HELP!, huge virus on computer... downloaded WINBLUESOFT... U

OK guys, im in need of serious serious help my cpu is messed up. i was told/ lied to that winbluesoft would fix the problems but i didnt buy the soft ware because i didnt trust it but i did download it. Please help me and any information for the best virus protection program out now i would like to know since i will be buying a new computer later this year and would like it to be virus free! thanks and im ready to help you help me

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

wont load up after i installed hijack this

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
  
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.
  

Try running Hijack This in safe mode.

Still didnt launch

Hello. Stay in safe mode while doing this.

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  [Version]
  Signature=$CHICAGO$
  
  [DefaultInstall]
  AddReg=Del.Settings
  
  [Del.Settings]
  HKLM,software\microsoft\windows nt\currentversion\windows,AppInit_DLLs,0x00000000
  
  

  
  
• Save this as fixreg.inf, save it to your desktop.
  
• Right click fixreg.inf and select install.
  

Now install the inf file and try deleting this file in bold:
C:\windows\system32\blocker.dll

installed it and nothing happened except a screen flash how am i supposed to delete the file listed above

Nothing is supposed to happen, just a quick flash. Find the file, highlight it and press the delete button.

C:\windows\system32\blocker.dll does not exsit it was not found

Hmmm.
Can you try running Hijack This now.

nothing happened

Hello.
Can you try running MGTools for me.

Info and links here
http://forums.majorgeeks.com/showthread.php?t=137630

the log files are in a zip folder do you want me to extract them and them place each file in my next reply

Can you upload it to rapidshare please?

will do kindly, here is the download link thanks for all the help so far....

http://rapidshare.com/files/241211002/MGlogs.zip.html

Hello. Go into the MGTools in your C: drive, and open Analyze.exe. This is actully Hijack This, were gonna use this.

• Open HijackThis.
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
  O17 - HKLM\System\CCS\Services\Tcpip\..\{151192BD-BCBA-4765-AF2E-48BEC4DA14AA}: NameServer = 85.255.112.149,85.255.112.214
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.149,85.255.112.214
  O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.149,85.255.112.214
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.149,85.255.112.214
  O18 - Filter: x-sdch - (no CLSID) - (no file)
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Next,

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (Mcafee)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Hey the log file is too big to be posted so i uploaded it to rapidshare here is the link...

http://rapidshare.com/files/241255492/ComboFix.txt.html

Okay, there is still some malware left, but before we get rid of that, I want to get an uninstall list.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Here is the uninstall list...


AccessDiver v4.120
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agere Systems PCI Soft Modem
AMD Processor Driver
America's Army Deploy Client
America's Army Server Manager
Antares Auto Tune TDM 4.3.10.0
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Anti-Spyware 7.5
AviSynth 2.5
Bonjour
Catalyst Control Center - Branding
Celemony Melodyne Plugin VST RTAS v1.0
Cheetah DVD Burner
Command & Conquer Tiberian Sun
Compaq Connections (remove only)
Compaq Organize
DFX for Windows Media Player
DivX Web Player
EA Download Manager
FLV Player 1.3.3
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Software Update
IGN Download Manager 2.3.2
IL Download Manager
Isohunt-vuze Toolbar
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Kaspersky Online Scanner
Logitech Gaming Software
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Media Player Codec Pack 1.1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Easy Assist v2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
mIRC
MobileMe Control Panel
Mozilla Firefox (3.0.10)
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Network Play System (Patching)
Office 2003 Tour
OpenOffice.org Installer 1.0
PassAlong Software
PDF Settings
Perfect Uninstaller v6.3.2.6
PixiePack Codec Pack
PowerISO
PS3 Video 9 4.05
PS3.ProxyServer
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RapidLeecher .Net v 5.0 - ALPHA TECHNOLOGY PREVIEW
RealPlayer
Red Alert Windows 95
Revit Architecture 2008
Rhapsody Player Engine
Safari
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
SpyNoMore 2.56
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
Star Wars: Knights of the Old Republic (TM)
SWF Opener
SyncroSoft Emu (Remove only)
Syncrosoft's License Control
System Requirements Lab
TeamSpeak 2 RC2
TeamSpeak Overlay BETA 2 (#63)
The Rosetta Stone
Tunebite 4.1.0.35
TurboTax ItsDeductible 2005
Ultra Video Joiner 4.7.1127
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
UseNeXT
VeohTV BETA
Video Edit Magic 4.4
VideoLAN VLC media player 0.8.6d
Vuze
WexTech AnswerWorks
Windows Imaging Component
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft FREE Trial
Xfire (remove only)

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Isohunt-vuze Toolbar
Java(TM) 6 Update 13
Java(TM) 6 Update 7
SpyNoMore 2.56
Vuze

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\7spzr9e14595.exe
c:\windows\system32\d9fsteal5z9.bin
C:\MGlogs.zip
c:\windows\5a94stzal5.exe

Folder::
c:\windows\system32\.5b745e74
C:\MGtools
C:\VundoFix Backups
c:\documents and settings\bear.KQUANE-DAVID\Local Settings\Application Data\Isohunt-vuze
c:\documents and settings\NetworkService\Local Settings\Application Data\Isohunt-vuze
C:\documents and settings\jo\Application Data\Azureus
c:\documents and settings\me look\Application Data\Azureus
c:\program files\Isohunt-vuze
c:\program files\Vuze
C:\program files\BearShare

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5b745e74]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

spynomore would not remove from the add/ remove programs screen aswell as Vuze..

i went ahead and did the combo fix tho

Can you post the log please.

the file is too Big so i uploaded it to rapidshare here is the link...

http://rapidshare.com/files/241355029/ComboFix.txt.html

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
cpuz130

File::
c:\windows\certproc32.exe

Folder::
c:\documents and settings\LocalService\Local Settings\Application Data\Isohunt-vuze

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Legacy VGA Drivers V1.0]

Rootkit::
c:\windows\system32\.5b745e74\5b745e74.exe
c:\windows\system32\.5b745e74
c:\windows\TEMP\tmp1.tmp.5b745e74.tmp

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

uploaded it to rapidshare...


http://rapidshare.com/files/241533374/ComboFix.txt.html

I think that did it.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

The computer is running Great. Thank you for all your help it is very much appreciated.

Do you have any recommendations on what anti virus protection i should get, like what is the best out right know.
I am buying a new laptop and would like it to have the best anti virus protection. Thanks again.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

Thank you for these helpful tips.