows\3919vizu5768.dll
c:\windows\39441s5z13a.dll
c:\windows\3974zparse1695.bin
c:\windows\398zspyw9r598.ocx
c:\windows\39c5szarse30575.dll
c:\windows\39z3tro549d.ocx
c:\windows\3a3z9ir435.ocx
c:\windows\3a8fdzwnload5r691.bin
c:\windows\3b9ct5reaz6500.bin
c:\windows\3badzte9l685.dll
c:\windows\3bstzal18659.cpl
c:\windows\3c99zddware1265.cpl
c:\windows\3d11v5z9209.dll
c:\windows\3d79spazse5615.ocx
c:\windows\3d9t5iefz8579.dll
c:\windows\3e5dt5iez359.dll
c:\windows\3e6b9ckd5orz699.ocx
c:\windows\3fb6zteal5419.bin
c:\windows\3z0535r9j5d6.dll
c:\windows\3z05b5ckdoo91583.dll
c:\windows\3z070troj594.exe
c:\windows\3z106hacktoo519b.cpl
c:\windows\3z22downloader9895.cpl
c:\windows\3z51059cktool672.exe
c:\windows\3z545troj4e09.bin
c:\windows\3zb6spyware5191.dll
c:\windows\3zbdv5r32759.exe
c:\windows\4065viz5s729.bin
c:\windows\40755py9zb.dll
c:\windows\40z6spa59e2254.dll
c:\windows\4104virzs595.dll
c:\windows\4177hackzool935.dll
c:\windows\41z5sparse649.bin
c:\windows\41z7add59re2627.cpl
c:\windows\4284a59zare2447.exe
c:\windows\43a9spaz5e1242.cpl
c:\windows\4438steal9z5.ocx
c:\windows\44539hiefz361.ocx
c:\windows\44625hief9z35.ocx
c:\windows\4498addware1518z.cpl
c:\windows\45209ackdoor1z75.dll
c:\windows\4539zi9698.cpl
c:\windows\45975zr2135.dll
c:\windows\45b9bzckd9or2403.cpl
c:\windows\45bczddware26695.bin
c:\windows\45c9parz5112.dll
c:\windows\45f19teaz2.ocx
c:\windows\45z9ste592399.exe
c:\windows\46235z9ef502.exe
c:\windows\4659thief1659z.ocx
c:\windows\4673downloadez2955.cpl
c:\windows\469evi52z9.dll
c:\windows\473bdownlzader19885.bin
c:\windows\485fthreat22z599.bin
c:\windows\48zackt9ol551.exe
c:\windows\4955vi9uz715.dll
c:\windows\495dthreat5031z.bin
c:\windows\495zsteal1050.ocx
c:\windows\49a9spyware452z.cpl
c:\windows\49d65parse909z.cpl
c:\windows\49dcthiez553.exe
c:\windows\49f6downloa9erz505.cpl
c:\windows\49z6spambo512a.exe
c:\windows\4a0dthi5f11z9.exe
c:\windows\4a54virz8985.cpl
c:\windows\4abd9p5rsz1185.exe
c:\windows\4ac9addware201z5.dll
c:\windows\4b85zief9795.exe
c:\windows\4b9fzhief1657.dll
c:\windows\4bfdd5wnloade91z42.exe
c:\windows\4c09zhreat5525.ocx
c:\windows\4d73bac59ozr927.exe
c:\windows\4e6fspzrse92585.ocx
c:\windows\4e89thief16z5.exe
c:\windows\4ea8spzrs9565.cpl
c:\windows\4efzaddwa9e485.cpl
c:\windows\4f2fzackdo951756.bin
c:\windows\4f49pa5sz404.dll
c:\windows\4z21spy39c5.cpl
c:\windows\4z53sparse19049.cpl
c:\windows\4z5thief1191.exe
c:\windows\4z68backd59r2065.ocx
c:\windows\4z785pyware9189.cpl
c:\windows\4ze9thi5f453.exe
c:\windows\500n59za-virusc3.exe
c:\windows\5018spam9ot592z.bin
c:\windows\5025tzie955.exe
c:\windows\5045downlz9der1495.cpl
c:\windows\50a7ba9kdoor952z.exe
c:\windows\50bc9ownl5adzr3055.ocx
c:\windows\50c69ir1876z.exe
c:\windows\50e4sz5war9263.ocx
c:\windows\5117spazse379.cpl
c:\windows\5118virz9d7.ocx
c:\windows\51498vir9sz34.bin
c:\windows\515z1spam9ot7a9.bin
c:\windows\516ebackdoo9z295.exe
c:\windows\5192worm95z.bin
c:\windows\5195zspambot379.ocx
c:\windows\5199zt5al2028.ocx
c:\windows\52352wo9m5z1.bin
c:\windows\5239back5zor1940.bin
c:\windows\52624zpambo9110.bin
c:\windows\5265st9al5z5.bin
c:\windows\5275sp9zad.bin
c:\windows\527downloa9zr1568.bin
c:\windows\529athrzat51242.bin
c:\windows\52b2s9yware2z49.bin
c:\windows\52f1steal199z.ocx
c:\windows\53d8bac5doorz794.exe
c:\windows\5409b5ckdoor2999z.dll
c:\windows\5412st5az9956.cpl
c:\windows\5416szar9e314.ocx
c:\windows\5423h5ckzool56f9.dll
c:\windows\546459roj5f1z.exe
c:\windows\5494viruz1e1.bin
c:\windows\54954virus7z5.ocx
c:\windows\54c9addwzre1984.ocx
c:\windows\55169zrus1a4.dll
c:\windows\5540b9ckdoor1z70.cpl
c:\windows\55452szy6f9.dll
c:\windows\554ebaczdoor892.cpl
c:\windows\5555w9rz1c7.exe
c:\windows\5559sp55az.exe
c:\windows\555cbazkdoor9015.ocx
c:\windows\556az9ea51226.ocx
c:\windows\5572s59z2.exe

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
c:\windows\5595spz74b.cpl
c:\windows\55c8zpy5are31709.ocx
c:\windows\55eazir914.cpl
c:\windows\55f1do5zload9r2487.dll
c:\windows\55f2virz9629.ocx
c:\windows\55f39teaz2482.ocx
c:\windows\55fzv9r1556.bin
c:\windows\55z0a9dware1335.cpl
c:\windows\562z2spy509.dll
c:\windows\56385zi9f2643.dll
c:\windows\56870wormz029.cpl
c:\windows\56915py3z3.ocx
c:\windows\56971not-a-viruz582.bin
c:\windows\56a1dowzloa9er13085.cpl
c:\windows\56zbsparse15209.dll
c:\windows\573499zrm227.exe
c:\windows\5734troj968z.ocx
c:\windows\573zirus39c9.dll
c:\windows\57819roj2z.exe
c:\windows\5786backdo9r1z81.cpl
c:\windows\57ca9ownloaderz42.cpl
c:\windows\57e4download9z1476.dll
c:\windows\581zbackdoo5590.dll
c:\windows\58455ha9ktooz40c.bin
c:\windows\5851spy989z.ocx
c:\windows\58755spam9oz296.cpl
c:\windows\5896zspy99e.bin
c:\windows\58azspywa95773.ocx
c:\windows\58c5downl9adzr65.cpl
c:\windows\58d4thiz936.dll
c:\windows\58fs9zrse960.dll
c:\windows\5901downloaderz9135.bin
c:\windows\5913vzr39625.bin
c:\windows\59321not-a-vzrus9d4.dll
c:\windows\5944vi5zs4e7.cpl
c:\windows\5952backdoor2z30.exe
c:\windows\5952virus6z7.exe
c:\windows\59557wormz6d9.bin
c:\windows\5956not9a-viruz355.ocx
c:\windows\595ha9kzool1d7.exe
c:\windows\5975tzreat26755.dll
c:\windows\5995vir2z14.dll
c:\windows\59a5addwzre1050.dll
c:\windows\59abspywzre2595.exe
c:\windows\59cbvir15z1.dll
c:\windows\59estzal1255.dll
c:\windows\59z8spy7b5.exe
c:\windows\5a56t9iefz946.ocx
c:\windows\5aa29ddware2z72.ocx
c:\windows\5b15doznload9r318.ocx
c:\windows\5b2fd9znloader2753.dll
c:\windows\5bc5thi9f3155z.cpl
c:\windows\5bcat5rea9297z8.ocx
c:\windows\5bzaad9ware5356.dll
c:\windows\5c17addwarz529.bin
c:\windows\5c1fzownloader57329.dll
c:\windows\5c31spa5se3921z.bin
c:\windows\5c62zpa9se147.exe
c:\windows\5cecback9oor1453z.exe
c:\windows\5d50thz9f1703.cpl
c:\windows\5d53vir1z599.ocx
c:\windows\5d6ev5r9z79.cpl
c:\windows\5e9f9zars51939.ocx
c:\windows\5ed5downlozder3099.bin
c:\windows\5ezdsteal9107.bin
c:\windows\5f23thrzat95789.exe
c:\windows\5f59vir512z.exe
c:\windows\5f5ethi596z.ocx
c:\windows\5f99szeal21105.bin
c:\windows\5faedown9oader2z91.exe
c:\windows\5fdcspyw9rez743.exe
c:\windows\5ff0steaz19719.cpl
c:\windows\5z1d59r836.ocx
c:\windows\5z38vir2297.dll
c:\windows\5z6not-a-vi9u544d.ocx
c:\windows\5z9109py6f4.dll
c:\windows\5z969py77d.bin
c:\windows\5z9ste5l2897.cpl
c:\windows\5zc05pa9se2920.exe
c:\windows\6048wo9m355z.dll
c:\windows\61eddownzoad9r31535.bin
c:\windows\6297zo9m15.dll
c:\windows\63925pzmbot9ad.exe
c:\windows\6450ha5ktz9l388.bin
c:\windows\64c7addwzr94885.exe
c:\windows\650f9hizf3083.dll
c:\windows\6544sp9rs554z.ocx
c:\windows\6576addwar9478z.ocx
c:\windows\658fdownloadzr2229.dll
c:\windows\65cf9irz075.bin
c:\windows\65zddownloader7879.cpl
c:\windows\6627z9r2895.dll
c:\windows\6659addwzre22449.ocx
c:\windows\66ast9zl5122.cpl
c:\windows\66b3viz9635.bin
c:\windows\66b6addz9re945.cpl
c:\windows\6705thief2922z.exe
c:\windows\6707s9ywa5e1941z.bin
c:\windows\6746zo5nlo9der514.ocx
c:\windows\679e9zw5loader1378.dll
c:\windows\67dazh5e91443.cpl
c:\windows\67f2zp9w5re538.dll
c:\windows\67z99te5l2450.bin
c:\windows\6818zr9j46e5.cpl
c:\windows\6855tzief2690.ocx
c:\windows\6924addza5e549.ocx
c:\windows\6957azdware665.exe
c:\windows\696downlozde52674.cpl
c:\windows\696not9azv5rus6ec.ocx
c:\windows\699abackdozr1509.exe
c:\windows\699zs5eal1219.cpl
c:\windows\69c59ow5zoader1559.exe
c:\windows\69e25zr1565.dll
c:\windows\69z4s9ea52190.exe
c:\windows\6b05s9eal158z.ocx
c:\windows\6cathiez2579.ocx
c:\windows\6d13spywa9e27z5.ocx
c:\windows\6d93z5eal83.cpl
c:\windows\6e29th5eat1z856.bin
c:\windows\6e70zpa5s9545.cpl
c:\windows\6e82vir5993z.bin
c:\windows\6eb99iz589.exe
c:\windows\6ed8zddwar5966.bin
c:\windows\6f6zth9e51392.dll
c:\windows\6fczdownloader15895.cpl
c:\windows\6fz9addwar52155.dll
c:\windows\6z8bthreat319325.cpl
c:\windows\7042spy5arz934.bin
c:\windows\70fbzhre9t59268.cpl
c:\windows\70z9vir1535.cpl
c:\windows\716dd5wnlzader13669.bin
c:\windows\718ct5zef24599.bin
c:\windows\71bbspars52z91.bin
c:\windows\71bdbac5dzor499.bin
c:\windows\7265h9ckzoo5319.dll
c:\windows\7494addwar5148z.ocx
c:\windows\7500a9dwa5e25z9.bin
c:\windows\752sz9e3.ocx
c:\windows\7594spyware3z95.dll
c:\windows\759zbackdoor80.cpl
c:\windows\75caadzware1339.cpl
c:\windows\75e5dzwn9o5der2539.exe
c:\windows\75e95ddwzre3166.exe
c:\windows\75zbt9ief1376.dll
c:\windows\75zethie9775.cpl
c:\windows\7659thiz92984.bin
c:\windows\76a5spa5ze9092.ocx
c:\windows\76b995ckzoor29.cpl
c:\windows\774fth9ef2z835.exe
c:\windows\7759stealz395.ocx
c:\windows\77a1stezl5091.bin
c:\windows\77z3thre5t94881.exe
c:\windows\782cz59eat16295.ocx
c:\windows\784959arse15z1.ocx
c:\windows\7850a9dware3z27.bin
c:\windows\78589irz529.cpl
c:\windows\7895vizus9b.bin
c:\windows\790a5ir887z.cpl
c:\windows\791szamb9t158.bin
c:\windows\7924notza-virus5385.cpl
c:\windows\7938steal3z85.bin
c:\windows\7958d9zn5oader340.cpl
c:\windows\795troj5a9z.ocx
c:\windows\79665zt-a-virus299.dll
c:\windows\79779roz3945.exe
c:\windows\7a1bs9eal95z.cpl
c:\windows\7a7z5rea913508.dll
c:\windows\7b1dadd5are95z5.dll
c:\windows\7ba9addzare5505.dll
c:\windows\7d18download9rz1015.bin
c:\windows\7d49t5reat249z3.dll
c:\windows\7d5ethiez2903.dll
c:\windows\7f93addza9e2855.cpl
c:\windows\7fathie5z609.dll
c:\windows\7z25hac5tool190.exe
c:\windows\7z4st9al21895.ocx
c:\windows\7z59addware1069.exe
c:\windows\80z39orm7485.dll
c:\windows\81zw5rm5b9.bin
c:\windows\8205n9t-a5vizus3b4.bin
c:\windows\8335virus965z.dll
c:\windows\8392spy5z5.cpl
c:\windows\8432sp9m5ot5a7z.ocx
c:\windows\8499z95ktool2b8.ocx
c:\windows\8524zot-a-9irus618.exe
c:\windows\8525zpy5ed9.cpl
c:\windows\85499roz432.ocx
c:\windows\855zhreat21919.cpl
c:\windows\8590sz56a2.bin
c:\windows\85dbackdoor2z19.exe
c:\windows\8959spy76z.exe
c:\windows\90488haczt5ol138.cpl
c:\windows\90b9spars55z7.ocx
c:\windows\914zth5eat11492.exe
c:\windows\9167zworm5de.cpl
c:\windows\91755zy229.bin
c:\windows\91967not-a-vi5uz790.dll
c:\windows\91bfbaz5door1943.ocx
c:\windows\923zv59us15e.bin
c:\windows\92623zor5551.bin
c:\windows\92625hazktool4db.bin
c:\windows\9284zspambo542.exe
c:\windows\92dback59or17z9.ocx
c:\windows\92e5downlzader1019.ocx
c:\windows\9318sza9bot565.bin
c:\windows\93300w5rz30d.exe
c:\windows\935espzware24225.exe
c:\windows\939zhrea512771.ocx
c:\windows\93dzdownlo5der1976.cpl
c:\windows\943d5wnloadez9504.cpl
c:\windows\94613w5zm709.dll
c:\windows\948h9cktzol54d.ocx
c:\windows\9495virus434z.exe
c:\windows\94994woz5553.bin
c:\windows\9502trojdz.exe
c:\windows\9515t5iez505.ocx
c:\windows\95160spazbot35.dll
c:\windows\951z5virus51d.ocx
c:\windows\95231spamzot8d.bin
c:\windows\9532notza-virus646.dll
c:\windows\9535thzeat28355.dll
c:\windows\955935ormz.dll
c:\windows\955zpambot7d9.exe
c:\windows\9575virusz929.ocx
c:\windows\9595ezl998.cpl
c:\windows\95b9stea53z33.exe
c:\windows\95fdtzreat275695.cpl
c:\windows\95ffthiez798.bin
c:\windows\9714s59mbzt1c4.ocx
c:\windows\9744spambotz8d5.bin
c:\windows\978a5dw9rz3043.exe
c:\windows\980zw5rm136.cpl
c:\windows\9819sp54baz.exe
c:\windows\983aa5dwarz375.dll
c:\windows\98bth5ef765z.bin
c:\windows\991downloaderz025.cpl
c:\windows\992z5ackdoor3120.bin
c:\windows\993515roz24a.bin
c:\windows\994sp5rsz2099.dll
c:\windows\99667viru52z6.cpl
c:\windows\9980thr5az12154.exe
c:\windows\99dfth5ef925z.dll
c:\windows\99z9s5ambot2ab9.bin
c:\windows\9a5cstezl3170.ocx
c:\windows\9b69a5dware39z.dll
c:\windows\9c0zspywar5323.exe
c:\windows\9c25downzoader754.exe
c:\windows\9c30spywaze19645.cpl
c:\windows\9cc5t5ief192z.bin
c:\windows\9ceavzr2505.cpl
c:\windows\9d4zvir30625.bin
c:\windows\9d5es5eal9z6.bin
c:\windows\9d91threa52736z.exe
c:\windows\9e0bdzwnload5r3033.exe
c:\windows\9e6cdoznloade53235.bin
c:\windows\9e89st5alz144.exe
c:\windows\9z05pyware343.exe
c:\windows\9z3565roj68e.dll
c:\windows\9z7spy21a5.ocx
c:\windows\9z905py628.bin
c:\windows\9zca5dware851.bin
c:\windows\a909hizf55.bin
c:\windows\a95s5zware2248.exe
c:\windows\abthre9t553z2.bin
c:\windows\acfdzwn9oader3051.exe
c:\windows\b98s9eaz4415.cpl
c:\windows\c62dzwnloa5er1459.bin
c:\windows\c8zthie91085.exe
c:\windows\d885hzea922625.dll
c:\windows\e32viz1579.cpl
c:\windows\e8zadd9are5608.bin
c:\windows\e8zthre5t4926.exe
c:\windows\e959h5zf2427.ocx
c:\windows\e9aspywa5e3z41.bin
c:\windows\f0dste9lz55.ocx
c:\windows\f33szyw59e743.exe
c:\windows\ffc95dware3z89.dll
c:\windows\system32\10717spz569.cpl
c:\windows\system32\10951spy492z.dll
c:\windows\system32\1099ztroj9e45.bin
c:\windows\system32\114045acktozl7f69.ocx
c:\windows\system32\11562spambzt149.exe
c:\windows\system32\11584ziru985.ocx
c:\windows\system32\115bspyw5ze15439.exe
c:\windows\system32\11749not-a-v5zu99e.bin
c:\windows\system32\1184z9or569b.dll
c:\windows\system32\11968spazbot25a.cpl
c:\windows\system32\11f9thief589z.dll
c:\windows\system32\11z78hack5ool3fa9.exe
c:\windows\system32\128505azk9ool2d.exe
c:\windows\system32\129119pam5ot143z.dll
c:\windows\system32\12915v5rus6ez.dll
c:\windows\system32\1297zwo9539f.bin
c:\windows\system32\13271hacktooz25b9.exe
c:\windows\system32\13379wo5m6z8.ocx
c:\windows\system32\13500sp93b5z.exe
c:\windows\system32\13519tr5jz9.ocx
c:\windows\system32\137965pambotzbc.cpl
c:\windows\system32\13989not5z-virus712.bin
c:\windows\system32\13a5spyw9re1z15.bin
c:\windows\system32\14019spambot5z2.dll
c:\windows\system32\14077tr9j2z5.dll
c:\windows\system32\14495a9kdozr458.cpl
c:\windows\system32\14661s9y58z.bin
c:\windows\system32\14787notza-v5rus99f.cpl
c:\windows\system32\14917z9cktool2195.bin
c:\windows\system32\149515zy41b.exe
c:\windows\system32\15283hac9to5z122.cpl
c:\windows\system32\1528thiez1939.bin
c:\windows\system32\152z5hac9tool747.exe
c:\windows\system32\15395spz4899.bin
c:\windows\system32\15465ackto9lz98.ocx
c:\windows\system32\154z8spy695.bin
c:\windows\system32\15507zroj2f9.exe
c:\windows\system32\15600spam95z69f.bin
c:\windows\system32\1562z9py1a7.exe
c:\windows\system32\1565zsp9mbot3fa.exe
c:\windows\system32\15709teaz5108.bin
c:\windows\system32\1571tro96z05.ocx
c:\windows\system32\15855szy985.bin
c:\windows\system32\1589s9arsz1405.dll
c:\windows\system32\15945v5rus5z3.ocx
c:\windows\system32\1597zs9546d.dll
c:\windows\system32\1598zot-a-vir5s9ae.exe
c:\windows\system32\15bz9ir3273.ocx
c:\windows\system32\15c5addw9re2z05.exe
c:\windows\system32\15dzdownloader24859.dll
c:\windows\system32\15e8dzwnload9r5708.ocx
c:\windows\system32\15f5dow9lzader3028.exe
c:\windows\system32\15fzadd59re1914.exe
c:\windows\system32\1609spywaze525.bin
c:\windows\system32\16200no9-a-vir5s65z.exe
c:\windows\system32\16238wormz95.ocx
c:\windows\system32\1655zhac9tool658.dll
c:\windows\system32\165azpa59e1433.ocx
c:\windows\system32\168965irus1z9.ocx
c:\windows\system32\168z5spy79b5.exe
c:\windows\system32\1699s5z37b.cpl
c:\windows\system32\1747159zj25c.exe
c:\windows\system32\1771sz5rse2189.ocx
c:\windows\system32\17755sp59z4.dll
c:\windows\system32\17792trz54c2.exe
c:\windows\system32\177et9zea514634.dll
c:\windows\system32\17z29pywa5e148.exe
c:\windows\system32\17z2d9wn5oader2948.ocx
c:\windows\system32\180185zcktool4a9.ocx
c:\windows\system32\181bzdd5are1959.dll
c:\windows\system32\18425hackz9ol290.bin
c:\windows\system32\1859hazktool955.bin
c:\windows\system32\185worz9525.exe
c:\windows\system32\18959szy5e6.dll
c:\windows\system32\18962not-a-v5rus50z.dll
c:\windows\system32\18a3threat94z55.exe
c:\windows\system32\18z4spywa5e1819.ocx
c:\windows\system32\1906worm9ze5.cpl
c:\windows\system32\19081trojz55.dll
c:\windows\system32\19135troz79.dll
c:\windows\system32\1915roj9z3.ocx
c:\windows\system32\19245hreatz8066.bin
c:\windows\system32\19289spy55fz.cpl
c:\windows\system32\193585orm1z7.exe
c:\windows\system32\19450nzt-5-virus2c9.cpl
c:\windows\system32\19490h5cktoolz91.cpl
c:\windows\system32\194995zy56b.ocx
c:\windows\system32\195559roz545.bin
c:\windows\system32\1955spyware1z05.bin
c:\windows\system32\1955zspy99c.cpl
c:\windows\system32\195879py4z6.cpl
c:\windows\system32\19677t9oj1z5.exe
c:\windows\system32\19685not-a5vzrus4b9.bin
c:\windows\system32\19750spamzot551.dll
c:\windows\system32\19853not5a-vi9uz529.exe
c:\windows\system32\1990z5r2705.dll
c:\windows\system32\19a6b59kdoor2318z.ocx
c:\windows\system32\19c5viz26449.cpl
c:\windows\system32\19z15roj4579.cpl
c:\windows\system32\1a4a9hizf2451.exe
c:\windows\system32\1b92zow5loader911.exe
c:\windows\system32\1bd5addw9re1z50.ocx
c:\windows\system32\1c1fdo9nlzader3255.bin

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
c:\windows\system32\1c95addware925z.exe
c:\windows\system32\1d7ethr9at2z755.cpl
c:\windows\system32\1de659iefz729.dll
c:\windows\system32\1e4fthi9z559.bin
c:\windows\system32\1e50spzware10839.dll
c:\windows\system32\1eadz5ea9750.exe
c:\windows\system32\1f37thief9z53.exe
c:\windows\system32\1f3a9aczdoo52054.dll
c:\windows\system32\1f43z9yware75.bin
c:\windows\system32\1fee5zr5349.cpl
c:\windows\system32\1fzethi5f5519.exe
c:\windows\system32\1z385pywa9e129.dll
c:\windows\system32\1z5csp9rse1913.ocx
c:\windows\system32\1z695troj545.bin
c:\windows\system32\1z6bth9eat385.cpl
c:\windows\system32\1z755troj195.ocx
c:\windows\system32\1za9vir5719.cpl
c:\windows\system32\20053spambzt6a69.ocx
c:\windows\system32\200z9orm465.ocx
c:\windows\system32\20245wo9mz5a.cpl
c:\windows\system32\203z5worm295.exe
c:\windows\system32\20550spazbot3bc9.exe
c:\windows\system32\20599spamzot12d5.exe
c:\windows\system32\20849v5rus689z.dll
c:\windows\system32\20869azk5oor3237.exe
c:\windows\system32\20977ha5ktool629z.bin
c:\windows\system32\209z5pyware7.ocx
c:\windows\system32\210z2vir9sb5.cpl
c:\windows\system32\21160w9rm535z.ocx
c:\windows\system32\2122do5n9ozder1264.dll
c:\windows\system32\21387sp5m9ot3z5.cpl
c:\windows\system32\21389tzo5579.dll
c:\windows\system32\21495not-az5irus279.ocx
c:\windows\system32\215z8wo9mc5.exe
c:\windows\system32\22115hackzo9l43c.exe
c:\windows\system32\22190nzt-a-virus555.dll
c:\windows\system32\2238zsp5965.bin
c:\windows\system32\22395szy10f.ocx
c:\windows\system32\224705z9us333.dll
c:\windows\system32\22470s9a5bot2z9.exe
c:\windows\system32\22509v9rus535z.bin
c:\windows\system32\229265pambzt9b.cpl
c:\windows\system32\22b7t9zef5599.ocx
c:\windows\system32\22z199pamb5t505.dll
c:\windows\system32\231559roj1z6.dll
c:\windows\system32\23492wo5z39c.dll
c:\windows\system32\23525zor9676.bin
c:\windows\system32\23728noz-a-virus95e.bin
c:\windows\system32\23745virzs2139.dll
c:\windows\system32\23z99ir5994.cpl
c:\windows\system32\24571viru5795z.bin
c:\windows\system32\24591spambzt521.dll
c:\windows\system32\249895pyz12.bin
c:\windows\system32\2500z5y2a9.ocx
c:\windows\system32\25117h9cktooz5e5.exe
c:\windows\system32\25118hz9ktool7d15.ocx
c:\windows\system32\2519dz9nlo5der129.cpl
c:\windows\system32\25205pa9sz2631.dll
c:\windows\system32\2527hazktoo9565.exe
c:\windows\system32\2535noz9a-virus299.dll
c:\windows\system32\253es5ywzre1299.dll
c:\windows\system32\25473zpy79d5.ocx
c:\windows\system32\25560zpy395.cpl
c:\windows\system32\25617spam9o5z76.dll
c:\windows\system32\25715zroj599.exe
c:\windows\system32\2573zs5y7949.ocx
c:\windows\system32\2575295rmz45.dll
c:\windows\system32\258519acktooz6f.ocx
c:\windows\system32\25942hacktz5l359.ocx
c:\windows\system32\25987spz358.cpl
c:\windows\system32\25a4s9arsez671.exe
c:\windows\system32\25adthreatz9438.cpl
c:\windows\system32\25e8st5al1697z.ocx
c:\windows\system32\25fethreat24092z.ocx
c:\windows\system32\25z8addw5re2091.exe
c:\windows\system32\25zdvir18579.ocx
c:\windows\system32\26195hacztool7ae.cpl
c:\windows\system32\26195noz-a-virus5e4.cpl
c:\windows\system32\26352trojz9b.bin
c:\windows\system32\264cz5eal26509.exe
c:\windows\system32\265349izus3f8.exe
c:\windows\system32\26595not-azviru97c.exe
c:\windows\system32\267fzhi9f9985.bin
c:\windows\system32\27104v9ruz15b5.cpl
c:\windows\system32\27899tr9z15d.exe
c:\windows\system32\27929h95ktoolz4a.ocx
c:\windows\system32\27999troj5z59.bin
c:\windows\system32\279ezp5rse2789.bin
c:\windows\system32\27a19pa5ze1510.ocx
c:\windows\system32\27e39own5oadzr91.ocx
c:\windows\system32\27z8sp5r9e1510.bin
c:\windows\system32\280725zrm5569.exe
c:\windows\system32\281znot-a-viru9325.bin
c:\windows\system32\2880hackt95z60c.exe
c:\windows\system32\29165spa5boz1df9.exe
c:\windows\system32\292629pzmbot6d5.cpl
c:\windows\system32\29385i9uz1ba.bin
c:\windows\system32\2940thzeat25969.exe
c:\windows\system32\2942859rusc6z.cpl
c:\windows\system32\294eaddzare5307.dll
c:\windows\system32\29583zacktool59b.cpl
c:\windows\system32\295905rojz97.exe
c:\windows\system32\29668viru935cz.dll
c:\windows\system32\29722zro56d4.bin
c:\windows\system32\297775roj3zf.exe
c:\windows\system32\29805sp547z.dll
c:\windows\system32\29846sz552b.dll
c:\windows\system32\29868woz95495.cpl
c:\windows\system32\2986addw9re21z5.ocx
c:\windows\system32\29902spa9b5t577z.exe
c:\windows\system32\29911hacztool9f5.ocx
c:\windows\system32\29940s5y7z9.cpl
c:\windows\system32\29966not-5-virzs66a.ocx
c:\windows\system32\2996z5ac9tool302.dll
c:\windows\system32\29e3addware11z5.bin
c:\windows\system32\29z58vi5us1d29.ocx
c:\windows\system32\2a43downloadzr395.exe
c:\windows\system32\2a75st9alz846.dll
c:\windows\system32\2c0ft9reat3z561.bin
c:\windows\system32\2ccdzownl5ader9669.cpl
c:\windows\system32\2e95back5oor1z98.dll
c:\windows\system32\2e95vzr1595.dll
c:\windows\system32\2f25thi9f1545z.bin
c:\windows\system32\2f7zaddw5r92277.exe
c:\windows\system32\2z072tro5229.bin
c:\windows\system32\2z0e95dware1.exe
c:\windows\system32\2z289hacktoo955b.bin
c:\windows\system32\2z452t5oj295.bin
c:\windows\system32\2z679hack5ool759.ocx
c:\windows\system32\2z989vir5s93.ocx
c:\windows\system32\2zspar591597.ocx
c:\windows\system32\3052vi9155z.bin
c:\windows\system32\30639not9z-5irus37d.exe
c:\windows\system32\30z25troj579.exe
c:\windows\system32\31145parsez913.bin
c:\windows\system32\3115zw9rm75b.cpl
c:\windows\system32\31829t5o9zb1.dll
c:\windows\system32\31z55not-a9virus601.ocx
c:\windows\system32\31z8wo9m525.cpl
c:\windows\system32\32030t9oz551.bin
c:\windows\system32\32069wo9518z.cpl
c:\windows\system32\3232tzief20995.dll
c:\windows\system32\32391spamb9t5z5.ocx
c:\windows\system32\32495spy24z.bin
c:\windows\system32\32556h59kzool210.bin
c:\windows\system32\32561troz2569.exe
c:\windows\system32\32636tro9zc5.ocx
c:\windows\system32\32915hacktzo527a.dll
c:\windows\system32\3294zacktoo5295.dll
c:\windows\system32\32abvir9z56.ocx
c:\windows\system32\32eedownloa9er571z.bin
c:\windows\system32\3309not-a5vizus9e5.ocx
c:\windows\system32\3339threa91105z.dll
c:\windows\system32\3359t9ie51060z.bin
c:\windows\system32\34125zckdoor9309.bin
c:\windows\system32\341zadd5are519.exe
c:\windows\system32\3499vi530z8.exe
c:\windows\system32\34b9vir36z5.cpl
c:\windows\system32\34z09iru53bc.cpl
c:\windows\system32\34z4spa95otc5.bin
c:\windows\system32\353zthie91816.bin
c:\windows\system32\355athr5a918z06.cpl
c:\windows\system32\3576not-a5viru91z4.dll
c:\windows\system32\357bsp9wa5e2z38.dll
c:\windows\system32\35eethief95z3.exe
c:\windows\system32\3665z9oj7b4.cpl
c:\windows\system32\3718thr5atz9009.dll
c:\windows\system32\3719addwzre525.ocx
c:\windows\system32\37615pa9zot635.ocx
c:\windows\system32\3795not-a-5irus74z.dll
c:\windows\system32\37f9ba5kdooz150.ocx
c:\windows\system32\38d15zars92315.dll
c:\windows\system32\38f9downlo5dez2443.cpl
c:\windows\system32\39156zroj529.bin
c:\windows\system32\3955vir504z.bin
c:\windows\system32\396zspywar582.ocx
c:\windows\system32\39dc5tealz3999.exe
c:\windows\system32\39ebacz5oor1257.bin
c:\windows\system32\3a80zteal9596.ocx
c:\windows\system32\3aa2ba59door1z13.ocx
c:\windows\system32\3affbackd9o5z915.ocx
c:\windows\system32\3b2th9ea518506z.dll
c:\windows\system32\3c4zaddw5re10219.dll
c:\windows\system32\3df8ztea5944.dll
c:\windows\system32\3e1cspywaz92395.ocx
c:\windows\system32\3e49thief51z4.cpl
c:\windows\system32\3e93ba5kdoor2z28.dll
c:\windows\system32\3fc5z9eal1554.bin
c:\windows\system32\3fze9tea51957.dll
c:\windows\system32\3z5cbac9d5or2718.dll
c:\windows\system32\3z5dthief69.dll
c:\windows\system32\3z75ad9ware3037.bin
c:\windows\system32\3z89spywa5e1402.bin
c:\windows\system32\3z939p5ware3125.cpl
c:\windows\system32\3z94spy598.dll
c:\windows\system32\405cs9arse1z505.dll
c:\windows\system32\4093spa5se3084z.cpl
c:\windows\system32\41275ot-a-zirus191.exe
c:\windows\system32\41cav9r735z.ocx
c:\windows\system32\41dbbackd9zr2559.bin
c:\windows\system32\424z5ackdoor1409.cpl
c:\windows\system32\4289steal1z85.exe
c:\windows\system32\429edownlo5d9r1z53.cpl
c:\windows\system32\4354zhreat218269.ocx
c:\windows\system32\44zaba9kdo5r950.ocx
c:\windows\system32\4503addzare597.ocx
c:\windows\system32\4529thiefz069.cpl
c:\windows\system32\4555trojz9.ocx
c:\windows\system32\459f5ownz9ader1402.bin
c:\windows\system32\45czth9eat2768.ocx
c:\windows\system32\45d5steaz1498.cpl
c:\windows\system32\4625spy9aze30865.ocx
c:\windows\system32\46605orm4z9.bin
c:\windows\system32\4675ste9z62.ocx
c:\windows\system32\46919acktool64z5.bin
c:\windows\system32\4696troj59bz.dll
c:\windows\system32\47e7vi959z.cpl
c:\windows\system32\47fdstz9l5505.ocx
c:\windows\system32\47z7vir9s65.ocx
c:\windows\system32\4824wzrm695.cpl
c:\windows\system32\4829downzo9de5372.exe
c:\windows\system32\4916zpyware8985.exe
c:\windows\system32\4986vi5396z.exe
c:\windows\system32\49a3th95az7029.ocx
c:\windows\system32\49b6spyw5r97z9.ocx
c:\windows\system32\49z9steal5152.bin
c:\windows\system32\4a96sparse1755z.cpl
c:\windows\system32\4azt59ef43.ocx
c:\windows\system32\4bd7th5zf23999.cpl
c:\windows\system32\4c53st9al290z.exe
c:\windows\system32\4d0thre593z531.ocx
c:\windows\system32\4da9s9yware151z.exe
c:\windows\system32\4dd5sp9rse689z.cpl
c:\windows\system32\4dzbv9r3150.cpl
c:\windows\system32\4e55stea92351z.ocx
c:\windows\system32\4e6dsparze9095.cpl
c:\windows\system32\4e84t5i9z2330.exe
c:\windows\system32\4ea2t9iez995.dll

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
c:\windows\system32\4fe8threaz11952.cpl
c:\windows\system32\4z599hreat22525.exe
c:\windows\system32\4z75s95766.ocx
c:\windows\system32\4z85ack9oor2825.dll
c:\windows\system32\4z85troj3d9.ocx
c:\windows\system32\4z975parse1166.cpl
c:\windows\system32\4z99ste5l199.exe
c:\windows\system32\4zb3downloa9er26075.bin
c:\windows\system32\4zbc9tea51946.exe
c:\windows\system32\4zcc9ir5364.dll
c:\windows\system32\4zee5tea91659.exe
c:\windows\system32\502bspa5sz990.exe
c:\windows\system32\502ezownlo9der1525.exe
c:\windows\system32\5032not-a95irzs318.exe
c:\windows\system32\504cvir359z.ocx
c:\windows\system32\505at9reat2099z.dll
c:\windows\system32\505downloaz9r286.exe
c:\windows\system32\505z8spambot3d99.cpl
c:\windows\system32\50765spz229.ocx
c:\windows\system32\5090spambzt533.dll
c:\windows\system32\5094zot-a-virus9f5.dll
c:\windows\system32\5097backdoor26z8.exe
c:\windows\system32\509ha5kzool69e.cpl
c:\windows\system32\50a5thie9z869.ocx
c:\windows\system32\50bstz9l3098.cpl
c:\windows\system32\50d5sp9zse1348.ocx
c:\windows\system32\50z8hacktoo925a.bin
c:\windows\system32\51219vi9us6az.dll
c:\windows\system32\5159downloadez984.dll
c:\windows\system32\5169sparsez45.exe
c:\windows\system32\516bt9ief159z5.ocx
c:\windows\system32\5243s5y9aze2710.dll
c:\windows\system32\525czddware5948.bin
c:\windows\system32\5274szyware14159.cpl
c:\windows\system32\528zwo5m89.bin
c:\windows\system32\52f9sparse15z8.dll
c:\windows\system32\5309pambzt109.dll
c:\windows\system32\531fvzr32495.bin
c:\windows\system32\5340addwzre5659.dll
c:\windows\system32\534virz93.bin
c:\windows\system32\537edownloazer595.cpl
c:\windows\system32\539cv9z1365.bin
c:\windows\system32\5412hacktoo53fz9.bin
c:\windows\system32\54659wozm59e.bin
c:\windows\system32\549spyware95z.exe
c:\windows\system32\54b9spyza9e855.exe
c:\windows\system32\54d59ownloadzr3052.exe
c:\windows\system32\54e39ackdozr4765.ocx
c:\windows\system32\55145ot-a9virus59z.bin
c:\windows\system32\55155tr9z229.ocx
c:\windows\system32\5519not-a-virus50z.ocx
c:\windows\system32\551zworm4999.exe
c:\windows\system32\55280worm97dz.cpl
c:\windows\system32\5541hacktoolz93.exe
c:\windows\system32\555z6vi9us105.ocx
c:\windows\system32\55936not-a9zirus321.exe
c:\windows\system32\55ecthrzat5692.bin
c:\windows\system32\55ze9parse5288.ocx
c:\windows\system32\563thie52z9.bin
c:\windows\system32\5651sparze19919.cpl
c:\windows\system32\56736tr9j65z.ocx
c:\windows\system32\5680backzoor2195.exe
c:\windows\system32\568a9ownloa5erz255.cpl
c:\windows\system32\5692wzrm495.exe
c:\windows\system32\569z8virus1ea.dll
c:\windows\system32\56a09ir18z3.exe
c:\windows\system32\56b8v59z612.exe
c:\windows\system32\56d5thief2319z.bin
c:\windows\system32\5725h9cktool52z.dll
c:\windows\system32\5759tealz035.ocx
c:\windows\system32\576zsteal3049.ocx
c:\windows\system32\57984zirus2e9.ocx
c:\windows\system32\5799down5oadzr965.cpl
c:\windows\system32\579bvirz075.dll
c:\windows\system32\57e4spywarz9859.ocx
c:\windows\system32\5809zparse1401.ocx
c:\windows\system32\584zth9ef2310.bin
c:\windows\system32\585fspyw9re25z3.dll
c:\windows\system32\5890vzr195.ocx
c:\windows\system32\589ezack9o5r2815.bin
c:\windows\system32\58b5zhreat39871.bin
c:\windows\system32\59139zt-a-5irus4b5.cpl
c:\windows\system32\593cdownloaderz155.exe
c:\windows\system32\5945troj9zf.bin
c:\windows\system32\5962zspambot498.cpl
c:\windows\system32\596429roj32cz.exe
c:\windows\system32\5965troz30d9.dll
c:\windows\system32\5968baczdo5r85.cpl
c:\windows\system32\596z2worm188.ocx
c:\windows\system32\597z5virus43a.cpl
c:\windows\system32\5980spzrse3219.bin
c:\windows\system32\5983zirus2d2.dll
c:\windows\system32\5986addwaz91100.exe
c:\windows\system32\5987spywaz51909.ocx
c:\windows\system32\5991thre5tz583.exe
c:\windows\system32\5991vi52z36.ocx
c:\windows\system32\5992spamboza29.dll
c:\windows\system32\59e3back9oor16z4.bin
c:\windows\system32\59ethief35z5.dll
c:\windows\system32\5a3spy9are155z.exe
c:\windows\system32\5a5bviz5791.ocx
c:\windows\system32\5a7ft59eatz990.ocx
c:\windows\system32\5a95t9zef1667.ocx
c:\windows\system32\5ac2spyw9re2z68.dll
c:\windows\system32\5b7baddw5rez29.ocx
c:\windows\system32\5b92downloader191z5.dll
c:\windows\system32\5b9ddo9nload5r17z4.ocx
c:\windows\system32\5c0zstea91138.cpl
c:\windows\system32\5c95sp5warez659.exe
c:\windows\system32\5c9bvir2331z.bin
c:\windows\system32\5c9szar9e3046.exe
c:\windows\system32\5cc4zackdoo9326.cpl
c:\windows\system32\5cz1downloade9121.dll
c:\windows\system32\5d37do5nloadzr20449.bin
c:\windows\system32\5d9aazdwa9e2632.ocx
c:\windows\system32\5df4spzrs91665.dll
c:\windows\system32\5df9downloazer2535.exe
c:\windows\system32\5dz0bac59oor2068.cpl
c:\windows\system32\5e91th59f948z.dll
c:\windows\system32\5e94thzeat98859.cpl
c:\windows\system32\5eb1tzie9122.bin
c:\windows\system32\5ee3sp9zse1779.cpl
c:\windows\system32\5ez1spy5ar92304.ocx
c:\windows\system32\5ezs9eal741.dll
c:\windows\system32\5f1b9zief2600.dll
c:\windows\system32\5f4fadzwa9e885.cpl
c:\windows\system32\5f99threat1z673.cpl
c:\windows\system32\5fbad5wnloa9er26z2.cpl
c:\windows\system32\5ff9szea51830.dll
c:\windows\system32\5z829ownload5r654.ocx
c:\windows\system32\607cdowzl95der2179.cpl
c:\windows\system32\60a0zownl9ader2025.dll
c:\windows\system32\60e9spyw5re243z.bin
c:\windows\system32\60fctz5e91519.ocx
c:\windows\system32\61929pazbot5765.cpl
c:\windows\system32\6293downlz5de91636.bin
c:\windows\system32\6310zpa9b5t1f.dll
c:\windows\system32\6315zdd9are50.ocx
c:\windows\system32\6320t5ief2769z.exe
c:\windows\system32\6354baczdoor3569.dll
c:\windows\system32\63czs5eal6569.bin
c:\windows\system32\643559wnloadez3087.dll
c:\windows\system32\645zspywar92513.cpl
c:\windows\system32\6520thi9z1559.bin
c:\windows\system32\654bzhief2975.ocx
c:\windows\system32\655e9teal845z.ocx
c:\windows\system32\655spywarez910.exe
c:\windows\system32\65f9spywzre2909.cpl
c:\windows\system32\65zes9eal30.bin
c:\windows\system32\6651bzckdoor2859.ocx
c:\windows\system32\6759sparze2335.dll
c:\windows\system32\6779szy37b5.exe
c:\windows\system32\67z0steal5898.dll
c:\windows\system32\685adownloade96z8.ocx
c:\windows\system32\688asz5al9164.dll
c:\windows\system32\695cvi5193z.dll
c:\windows\system32\6981thizf1185.dll
c:\windows\system32\6985st9al2z87.bin
c:\windows\system32\6a04thz9at28405.ocx
c:\windows\system32\6a51baczdoor12319.cpl
c:\windows\system32\6a95steal5620z.dll
c:\windows\system32\6b15spa5se249z9.bin
c:\windows\system32\6b6dspars9111z5.cpl
c:\windows\system32\6b7espar9e15z0.cpl
c:\windows\system32\6cz4thie928945.cpl
c:\windows\system32\6ea35ackdoo93z01.dll
c:\windows\system32\6eb9azdwa5e2289.cpl
c:\windows\system32\6ez295eal1414.bin
c:\windows\system32\6z1thre5t114549.exe
c:\windows\system32\6z25w5r994.ocx
c:\windows\system32\6z4s9eal555.bin
c:\windows\system32\6z54s9yf5.bin
c:\windows\system32\6z75s9eal65.cpl
c:\windows\system32\6z82ad9w5re3038.ocx
c:\windows\system32\6z99tr5j71e.dll
c:\windows\system32\7091zp5r9e2625.exe
c:\windows\system32\70d4t5rezt9974.cpl
c:\windows\system32\726as5z9are3241.dll
c:\windows\system32\7299tzief2564.exe
c:\windows\system32\7353szeal9255.bin
c:\windows\system32\742fspyz9re3556.bin
c:\windows\system32\74515ackdooz26049.dll
c:\windows\system32\7560sparse9607z.cpl
c:\windows\system32\7595steal476z.exe
c:\windows\system32\770not-a-9izu5773.bin
c:\windows\system32\7782s9azbot555.exe
c:\windows\system32\77s9ywar5981z.bin
c:\windows\system32\787z9roj2a15.exe
c:\windows\system32\78z059eal2184.ocx
c:\windows\system32\78z5s5y35a9.exe
c:\windows\system32\78z5sparse9964.cpl
c:\windows\system32\790zdow9loader355.dll
c:\windows\system32\79185hiefz96.cpl
c:\windows\system32\7959spzmbot229.ocx
c:\windows\system32\795zt5reat16532.bin
c:\windows\system32\7995wor914z.ocx
c:\windows\system32\79dzsp95are567.exe
c:\windows\system32\7b8fthiez9956.cpl
c:\windows\system32\7b969ownlzader2415.dll
c:\windows\system32\7bzbthief2950.dll
c:\windows\system32\7c5f5hreaz13298.bin
c:\windows\system32\7c86sp5rsez898.dll
c:\windows\system32\7d5baddware90z6.dll
c:\windows\system32\7e025ze9l2554.cpl
c:\windows\system32\7e51adzware9571.dll
c:\windows\system32\7e56do59lozder2084.bin
c:\windows\system32\7e59bac9door103z5.bin
c:\windows\system32\7e76spars915z7.exe
c:\windows\system32\7effthre5t9780z.dll
c:\windows\system32\7fd0zhreat30569.dll
c:\windows\system32\7z2cth5e93024.dll
c:\windows\system32\7z465irusbd9.bin
c:\windows\system32\7z49thie5975.dll
c:\windows\system32\7z58downl5ader9445.exe
c:\windows\system32\7z81sp5ware1629.cpl
c:\windows\system32\7z95addwar9509.cpl
c:\windows\system32\7za8downl5ader9427.cpl
c:\windows\system32\7zcct5i9f2141.cpl
c:\windows\system32\8055sp91z5.exe
c:\windows\system32\82739otz5-virus307.exe
c:\windows\system32\8305t9az1376.ocx
c:\windows\system32\8351zorm9335.bin
c:\windows\system32\8531s9y22az.bin
c:\windows\system32\853backd5o92960z.cpl
c:\windows\system32\8559haczt9ol354.dll
c:\windows\system32\85759roj1f6z.ocx
c:\windows\system32\863spzwa95203.exe
c:\windows\system32\870z9y2845.cpl
c:\windows\system32\8715vi5zs5f9.dll
c:\windows\system32\8798vizus5b9.ocx
c:\windows\system32\8890tzo5937.cpl
c:\windows\system32\89895orz357.cpl
c:\windows\system32\8dc59zware775.bin
c:\windows\system32\9004not-a-vz5us5eb.cpl
c:\windows\system32\90076spamzot553.cpl
c:\windows\system32\903baddware1z59.exe
c:\windows\system32\90557hacktool1z6.dll
c:\windows\system32\9059zr2125.ocx
c:\windows\system32\905z1spy535.dll
c:\windows\system32\90709hacktooz755.ocx
c:\windows\system32\9123not-a-vzrus750.exe
c:\windows\system32\9153spa5se75z.cpl
c:\windows\system32\9167tro57z2.ocx
c:\windows\system32\91907worm5ze.dll
c:\windows\system32\91925virzs2c.exe
c:\windows\system32\91dbaz5door985.bin
c:\windows\system32\92845pambot672z.ocx
c:\windows\system32\934caddwzre1195.cpl
c:\windows\system32\9358szywa5e656.exe
c:\windows\system32\942zsp529d.exe
c:\windows\system32\94353wo5z502.exe
c:\windows\system32\9457worm9bz.cpl
c:\windows\system32\949925zrusff.ocx
c:\windows\system32\95281spz621.cpl
c:\windows\system32\9530wzrm932.dll

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
c:\windows\system32\9544no9-azvirus67b5.exe
c:\windows\system32\955zackd9or2411.exe
c:\windows\system32\95765spzmbot784.ocx
c:\windows\system32\9582znot5a-virus46d.dll
c:\windows\system32\958athreat2734z.dll
c:\windows\system32\95b5stea52480z.dll
c:\windows\system32\95zthief1761.exe
c:\windows\system32\961vir500z.dll
c:\windows\system32\96298spy145z.ocx
c:\windows\system32\96562not-azvirus701.dll
c:\windows\system32\965adzware19925.exe
c:\windows\system32\967bthrezt93255.dll
c:\windows\system32\9695worz509.dll
c:\windows\system32\96b8add5arez856.cpl
c:\windows\system32\96spyware1985z.exe
c:\windows\system32\97653virus17z.exe
c:\windows\system32\9780wor57ze.ocx
c:\windows\system32\97975hiez2714.dll
c:\windows\system32\97995iz2023.ocx
c:\windows\system32\979cthz5f2995.cpl
c:\windows\system32\9899notza-virus3255.exe
c:\windows\system32\9950sp9mbotzc9.dll
c:\windows\system32\995a5zware2985.exe
c:\windows\system32\996z5pyware834.ocx
c:\windows\system32\99890vi5zs1f4.dll
c:\windows\system32\999t5reaz9461.exe
c:\windows\system32\99b1stez5990.exe
c:\windows\system32\99zaddwar5189.dll
c:\windows\system32\9a24addw5re1z06.dll
c:\windows\system32\9a5fthrezt25123.exe
c:\windows\system32\9a6a5dware999z.dll
c:\windows\system32\9b56spywzre2904.cpl
c:\windows\system32\9c1esp5zare556.exe
c:\windows\system32\9c35spar5z2701.cpl
c:\windows\system32\9c85spar5e28z9.ocx
c:\windows\system32\9dbvzr1725.cpl
c:\windows\system32\9dcstzal29795.exe
c:\windows\system32\9e38zddware5015.ocx
c:\windows\system32\9e42a5dwarz941.bin
c:\windows\system32\9e61spa5se982z.bin
c:\windows\system32\9fz9vir1554.ocx
c:\windows\system32\9z06thief559.bin
c:\windows\system32\9z0cv5r2391.exe
c:\windows\system32\9z26ha9k5ool36c.ocx
c:\windows\system32\9z855roj63e.exe
c:\windows\system32\a39sparsz5245.bin
c:\windows\system32\abf9dzwa5e2926.dll
c:\windows\system32\c25back9oorz785.dll
c:\windows\system32\c57steaz595.bin
c:\windows\system32\c59zackdoo992.bin
c:\windows\system32\c9dthief57z2.exe
c:\windows\system32\d13t9zef1350.dll
c:\windows\system32\d83thie9314z5.bin
c:\windows\system32\da6zpar9e502.cpl
c:\windows\system32\drivers\gxvxcgsaorjbitevxoyikuhrsqjisxbhdhbad.sys
c:\windows\system32\dz7st9al3054.cpl
c:\windows\system32\f5zsp5ware3529.dll
c:\windows\system32\f8es9ywaze2562.dll
c:\windows\system32\gxvxcafskmlxudulctbbftpbpkklamluvaruu.dll
c:\windows\system32\gxvxcijewmrqxgeuykmovbfmkisdxtvvwsqoj.dll
c:\windows\system32\z056tro579.cpl
c:\windows\system32\z0906spa5bot397.bin
c:\windows\system32\z0929py575.exe
c:\windows\system32\z09cst5al2695.dll
c:\windows\system32\z1fcs9arse2555.bin
c:\windows\system32\z217ha9ktoole85.ocx
c:\windows\system32\z2228w5rme99.cpl
c:\windows\system32\z233v9ru57a1.ocx
c:\windows\system32\z2343worm659.dll
c:\windows\system32\z2529not-a9virusd25.exe
c:\windows\system32\z296h9c5tool608.ocx
c:\windows\system32\z2adt5ief9820.exe
c:\windows\system32\z357not-9-virus1c9.exe
c:\windows\system32\z358backdoor54019.bin
c:\windows\system32\z3989sp95bot5af.dll
c:\windows\system32\z448addware16659.bin
c:\windows\system32\z4899tro532.exe
c:\windows\system32\z4aevir10935.cpl
c:\windows\system32\z5049hacktool7f59.dll
c:\windows\system32\z5592worm40f.ocx
c:\windows\system32\z5595v9rus138.exe
c:\windows\system32\z565ste9l2993.dll
c:\windows\system32\z595parse2183.exe
c:\windows\system32\z595steal148.dll
c:\windows\system32\z6398spamb5t65d.exe
c:\windows\system32\z663spam95t186.dll
c:\windows\system32\z695addware1591.dll
c:\windows\system32\z7045hacktool9475.exe
c:\windows\system32\z70789ro57dd.bin
c:\windows\system32\z70f9teal1475.dll
c:\windows\system32\z752th9eat29450.bin
c:\windows\system32\z7554spambot439.bin
c:\windows\system32\z7696hackto5l121.ocx
c:\windows\system32\z787sp955.bin
c:\windows\system32\z8735troj9cd.bin
c:\windows\system32\z8959orm19e.cpl
c:\windows\system32\z897sparse5992.cpl
c:\windows\system32\z89esparse855.ocx
c:\windows\system32\z9080vir5s1b.bin
c:\windows\system32\z91fspars52808.ocx
c:\windows\system32\z9245parse280.cpl
c:\windows\system32\z9284vir5sd5.dll
c:\windows\system32\z928s5ambot1a4.dll
c:\windows\system32\z9589spy54e.dll
c:\windows\system32\z985sparse75.exe
c:\windows\system32\z991downl5ader1279.bin
c:\windows\system32\z995spambo9311.exe
c:\windows\system32\z9960spy52f.dll
c:\windows\system32\za99ad5ware2092.exe
c:\windows\system32\zb5aba9kdoor249.cpl
c:\windows\system32\zd85down9oader2555.cpl
c:\windows\system32\zea1sp5war9283.exe
c:\windows\system32\zf3cspyw5r92163.dll
c:\windows\system32\zf795ir123.bin
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\z05c5pyware1897.ocx
c:\windows\z0745ro991.ocx
c:\windows\z0805spam9ot2ad.exe
c:\windows\z095addware1574.dll
c:\windows\z103hac9tool385.ocx
c:\windows\z115thr9at25726.exe
c:\windows\z11threat3459.cpl
c:\windows\z1339ac5door1743.dll
c:\windows\z19655orm2f29.bin
c:\windows\z23b9ownload5r678.exe
c:\windows\z27695oj701.dll
c:\windows\z3063hac5to9l50c.exe
c:\windows\z3595worm577.dll
c:\windows\z3945ir984.dll
c:\windows\z398th5ef3163.cpl
c:\windows\z468hack5ool39.ocx
c:\windows\z4913t59j2f6.dll
c:\windows\z4b5ste9l1569.ocx
c:\windows\z4edow9loader3549.bin
c:\windows\z4faaddw5re22519.ocx
c:\windows\z503st9al1800.bin
c:\windows\z51139py25.bin
c:\windows\z538v9r2532.ocx
c:\windows\z5393wo5m174.bin
c:\windows\z583not-a-virus945.exe
c:\windows\z592sp52e09.ocx
c:\windows\z59csteal2233.bin
c:\windows\z5cvi5597.bin
c:\windows\z5d95ir9493.cpl
c:\windows\z5dethre9t16475.bin
c:\windows\z5e3addw9re866.exe
c:\windows\z655sparse2929.bin
c:\windows\z665w9rm719.cpl
c:\windows\z693sp9mbot595.exe
c:\windows\z72ebackdo5r3149.ocx
c:\windows\z7499virus598.ocx
c:\windows\z79bvi52489.bin
c:\windows\z79edow5l9ader1189.cpl
c:\windows\z81469p52e.bin
c:\windows\z8185py249.cpl
c:\windows\z81edow9loader1599.bin
c:\windows\z82ddownl5ad9r885.ocx
c:\windows\z864t5oj399.bin
c:\windows\z90vir5452.cpl
c:\windows\z913threat15204.ocx
c:\windows\z916959ambot531.cpl
c:\windows\z9431virus507.bin
c:\windows\z957addw5re2749.bin
c:\windows\za58vir919.bin
c:\windows\za729ddwa5e1753.dll
c:\windows\zd2fthie915625.cpl
c:\windows\zeastea5989.bin
c:\windows\zf5c9ackdoor2883.ocx

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 14:50 . 2009-06-01 14:50 20797 ----a-w- C:\MGlogs.zip
2009-06-01 14:50 . 2009-06-01 14:50 -------- d-----w- C:\MGtools
2009-05-29 16:04 . 2009-05-29 16:04 -------- d-----w- C:\emergency
2009-05-29 01:08 . 2009-05-29 01:08 102400 ----a-w- c:\windows\system32\blocker.dll
2009-05-26 01:09 . 2009-05-26 01:09 152576 ----a-w- c:\documents and settings\Pete\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-23 19:48 . 2009-05-23 19:48 -------- d-----w- c:\program files\videofixer
2009-05-22 18:55 . 2009-05-22 18:56 -------- d-----w- c:\program files\Direct MP3 Joiner
2009-05-20 22:07 . 2009-05-20 22:08 -------- d-----w- c:\program files\FormatFactory
2009-05-20 18:44 . 2008-03-21 18:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-05-20 18:43 . 2009-05-20 18:49 -------- d-----w- c:\program files\Zune
2009-05-20 18:41 . 2008-05-02 09:05 62592 -c----w- c:\windows\system32\dllcache\cdrom.sys
2009-05-20 18:41 . 2008-05-02 13:30 464384 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2009-05-20 18:41 . 2008-05-02 13:30 464384 ------w- c:\windows\system32\imapi2fs.dll
2009-05-20 18:41 . 2008-05-02 13:30 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2009-05-20 18:41 . 2008-05-02 13:30 317952 ------w- c:\windows\system32\imapi2.dll
2009-05-20 05:23 . 2009-05-20 05:23 -------- d-----w- c:\documents and settings\Pete\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-05-20 04:53 . 2009-05-20 04:51 38208 ----a-w- c:\documents and settings\Pete\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-20 04:53 . 2009-05-20 04:53 -------- d-----w- c:\program files\TweetDeck
2009-05-20 04:52 . 2009-05-20 04:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-19 02:04 . 2009-05-19 02:04 -------- d-----w- c:\documents and settings\Pete\Application Data\Smith Micro
2009-05-19 00:45 . 2009-05-19 00:45 -------- d-----w- c:\program files\Smith Micro
2009-05-18 16:30 . 2009-05-24 03:22 -------- d-----w- c:\program files\IrfanView
2009-05-11 17:27 . 2009-05-11 17:27 -------- d-----w- c:\documents and settings\Pete\Application Data\Corel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 15:40 . 2008-09-06 16:49 1730 ----a-w- c:\windows\system32\tablet.dat
2009-06-01 15:40 . 2008-11-16 20:05 5276534 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-05-28 20:50 . 2008-09-06 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-28 20:42 . 2008-09-06 14:08 2669876 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-05-28 20:42 . 2008-09-06 14:08 229066784 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-27 13:46 . 2008-09-07 05:13 -------- d-----w- c:\documents and settings\Pete\Application Data\CoreFTP
2009-05-26 01:10 . 2008-09-07 05:07 -------- d-----w- c:\program files\Java
2009-05-24 19:01 . 2008-09-06 15:36 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-21 14:21 . 2008-09-06 23:51 -------- d-----w- c:\program files\PeerGuardian2
2009-05-21 14:19 . 2008-09-08 01:18 -------- d-----w- c:\documents and settings\Pete\Application Data\Azureus
2009-05-20 19:13 . 2009-05-20 19:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-05-20 19:13 . 2009-05-20 19:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-05-20 19:10 . 2009-05-20 19:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-05-20 18:44 . 2009-05-20 18:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-05-20 18:44 . 2009-05-20 18:44 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-20 06:40 . 2008-09-06 23:52 -------- d-----w- c:\program files\Vuze
2009-05-19 13:48 . 2008-09-06 07:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-19 13:48 . 2008-09-06 07:34 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-19 13:48 . 2008-09-06 07:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-19 13:48 . 2008-09-06 07:34 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-18 14:49 . 2008-09-06 22:51 -------- d-----w- c:\program files\AutoCAD R14
2009-05-13 21:50 . 2008-09-07 18:02 -------- d-----w- c:\program files\Trillian
2009-05-12 02:06 . 2008-09-07 03:50 -------- d-----w- c:\documents and settings\Pete\Application Data\Skype
2009-05-10 05:05 . 2008-10-12 04:29 -------- d-----w- c:\documents and settings\Pete\Application Data\skypePM
2009-05-08 22:29 . 2009-05-08 23:13 1840640 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-05-08 22:29 . 2009-05-08 23:13 535040 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-05-07 00:16 . 2008-09-10 22:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-26 16:04 . 2009-04-26 16:05 2988544 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-04-15 20:02 . 2009-04-15 20:02 -------- d-----w- c:\documents and settings\Pete\Application Data\dvdcss
2009-03-27 19:10 . 2009-03-27 19:10 285 ----a-w- c:\windows\EReg072.dat
2009-03-27 19:09 . 2009-03-27 19:09 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-03-27 19:09 . 2009-03-27 19:09 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-03-24 21:02 . 2009-03-24 21:02 119536 ---ha-w- c:\windows\system32\mlfcache.dat
2009-03-20 01:00 . 2009-03-20 01:00 503808 ----a-w- c:\documents and settings\Pete\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-728ab9d8-n\msvcp71.dll
2009-03-20 01:00 . 2009-03-20 01:00 499712 ----a-w- c:\documents and settings\Pete\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-728ab9d8-n\jmc.dll
2009-03-20 01:00 . 2009-03-20 01:00 348160 ----a-w- c:\documents and settings\Pete\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-728ab9d8-n\msvcr71.dll
2009-03-20 00:57 . 2009-03-20 00:57 152576 ----a-w- c:\documents and settings\Pete\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-09 10:19 . 2008-11-26 21:40 410984 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-09-06 16384]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Steam"="c:\program files\Valve\Steam\Steam.exe" [2009-05-19 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-19 1947928]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"Lexmark 3100 Series"="c:\program files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-04 106496]
"LXBRKsk"="c:\progra~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 294912]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-04-09 826880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

c:\documents and settings\Pete\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\cinetray.exe [2002-9-18 98304]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-9-6 169472]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-9-6 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-19 13:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/6/2008 2:34 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/6/2008 2:34 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/6/2008 2:34 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/28/2009 9:44 AM 298776]
R3 XIRLINK;Veo Web Camera;c:\windows\system32\drivers\ucdnt.sys [9/6/2008 12:25 PM 728067]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-WinBlueSoft - (no file)
SafeBoot-procexp90.Sys

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\px9cglmh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 10:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-861567501-879983540-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8BE4A1C4-3425-2B84-D08B-B989A9974AEB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oakgajdjoedpbiaekpfliafllffflh"=hex:64,61,6a,65,68,68,6b,65,00,70
"oaofieeahmbpgidpjkbepgiolkkpji"=hex:6a,61,6b,65,6b,67,62,61,62,61,66,69,6e,6b,
68,63,6d,67,65,63,00,17
"naefkklllgbfigikbbheiflbmenl"=hex:6a,61,6b,65,6b,67,62,61,62,61,66,69,6e,6b,
68,63,6d,67,65,63,00,17
.
Completion time: 2009-06-01 11:01
ComboFix-quarantined-files.txt 2009-06-01 16:01

Pre-Run: 19,673,493,504 bytes free
Post-Run: 22,957,588,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

1636

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\blocker.dll
c:\windows\Internet Logs\xDB3.tmp
c:\windows\Internet Logs\xDB2.tmp
c:\windows\Internet Logs\xDB1.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-

RegNull::
[HKEY_USERS\S-1-5-21-861567501-879983540-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8BE4A1C4-3425-2B84-D08B-B989A9974AEB}*]


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
I've been infected with Winbluesoft - Page 2 Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
Here's the new combofix log:

ComboFix 09-05-31.06 - Pete 06/01/2009 11:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.525 [GMT -5:00]
Running from: c:\documents and settings\Pete\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Pete\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point

FILE ::
"c:\windows\Internet Logs\xDB1.tmp"
"c:\windows\Internet Logs\xDB2.tmp"
"c:\windows\Internet Logs\xDB3.tmp"
"c:\windows\system32\blocker.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Internet Logs\xDB1.tmp
c:\windows\Internet Logs\xDB2.tmp
c:\windows\Internet Logs\xDB3.tmp
c:\windows\system32\blocker.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 14:50 . 2009-06-01 14:50 20797 ----a-w- C:\MGlogs.zip
2009-06-01 14:50 . 2009-06-01 14:50 -------- d-----w- C:\MGtools
2009-05-29 16:04 . 2009-05-29 16:04 -------- d-----w- C:\emergency
2009-05-26 01:09 . 2009-05-26 01:09 152576 ----a-w- c:\documents and settings\Pete\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-23 19:48 . 2009-05-23 19:48 -------- d-----w- c:\program files\videofixer
2009-05-22 18:55 . 2009-05-22 18:56 -------- d-----w- c:\program files\Direct MP3 Joiner
2009-05-20 22:07 . 2009-05-20 22:08 -------- d-----w- c:\program files\FormatFactory
2009-05-20 18:44 . 2008-03-21 18:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-05-20 18:43 . 2009-05-20 18:49 -------- d-----w- c:\program files\Zune
2009-05-20 18:41 . 2008-05-02 09:05 62592 -c----w- c:\windows\system32\dllcache\cdrom.sys
2009-05-20 18:41 . 2008-05-02 13:30 464384 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2009-05-20 18:41 . 2008-05-02 13:30 464384 ------w- c:\windows\system32\imapi2fs.dll
2009-05-20 18:41 . 2008-05-02 13:30 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2009-05-20 18:41 . 2008-05-02 13:30 317952 ------w- c:\windows\system32\imapi2.dll
2009-05-20 05:23 . 2009-05-20 05:23 -------- d-----w- c:\documents and settings\Pete\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-05-20 04:53 . 2009-05-20 04:51 38208 ----a-w- c:\documents and settings\Pete\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-20 04:53 . 2009-05-20 04:53 -------- d-----w- c:\program files\TweetDeck
2009-05-20 04:52 . 2009-05-20 04:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-19 02:04 . 2009-05-19 02:04 -------- d-----w- c:\documents and settings\Pete\Application Data\Smith Micro
2009-05-19 00:45 . 2009-05-19 00:45 -------- d-----w- c:\program files\Smith Micro
2009-05-18 16:30 . 2009-05-24 03:22 -------- d-----w- c:\program files\IrfanView
2009-05-11 17:27 . 2009-05-11 17:27 -------- d-----w- c:\documents and settings\Pete\Application Data\Corel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 16:44 . 2008-09-06 16:49 1730 ----a-w- c:\windows\system32\tablet.dat
2009-06-01 16:43 . 2008-11-16 20:05 5943311 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-06-01 16:42 . 2008-09-06 14:08 2672060 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-01 16:42 . 2008-09-06 14:08 229066784 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-28 20:50 . 2008-09-06 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-27 13:46 . 2008-09-07 05:13 -------- d-----w- c:\documents and settings\Pete\Application Data\CoreFTP
2009-05-26 01:10 . 2008-09-07 05:07 -------- d-----w- c:\program files\Java
2009-05-24 19:01 . 2008-09-06 15:36 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-21 14:21 . 2008-09-06 23:51 -------- d-----w- c:\program files\PeerGuardian2
2009-05-21 14:19 . 2008-09-08 01:18 -------- d-----w- c:\documents and settings\Pete\Application Data\Azureus
2009-05-20 19:13 . 2009-05-20 19:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-05-20 19:13 . 2009-05-20 19:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-05-20 19:10 . 2009-05-20 19:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-05-20 18:44 . 2009-05-20 18:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-05-20 18:44 . 2009-05-20 18:44 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-19 13:48 . 2008-09-06 07:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-19 13:48 . 2008-09-06 07:34 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-19 13:48 . 2008-09-06 07:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-19 13:48 . 2008-09-06 07:34 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-18 14:49 . 2008-09-06 22:51 -------- d-----w- c:\program files\AutoCAD R14
2009-05-13 21:50 . 2008-09-07 18:02 -------- d-----w- c:\program files\Trillian
2009-05-12 02:06 . 2008-09-07 03:50 -------- d-----w- c:\documents and settings\Pete\Application Data\Skype
2009-05-10 05:05 . 2008-10-12 04:29 -------- d-----w- c:\documents and settings\Pete\Application Data\skypePM
2009-05-07 00:16 . 2008-09-10 22:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-15 20:02 . 2009-04-15 20:02 -------- d-----w- c:\documents and settings\Pete\Application Data\dvdcss
2009-03-27 19:10 . 2009-03-27 19:10 285 ----a-w- c:\windows\EReg072.dat
2009-03-27 19:09 . 2009-03-27 19:09 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-03-27 19:09 . 2009-03-27 19:09 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-03-24 21:02 . 2009-03-24 21:02 119536 ---ha-w- c:\windows\system32\mlfcache.dat
2009-03-20 01:00 . 2009-03-20 01:00 503808 ----a-w- c:\documents and settings\Pete\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-728ab9d8-n\msvcp71.dll
2009-03-20 01:00 . 2009-03-20 01:00 499712 ----a-w- c:\documents and settings\Pete\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-728ab9d8-n\jmc.dll
2009-03-20 01:00 . 2009-03-20 01:00 348160 ----a-w- c:\documents and settings\Pete\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-728ab9d8-n\msvcr71.dll
2009-03-20 00:57 . 2009-03-20 00:57 152576 ----a-w- c:\documents and settings\Pete\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-09 10:19 . 2008-11-26 21:40 410984 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-01_15.58.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-01 16:44 . 2009-06-01 16:44 40960 c:\windows\Temp\rtdrvmon.exe
+ 2009-06-01 16:43 . 2009-06-01 16:43 16384 c:\windows\Temp\Perflib_Perfdata_150.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-09-06 16384]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Steam"="c:\program files\Valve\Steam\Steam.exe" [2009-05-19 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-19 1947928]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"Lexmark 3100 Series"="c:\program files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-04 106496]
"LXBRKsk"="c:\progra~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 294912]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-04-09 826880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"WinBlueSoft"="" [BU]

c:\documents and settings\Pete\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\cinetray.exe [2002-9-18 98304]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-9-6 169472]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-9-6 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-19 13:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/6/2008 2:34 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/6/2008 2:34 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/6/2008 2:34 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/28/2009 9:44 AM 298776]
R3 XIRLINK;Veo Web Camera;c:\windows\system32\drivers\ucdnt.sys [9/6/2008 12:25 PM 728067]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-setup2.exe - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\px9cglmh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 11:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1624)
c:\docume~1\Pete\LOCALS~1\Temp\IadHide4.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\tabhook.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\PSIService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\windows\system32\rundll32.exe
c:\program files\Lexmark 3100 Series\lxbrbmon.exe
c:\program files\Lexmark 3100 Series\lxbrcmon.exe
.
**************************************************************************
.
Completion time: 2009-06-01 11:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-01 16:51
ComboFix2.txt 2009-06-01 16:01

Pre-Run: 23,246,204,928 bytes free
Post-Run: 23,252,992,000 bytes free

206

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
Hello.
Please disable TeaTimer again.

  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinBlueSoft"=-


  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

I've been infected with Winbluesoft - Page 2 CF_Cleanup

This will also reset your restore points.

How is the machine running now?

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
The computer is running a lot better now. The 'WARNING System Infected' desktop background is gone and I'm not getting any more interference or popups from Winbluesoft. Everything seems to be back to normal except that the Winbluesoft icon is still on my desktop and Winbluesoft is still listed in the Add/Remove Programs file list.

Other than that, everything seems great!

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
Just remove them manually.
Drag/drop the desktop icon to the bin, and uninstall it from the add/remove programs too.

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
Ok, I did that and there gone now. Everthing's working perfectly now.

One last question, can I just delete the tools I've downloaded from my desktop or do I need to uninstall them via command prompt like with ComboFix?

I'd also like to thank you for the all the help, time and patience while helping me with this. I really, really appreciate it. I wouldn't have been able to fix my computer without GeekPolice. I'll be putting a permanent link on my website to GeekPolice and I'll be telling everyone I know to come here for their computer troubles.

Thank You!

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
Delete everything we used.
Combofix has a special removal methods because some of the files Combofix uses are detected as "Hacktool" or "Riskware", that is a false positive.

descriptionI've been infected with Winbluesoft - Page 2 EmptyRe: I've been infected with Winbluesoft

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum