Winblusoft is killing me softly =/

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

Winblusoft is killing me softly =/10th June 2009, 11:44 pm

I don't know how to get rid of it =/ any tips? i can't run any .exe please helpp

Last edited by CaliStaysHigh on 10th June 2009, 11:57 pm; edited 1 time in total (Reason for editing : no replys)

Re: Winblusoft is killing me softly =/11th June 2009, 12:24 am

Hello.

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Delete the following file in bold:
C:\Windows\system32\blocker.dll

See if it will delete in safe mode.

Re: Winblusoft is killing me softly =/11th June 2009, 12:32 am

"Cannot delete blocker:Access is denied" and something about making sure it's not in use.

oh btw, thanks for taking the time to help me out.

Re: Winblusoft is killing me softly =/11th June 2009, 12:35 am

Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2
Double click DDS.scr to run.
When complete, two logs will open. Save both of the report to your Desktop.
Copy and paste DDS.txt back here, I don't need to see attach.txt.

Re: Winblusoft is killing me softly =/11th June 2009, 12:39 am

okay, so i double click it and nothing happens...should i try on safe mode?

Re: Winblusoft is killing me softly =/11th June 2009, 12:46 am

Lets try inf, this has worked before.

Now open a new notepad file.
Input this into the notepad file:

[Version]
Signature=$CHICAGO$

[DefaultInstall]
AddReg=Del.Settings

[Del.Settings]
HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,AppInit_DLLs,0x00000000
Save this as fixreg.inf, save it to your desktop.
Right click fixreg.inf and select install.

Then reboot back into safe mode again, and try deleting blocker.dll

Re: Winblusoft is killing me softly =/11th June 2009, 12:47 am

notepad does not open.

Re: Winblusoft is killing me softly =/11th June 2009, 1:10 am

Will Wordpad open instead?

Re: Winblusoft is killing me softly =/11th June 2009, 1:12 am

ya wordpad opens. so do what you said in wordpad instead?

Re: Winblusoft is killing me softly =/11th June 2009, 1:14 am

well i tried it on wordpad and it said "Installation failed"

Re: Winblusoft is killing me softly =/11th June 2009, 1:16 am

Because Wordpad saves as a rich text format (RTF), so when you do a save as..., change the "Save as type" drop down to "Text Document", so it saves as .txt.

Then right click the file you saved, and add .inf on the end.

Re: Winblusoft is killing me softly =/11th June 2009, 1:25 am

"Cannot delete blocker:Access is denied" and something about making sure it's not in use.

all badddd =/

Re: Winblusoft is killing me softly =/11th June 2009, 5:33 am

i'm able to use "HijackThis" but notepad doesn't come out, how should i do this?

Re: Winblusoft is killing me softly =/11th June 2009, 4:07 pm

Awesome, just what I wanted.
The blocker.dll is still there, but we can delete it now.

Open HijackThis.
When Hijack This opens, click "Open the Misc Tools section"
Then select "Delete a file on reboot..."
Then find and select this file: C:\windows\system32\blocker.dll
Select okay and select yes to reboot.

After reboot, the blocker.dll will be gone and notepad will work, so post a log once done.

Re: Winblusoft is killing me softly =/11th June 2009, 6:30 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:14 AM, on 6/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\KU$H\LOCALS~1\Temp\tsz6hc1y.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\DOCUME~1\KU$H\LOCALS~1\Temp\tsz6hc1y.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\DOCUME~1\KU$H\LOCALS~1\Temp\tsz6hc1y.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\4545\2134.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe \services.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"\services.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: C:\WINDOWS\system32\yhafd78auhd.dll - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\system32\yhafd78auhd.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nzdflkioezncfiunfindiuchiuenfcdc] C:\DOCUME~1\KU$H\LOCALS~1\Temp\tsz6hc1y.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas8.exe" /minimize
O4 - HKCU\..\Run: [A00FA468D.exe] C:\DOCUME~1\KU$H\LOCALS~1\Temp\_A00FA468D.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\KU$H\LOCALS~1\Temp\tsz6hc1y.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B0C72EF-F057-4941-9148-DF7C5604B0C9}: NameServer = 85.255.112.92,85.255.112.104
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.92,85.255.112.104
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.92,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.92,85.255.112.104
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: blocker.dll
O20 - Winlogon Notify: __c00F985F - C:\WINDOWS\system32\__c00F985F.dat
O22 - SharedTaskScheduler: gsf87hfunf98398jd - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\system32\yhafd78auhd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6014 bytes

Re: Winblusoft is killing me softly =/11th June 2009, 6:35 pm

Hello.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

F2 - REG:system.ini: Shell=Explorer.exe \services.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"\services.exe"
O2 - BHO: C:\WINDOWS\system32\yhafd78auhd.dll - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\system32\yhafd78auhd.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [nzdflkioezncfiunfindiuchiuenfcdc] C:\DOCUME~1\KU$H\LOCALS~1\Temp\tsz6hc1y.exe
O4 - HKCU\..\Run: [A00FA468D.exe] C:\DOCUME~1\KU$H\LOCALS~1\Temp\_A00FA468D.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\KU$H\LOCALS~1\Temp\tsz6hc1y.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B0C72EF-F057-4941-9148-DF7C5604B0C9}: NameServer = 85.255.112.92,85.255.112.104
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.92,85.255.112.104
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.92,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.92,85.255.112.104
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: blocker.dll
O20 - Winlogon Notify: __c00F985F - C:\WINDOWS\system32\__c00F985F.dat
O22 - SharedTaskScheduler: gsf87hfunf98398jd - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\system32\yhafd78auhd.dll
Press "Fix Checked"
Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: Winblusoft is killing me softly =/11th June 2009, 6:51 pm

okay so i did the first part, but i am unable to open Malwarebytes' Anti-Malware =/

Re: Winblusoft is killing me softly =/11th June 2009, 6:57 pm

Hello.
I figured as much, but was worth a try.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Winblusoft is killing me softly =/11th June 2009, 7:15 pm

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.353 [GMT -7:00]
Running from: c:\documents and settings\KU$H\Desktop\Combo-Fix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxclvmpfwvtbiboejbmlltxdovthwrgrxuw.sys
c:\windows\system32\drivers\gxvxctumxjynkjdaieykspvgppnfoquwjsmge.sys
c:\windows\system32\drivers\gxvxcwabiqjixfqxewmttpiqqoqbavbrfulqj.sys
c:\windows\system32\drivers\SKYNETkqdcdxvr.sys
c:\windows\system32\gxvxclwagllnsiriwuqjftbejpyxevdbsgiwn.dll
c:\windows\system32\gxvxcnsfvxvkcbmuwkturwcrjfcdppxmlskfb.dll
C:\Autorun.inf
c:\docume~1\KU$H\LOCALS~1\Temp\server.exe
C:\jufnp.exe
C:\kltevup.exe
C:\mwhjm.exe
c:\windows\10539no5-a-viruz584.dll
c:\windows\10737not-a-vi9zs3a5.ocx
c:\windows\10z45hackt9ola1.dll
c:\windows\11464hackto9z5c0.exe
c:\windows\11923vi5us7z5.bin
c:\windows\11c2spa9s53104z.bin
c:\windows\12597hzckto9l56e.exe
c:\windows\12918wor598z.ocx
c:\windows\12951tr9j790z.cpl
c:\windows\13572tr9jz95.ocx
c:\windows\135915orz923.exe
c:\windows\13841zorm6159.exe
c:\windows\13z655py1899.exe
c:\windows\14636w59mz9e.ocx
c:\windows\147zpa5se96.ocx
c:\windows\14829wo957fz.ocx
c:\windows\1485595t-a-viruz577.ocx
c:\windows\14e69zar5e1252.dll
c:\windows\150489ot-a-vi5usz2f.exe
c:\windows\1513zpambot97f.ocx
c:\windows\15765w5rm29z.bin
c:\windows\15775spa9bot4za.dll
c:\windows\15828w9r5zf7.cpl
c:\windows\1594spyza9e194.ocx
c:\windows\1597addware17z3.dll
c:\windows\15bsteal9275z.dll
c:\windows\15z7add9are1567.cpl
c:\windows\160z9troj35a.dll
c:\windows\16345wozm149.ocx
c:\windows\16630za95tool1c1.ocx
c:\windows\169worm5fz.cpl
c:\windows\16c0threaz115599.exe
c:\windows\16f5downlozd9r551.cpl
c:\windows\1759zwo9mc6.ocx
c:\windows\1812b9ckdoor959z.cpl
c:\windows\1849addwar5z005.cpl
c:\windows\1869sp5waze1334.cpl
c:\windows\188z4spambot25e9.dll
c:\windows\190195zoj674.exe
c:\windows\19578zro968b.exe
c:\windows\19654vizus5845.exe
c:\windows\19875tzoj59c.dll
c:\windows\198915ormz12.bin
c:\windows\19979virus7a5z.dll
c:\windows\19z53spambot5b79.bin
c:\windows\19z59ot-a-vi5us6f9.ocx
c:\windows\19z90virus530.bin
c:\windows\1bd5v9r1858z.exe
c:\windows\1cb6th9eat50z10.ocx
c:\windows\1dczsparse4059.exe
c:\windows\1e5z9yware2303.dll
c:\windows\1e67backdooz5199.exe
c:\windows\1e95stezl1854.dll
c:\windows\1ff4sp5wa9z151.dll
c:\windows\1z253not-a5viru97a9.exe
c:\windows\1z495worm2295.exe
c:\windows\1z55thi9f2533.exe
c:\windows\1zdath59f3215.bin
c:\windows\20069hackto9z5fb5.ocx
c:\windows\20449acztool14d5.exe
c:\windows\2059sp5rse33z.bin
c:\windows\209badd5arez558.ocx
c:\windows\210909z5j4c1.cpl
c:\windows\2164zvir5s9a1.exe
c:\windows\21c5down9oaderz243.exe
c:\windows\22699h9c5zool5ae.bin
c:\windows\22813viru9157z.exe
c:\windows\229509irzs1fa.cpl
c:\windows\22z56worm6469.cpl
c:\windows\23032not-z-9ir5s5a8.dll
c:\windows\23125zor920c.ocx
c:\windows\2315zhacktoo945.bin
c:\windows\231zt5i9f2725.cpl
c:\windows\23509hiez1985.dll
c:\windows\23521spz4985.ocx
c:\windows\2387zw5r970.ocx
c:\windows\23934hack9o5l35z.dll
c:\windows\239695acktool9b3z.exe
c:\windows\23z28hacktoo93655.dll
c:\windows\2428n9t-azvirus3975.bin
c:\windows\244z95yware2419.dll
c:\windows\24563not-a-vzrus4c9.exe
c:\windows\2499troz4f55.ocx
c:\windows\249z4spy159.bin
c:\windows\250threat519z9.ocx
c:\windows\25280zo9m611.cpl
c:\windows\25326s9yz4b5.ocx
c:\windows\253b9hreatz6182.cpl
c:\windows\25503spazbot59e.ocx
c:\windows\25565no95a-vzrus73f.bin
c:\windows\25695not-z-virus3b8.ocx
c:\windows\25821notza-v9ru52b6.exe
c:\windows\25911virus25dz.exe
c:\windows\2599thi5f287z.ocx
c:\windows\259zthreat55249.cpl
c:\windows\25e9tzief3212.exe
c:\windows\25z94vir5s758.dll
c:\windows\26553not-9zvirus52b.dll
c:\windows\26718vir951d4z.ocx
c:\windows\26881szamb9t3f5.dll
c:\windows\26966nzt-a-vi95s40f.cpl
c:\windows\26bespar9e5z32.ocx
c:\windows\26z35n5t-9-virus776.bin
c:\windows\2746zhac5toolc39.cpl
c:\windows\27522sp9z9f.exe
c:\windows\279479ackzoo5473.cpl
c:\windows\282385roz952.dll
c:\windows\2912spambot7z75.dll
c:\windows\2927zspam5ot319.ocx
c:\windows\29908sp560z.dll
c:\windows\29939woz5182.bin
c:\windows\2999spywaz5583.bin
c:\windows\2999zworm165.bin
c:\windows\29efthief209z5.ocx
c:\windows\29z05tro969a5.cpl
c:\windows\29z38s5ambot7779.bin
c:\windows\29zfdownloader645.dll
c:\windows\2b07a9dw5re16z9.bin
c:\windows\2b94zt5al2558.ocx
c:\windows\2c15baczdoor859.dll
c:\windows\2cz5st9al1551.ocx
c:\windows\2d58backdoorz898.exe
c:\windows\2df1s5yw9re32z0.exe
c:\windows\2z296tr957ea.ocx
c:\windows\2z556vi5us499.exe
c:\windows\2z683not-a-5irus46e9.bin
c:\windows\2z8fthreat18539.dll
c:\windows\2zecv5r9008.dll
c:\windows\3012zt5oj3c29.cpl
c:\windows\3057ba5zdoor19629.ocx
c:\windows\30754spzm9ot3e7.ocx
c:\windows\308a5hz9f1659.dll
c:\windows\3090a59waze1719.exe
c:\windows\3096spzw5re32.ocx
c:\windows\3215t5o9529z.bin
c:\windows\32577viru95z5.ocx
c:\windows\3259thief9z8.ocx
c:\windows\3274n9z5a-virus122.cpl
c:\windows\3278tzie5948.cpl
c:\windows\3285sz5rse1599.exe
c:\windows\32f15par9ez699.dll
c:\windows\33035py159z.dll
c:\windows\33d1v5r690z.bin
c:\windows\34ffspy9zre2953.exe
c:\windows\3510zvirus945.cpl
c:\windows\354559py529z.dll
c:\windows\3545tzr9at25427.cpl
c:\windows\35779troj9z4.cpl
c:\windows\358stez92011.bin
c:\windows\35zbsparse2961.exe
c:\windows\36c45zief929.cpl
c:\windows\382s9ar5e28z6.cpl
c:\windows\3906zhi5f615.dll
c:\windows\3926spz5bot2df.ocx
c:\windows\39305ackdozr3949.bin
c:\windows\3932addwar91755z.exe
c:\windows\395a9oznloa5er2938.dll
c:\windows\3999addzar5926.dll
c:\windows\39b8spar5e133z.bin
c:\windows\3b91spyz5re2254.dll
c:\windows\3c549ir214z.ocx
c:\windows\3c9stezl2507.ocx
c:\windows\3e01zownl5ader9.ocx
c:\windows\3f9aszywa5e955.ocx
c:\windows\3f9azdware539.cpl
c:\windows\3ff9th5eat29769z.ocx
c:\windows\3z39thre9t35217.cpl
c:\windows\3z595hief3195.ocx
c:\windows\3z965spy2ef.ocx
c:\windows\4192t5reat98z69.cpl
c:\windows\4203zir1955.ocx
c:\windows\4215spzrse9178.ocx
c:\windows\4353spywar92264z.dll
c:\windows\45215acktool59az.bin
c:\windows\4543not9a-virzs41c.exe
c:\windows\4544threat9z08.cpl
c:\windows\4569szeal2554.ocx
c:\windows\459zh9eat27026.ocx
c:\windows\45fat5r9at9115z.bin
c:\windows\4660spar953z1.dll
c:\windows\4667s5y7z9.ocx
c:\windows\473dsp5ware1981z.ocx
c:\windows\487esparz9425.ocx
c:\windows\4888not-a-viruz2955.cpl
c:\windows\4904wormz85.ocx
c:\windows\4955spywarz2974.exe
c:\windows\495bvirz935.bin
c:\windows\4976no5-a-virus7b1z.cpl
c:\windows\4991wor5z8.dll
c:\windows\4998viru9z65.cpl
c:\windows\49d99pa5se21z4.bin
c:\windows\49e85hzef1267.bin
c:\windows\49fz5i92902.ocx
c:\windows\4a075ir13z49.dll
c:\windows\4b95steal1190z.cpl
c:\windows\4f1cdoznload9r4785.dll
c:\windows\4fa9pywarz2255.cpl
c:\windows\5119vzr5s283.ocx
c:\windows\511bbackdoor196z.dll
c:\windows\5143znot-a-virus995.cpl
c:\windows\51935ir9z58a.cpl
c:\windows\51d9thz5at6048.dll
c:\windows\5201spa5botz79.cpl
c:\windows\5235addware29z9.ocx
c:\windows\52397not-a-viruz7bc.ocx
c:\windows\52668sp928z.dll
c:\windows\52b5ste9l2z61.ocx
c:\windows\535fstez9497.dll
c:\windows\536zdow9loade52634.cpl
c:\windows\53z26spa9bot772.dll
c:\windows\543spa9sz3160.exe
c:\windows\546dzownloade516919.dll
c:\windows\5499v9rusz73.dll
c:\windows\5503zo9m91.ocx
c:\windows\5514s9yz84.exe
c:\windows\5526thief25z9.exe
c:\windows\556athi9f2755z.ocx
c:\windows\5593n5t-a-vzr9s184.exe
c:\windows\55c4ztea915525.dll
c:\windows\55c9sparsz1159.cpl
c:\windows\55z89irus787.ocx
c:\windows\5698s5zware1393.exe
c:\windows\5748w5zm19e.cpl
c:\windows\5755spzrse9556.cpl
c:\windows\57599parse265z.bin
c:\windows\57b8sparze19465.cpl
c:\windows\58026spa9bota9z.dll
c:\windows\585abzckdoo9921.ocx
c:\windows\587319pambotz23.dll
c:\windows\587bsteal19z05.dll
c:\windows\590dvz52876.bin
c:\windows\5925ste9lz64.dll
c:\windows\592zthr5at207249.ocx
c:\windows\593zh5ef955.ocx
c:\windows\59508hacktool2a6z.bin
c:\windows\595z1virus759.bin
c:\windows\596zspy9are2833.exe
c:\windows\597z5ir898.bin
c:\windows\59915notza-virus3a0.cpl
c:\windows\5997zpy5are953.dll
c:\windows\59ecdo9zloader5784.cpl
c:\windows\59z9spar9e9355.exe
c:\windows\5a7bs9e5z2839.ocx
c:\windows\5b6bs95warz2403.dll
c:\windows\5c5threat95496z.ocx
c:\windows\5cb9par5e2z24.dll
c:\windows\5dz49p5rse3062.bin
c:\windows\5e09thzeat252749.ocx
c:\windows\5e9f9irz981.ocx
c:\windows\5f5backdoorz969.dll
c:\windows\5z131sp9323.bin
c:\windows\5z7espa9se2972.bin
c:\windows\5zft9rea514813.ocx
c:\windows\6156zparse2469.bin
c:\windows\61885teaz2169.exe
c:\windows\61e3a9dwaze2952.ocx
c:\windows\62sp5zbo92ae.bin
c:\windows\6344stea9z1835.ocx
c:\windows\64995pyware2z199.bin
c:\windows\65d8t9re5t1548z.dll
c:\windows\6707t5oj4z9.cpl
c:\windows\6731wozm4259.ocx
c:\windows\67405tzal599.cpl
c:\windows\6791tr5j67dz.exe
c:\windows\6a0bb9ckd5zr1190.bin
c:\windows\6ab595wnlzader3071.dll
c:\windows\6cb6backdozr5439.ocx
c:\windows\6d99downlo5derz263.dll
c:\windows\6e5zaddware9382.dll
c:\windows\6ed85tealz249.ocx
c:\windows\6ed9spywa5ez011.dll
c:\windows\6z4ft9ief26405.dll
c:\windows\6z86v5r9s379.dll
c:\windows\70f95hreat27957z.dll
c:\windows\70z5thre5t6923.bin
c:\windows\7294dow9lzader1594.bin
c:\windows\72z9ste95120.bin
c:\windows\735zdownlo5der3159.cpl
c:\windows\7599t5iez1851.cpl
c:\windows\75bzv9r164.dll
c:\windows\75zcthreat510649.cpl

Re: Winblusoft is killing me softly =/11th June 2009, 7:16 pm

c:\windows\7658vi93z11.ocx
c:\windows\76zcst5a9908.cpl
c:\windows\7760s5ywar93120z.exe
c:\windows\7794thiz91584.cpl
c:\windows\7859addware21z.dll
c:\windows\786d9ownlozder2590.cpl
c:\windows\78d9ba9kdoor245z.bin
c:\windows\78f7downloade52995z.exe
c:\windows\7908worm65z.dll
c:\windows\7938thi5fz378.ocx
c:\windows\7967spy9zr5725.ocx
c:\windows\7b62do5zlo9der882.exe
c:\windows\7fc55hre9tz3518.bin
c:\windows\7ze4s59rse2601.bin
c:\windows\8159v9rusbaz.cpl
c:\windows\8355hz9ktool7c5.exe
c:\windows\84athrea9z6578.exe
c:\windows\8540not5z-virus935.dll
c:\windows\8652spzmbot9c65.ocx
c:\windows\906655acktzol586.exe
c:\windows\9149teal1z85.ocx
c:\windows\91615tr5j6zb.bin
c:\windows\9167thief529z.bin
c:\windows\92699acztool54.dll
c:\windows\92720szy51e.ocx
c:\windows\93285p94za.exe
c:\windows\94270n5t-a-viruz795.dll
c:\windows\9523wo595d8z.bin
c:\windows\9531hackzool6f9.cpl
c:\windows\9545hackz9ol389.cpl
c:\windows\955zhie53094.bin
c:\windows\9604v5rz355.cpl
c:\windows\96z45w5rm33c.exe
c:\windows\9754v5r3z33.bin
c:\windows\984a9zwa5e95.exe
c:\windows\9853steaz3200.exe
c:\windows\9859vizus3a1.exe
c:\windows\9878wor9665z.ocx
c:\windows\9895backd5zr905.ocx
c:\windows\9979thief5z80.cpl
c:\windows\9aa5virz847.bin
c:\windows\9c92vir55z9.ocx
c:\windows\9d5zparse344.bin
c:\windows\9d75spyware31z15.ocx
c:\windows\a0zvi92257.bin
c:\windows\aebba9zdoor2540.ocx
c:\windows\c9cd5wnloazer932.ocx
c:\windows\cz39teal5129.cpl
c:\windows\d88spyw9rez050.bin
c:\windows\ee7azdwar96895.bin
c:\windows\ez5th9ef387.cpl
c:\windows\f59steal5174z.cpl
c:\windows\system32\__c00F985F.dat
c:\windows\system32\109z9not-a-virus95.dll
c:\windows\system32\114z3wo5m12b9.ocx
c:\windows\system32\1155wor95zf.exe
c:\windows\system32\11644hzck9ool505.exe
c:\windows\system32\1192sz9wa5e64.exe
c:\windows\system32\12299s95mbotz11.bin
c:\windows\system32\129959r5z98.ocx
c:\windows\system32\12acbackd5or10z19.dll
c:\windows\system32\13161hackzool599.ocx
c:\windows\system32\1337zspa9bo5629.bin
c:\windows\system32\1365zsp978.dll
c:\windows\system32\1381backd9z54.bin
c:\windows\system32\13885virzsa9.bin
c:\windows\system32\141z1wo951c6.ocx
c:\windows\system32\145929zambotac5.bin
c:\windows\system32\1459szyware8509.dll
c:\windows\system32\149dbac5door26z9.ocx
c:\windows\system32\1508s9eal2z58.dll
c:\windows\system32\15210haz59ool504.exe
c:\windows\system32\15387hazkt59l375.exe
c:\windows\system32\15448ha9kt5ol779z.bin
c:\windows\system32\155z9d5ware2593.cpl
c:\windows\system32\15615spz5a9.bin
c:\windows\system32\156z4spam5ot90a.ocx
c:\windows\system32\15807not-5-vir9s36z.bin
c:\windows\system32\16239t5ojz699.bin
c:\windows\system32\1628znot-9-virus5c3.ocx
c:\windows\system32\1638zv9ru55b5.cpl
c:\windows\system32\16411not-a-virus953z.cpl
c:\windows\system32\16538not-a-v9rzs750.exe
c:\windows\system32\1654z9roj40d.ocx
c:\windows\system32\166879i5us78z.bin
c:\windows\system32\166fdown9oa5zr3110.exe
c:\windows\system32\167ethr9at3z255.cpl
c:\windows\system32\16zathre5t3594.exe
c:\windows\system32\17400troj95bz.dll
c:\windows\system32\17539spz589.ocx
c:\windows\system32\18954sp92z65.cpl
c:\windows\system32\18z97hac5tool92.dll
c:\windows\system32\19495spyza79.dll
c:\windows\system32\19969zirus4c55.dll
c:\windows\system32\19z045acktool6f.cpl
c:\windows\system32\19z65spy4aa9.exe
c:\windows\system32\1aa8zac5door9964.dll
c:\windows\system32\1b62th9z5t4794.cpl
c:\windows\system32\1c499ackdo5r14z.ocx
c:\windows\system32\1c55stzal9389.dll
c:\windows\system32\1f80ba9kdoor501z.cpl
c:\windows\system32\1fdzspa9se5811.exe
c:\windows\system32\1z3905orm5539.exe
c:\windows\system32\1z88addwa9e29465.ocx
c:\windows\system32\1z961spam5ot7ad.cpl
c:\windows\system32\20685spa5zot1ab9.bin
c:\windows\system32\20789troz9c5.cpl
c:\windows\system32\209769py55z.dll
c:\windows\system32\21z265r9j20d.cpl
c:\windows\system32\22035hacktzol95d5.dll
c:\windows\system32\220bspy5z9e194.bin
c:\windows\system32\2221th9ea5938z.bin
c:\windows\system32\2249acz5oor617.cpl
c:\windows\system32\22835hazktool299.exe
c:\windows\system32\2295virus642z.bin
c:\windows\system32\22996tro52abz.bin
c:\windows\system32\23281zo5m579.cpl
c:\windows\system32\2335sp95z4.bin
c:\windows\system32\235099pazbot4f5.cpl
c:\windows\system32\23795hief5z8.ocx
c:\windows\system32\23996w5rz486.exe
c:\windows\system32\242495ot-a-virzs3b4.cpl
c:\windows\system32\243z6viru5194.exe
c:\windows\system32\244espar5e9z29.exe
c:\windows\system32\24510sz9mbot5d5.ocx
c:\windows\system32\24550hzck9ool27.cpl
c:\windows\system32\2477559rm2fz.cpl
c:\windows\system32\24zth5ef9050.bin
c:\windows\system32\25152zpy3259.ocx
c:\windows\system32\252599roj34z.dll
c:\windows\system32\25407hzcktool2b9.cpl
c:\windows\system32\254799pz7bc.dll
c:\windows\system32\25510zorm295.bin
c:\windows\system32\25629teal173z.cpl
c:\windows\system32\25695notza-v9rus5de5.ocx
c:\windows\system32\25728z9ambot76b.bin
c:\windows\system32\2588not-9zviru57cf.exe
c:\windows\system32\2625vi9us1z5.cpl
c:\windows\system32\2645z5py62a9.bin
c:\windows\system32\26569sp95bot65z.exe
c:\windows\system32\2656zspy293.dll
c:\windows\system32\26613wormz259.exe
c:\windows\system32\26890spambzt659.exe
c:\windows\system32\26894wzr5295.exe
c:\windows\system32\26d1downloader9z705.bin
c:\windows\system32\27648not9azviru57af.cpl
c:\windows\system32\277ab9ckdo5r271z.cpl
c:\windows\system32\27832wo5m92z.dll
c:\windows\system32\28075ot-a-vizus4e09.exe
c:\windows\system32\283z0s95454.exe
c:\windows\system32\2855s95alz467.ocx
c:\windows\system32\28994szy599.bin
c:\windows\system32\28z69py577.bin
c:\windows\system32\290675pa9bot58z.ocx
c:\windows\system32\29095spz815.dll
c:\windows\system32\291865pambotzda.ocx
c:\windows\system32\291spzr5e1299.cpl
c:\windows\system32\29290zacktoo53eb.dll
c:\windows\system32\29303t5oj57fz.bin
c:\windows\system32\29554tro5337z.bin
c:\windows\system32\296205rzj494.bin
c:\windows\system32\29689troj3z59.ocx
c:\windows\system32\2999addwarez435.dll
c:\windows\system32\29e0dowzloade51649.dll
c:\windows\system32\2b92zh5eat25136.dll
c:\windows\system32\2ba5spar5956z.ocx
c:\windows\system32\2e6fdown9oader52z9.bin
c:\windows\system32\2f9fthrzat4825.exe
c:\windows\system32\2z1845py279.exe
c:\windows\system32\2z589not-9-virus58b.bin
c:\windows\system32\2z611wo9590.dll
c:\windows\system32\2z70addware1595.bin
c:\windows\system32\2z80download9r1335.ocx
c:\windows\system32\2z90hac5tool349.exe
c:\windows\system32\301529py1z8.cpl
c:\windows\system32\30225spa9zo5741.dll
c:\windows\system32\30451spazbo979.bin
c:\windows\system32\3078dowzloade91465.exe
c:\windows\system32\3098thief18z85.ocx
c:\windows\system32\30992t9oj65z5.bin
c:\windows\system32\3135st9zl2896.dll
c:\windows\system32\31365zackt9olbf.exe
c:\windows\system32\3208d9wn5oadez46.exe
c:\windows\system32\32296s5am9ot7az.ocx
c:\windows\system32\324965roz51d.bin
c:\windows\system32\32e1sp59se226z.dll
c:\windows\system32\3337b59kdoorz356.bin
c:\windows\system32\3455steaz91105.bin
c:\windows\system32\345zw5rm45c9.exe
c:\windows\system32\3545worm3cz9.dll
c:\windows\system32\3580zworm369.bin
c:\windows\system32\3595backdo9z2049.ocx
c:\windows\system32\359fthreat2315z.ocx
c:\windows\system32\35a6s9ywzre407.bin
c:\windows\system32\35e65z9eat3220.ocx
c:\windows\system32\3669tzreat32765.ocx
c:\windows\system32\373db95kdoor176z.bin
c:\windows\system32\3906sp51zb9.dll
c:\windows\system32\3941spyware537z.cpl
c:\windows\system32\3945back9zo51791.cpl
c:\windows\system32\394vir6z45.bin
c:\windows\system32\3957st9al2097z.dll
c:\windows\system32\3995hzc5tool398.exe
c:\windows\system32\399azac5door2360.ocx
c:\windows\system32\399azpyware29905.dll
c:\windows\system32\3b25backdooz1195.ocx
c:\windows\system32\3be8s9ywzre495.cpl
c:\windows\system32\3cz6vir18965.dll
c:\windows\system32\3e19thief954z.dll
c:\windows\system32\3f7bd9wnloadz51876.exe
c:\windows\system32\3f8zspywar519209.cpl
c:\windows\system32\3fbcad5w9rz3261.ocx
c:\windows\system32\3z59troj5d9.dll
c:\windows\system32\3z715te9l2361.cpl
c:\windows\system32\3z886hac5tool59a.cpl
c:\windows\system32\3z9espyw5re609.cpl
c:\windows\system32\3zc4spyw9r5234.dll
c:\windows\system32\409zspamb9t685.exe
c:\windows\system32\41zet5i9f1939.dll
c:\windows\system32\4295threzt14548.ocx
c:\windows\system32\42zspy259.exe
c:\windows\system32\4492addwa5ez4599.cpl
c:\windows\system32\451e9ir494z.ocx
c:\windows\system32\45b9zparse661.ocx
c:\windows\system32\474b95dwzre113.exe
c:\windows\system32\4979wzr5221.dll
c:\windows\system32\49fespyw5r92z94.exe
c:\windows\system32\4az7t5reat9379.bin
c:\windows\system32\4b2cspywa5e109z.exe
c:\windows\system32\4b5cvir399z.ocx
c:\windows\system32\4c20spzwar95917.exe
c:\windows\system32\4c8059zef2248.exe
c:\windows\system32\4d49thi5f237z.dll
c:\windows\system32\4dc4downloa9zr524.exe
c:\windows\system32\4e5a9pazse550.cpl
c:\windows\system32\4eczsparse795.exe
c:\windows\system32\4f0fbzck5oor20459.ocx
c:\windows\system32\4fa7b9ckdo5rz817.ocx
c:\windows\system32\4fbas95rse1554z.cpl
c:\windows\system32\4fdc9zdware30215.cpl
c:\windows\system32\4za1thr59t32261.cpl
c:\windows\system32\4zbthre9t23508.exe
c:\windows\system32\5071bz5kdoor3229.exe
c:\windows\system32\51059szy93.dll
c:\windows\system32\51649irus2fbz.cpl
c:\windows\system32\51e2threat3z3259.bin
c:\windows\system32\51f3thzea932047.ocx
c:\windows\system32\529fviz2931.ocx
c:\windows\system32\53790hacktool40z.exe
c:\windows\system32\5391v9rzs97.bin
c:\windows\system32\53fzsp9ware2259.dll
c:\windows\system32\5474add9zre1289.exe
c:\windows\system32\547759orz95.dll
c:\windows\system32\547fstzal490.ocx
c:\windows\system32\549spyware136z9.dll
c:\windows\system32\54adt5reaz29291.exe
c:\windows\system32\5525t9oz4915.cpl
c:\windows\system32\5539vir2391z.dll
c:\windows\system32\55496hack9ool58dz.cpl
c:\windows\system32\55512zp95a2.ocx
c:\windows\system32\5592zp947.dll
c:\windows\system32\5601zspyb9.exe
c:\windows\system32\56850tr9j344z.ocx
c:\windows\system32\56956wo9mz3.bin
c:\windows\system32\56c5bac9doorz975.ocx
c:\windows\system32\57159virus11bz.cpl
c:\windows\system32\5757sp5rsez96.ocx
c:\windows\system32\57e8addwzre19955.cpl
c:\windows\system32\57z19spambot756.exe
c:\windows\system32\58865zor92dc.dll
c:\windows\system32\58f59ackdoor23z6.dll
c:\windows\system32\590dspa5ze148.cpl
c:\windows\system32\59476not-a9virusa1z.cpl
c:\windows\system32\5949wozm4ca5.ocx
c:\windows\system32\5965t9oz11.cpl
c:\windows\system32\5968zhie5461.ocx
c:\windows\system32\597z1not-a-vir9s4d3.ocx
c:\windows\system32\5983zhacktool105.cpl
c:\windows\system32\59b0zpywa9e1725.cpl
c:\windows\system32\59b7dow9load5r7z5.ocx
c:\windows\system32\59bzthief2149.cpl
c:\windows\system32\59d4downloa5erz061.ocx
c:\windows\system32\59f6vz9542.exe
c:\windows\system32\59z1sparse3156.bin
c:\windows\system32\5aecthief169z.bin
c:\windows\system32\5b8bthzeat19690.ocx
c:\windows\system32\5c60thiez869.cpl
c:\windows\system32\5c6athr5at92085z.exe
c:\windows\system32\5c75thrzat178359.exe
c:\windows\system32\5d98sparze2527.cpl
c:\windows\system32\5d9zh5ef2145.bin
c:\windows\system32\5da5t5reaz91629.cpl
c:\windows\system32\5e9st5az1145.bin
c:\windows\system32\5f19ba5kdzor509.dll
c:\windows\system32\5f25virz7119.exe
c:\windows\system32\5f48bzckdo9r3257.bin
c:\windows\system32\5f5bsz9a5195.ocx
c:\windows\system32\5f6ddo5nloade92z92.cpl
c:\windows\system32\5f90backdoo59995z.dll
c:\windows\system32\5f9es5eal57z.exe
c:\windows\system32\5f9zspy5are947.ocx
c:\windows\system32\5z4cthief1579.cpl
c:\windows\system32\5z81sp5mbot2649.bin
c:\windows\system32\603f5hie9z626.cpl
c:\windows\system32\6127vi95s6dez.dll
c:\windows\system32\6365steal2z96.bin
c:\windows\system32\64zasp95se1183.bin
c:\windows\system32\6589downloadez853.cpl
c:\windows\system32\65azvir1499.ocx
c:\windows\system32\65d0downloazer1972.exe
c:\windows\system32\667tr5j598z.dll
c:\windows\system32\670th5zf798.exe
c:\windows\system32\6735zownloa9er913.dll
c:\windows\system32\6775vir2z93.dll
c:\windows\system32\67thi5z799.ocx
c:\windows\system32\6833stea9562z.exe
c:\windows\system32\68955zr9260.exe
c:\windows\system32\68e7zddw59e290.bin
c:\windows\system32\6920s9y4zd5.bin
c:\windows\system32\6939sz9ware14365.ocx
c:\windows\system32\6959szeal2869.ocx
c:\windows\system32\6a7zthre5t9735.bin
c:\windows\system32\6c95zddware1835.exe
c:\windows\system32\6c989zyware1795.bin
c:\windows\system32\6dad5dzware2219.ocx
c:\windows\system32\6e56sparsz3629.ocx
c:\windows\system32\6f559teal13z7.ocx
c:\windows\system32\700zback59or191.dll
c:\windows\system32\7195steal29z1.ocx
c:\windows\system32\719zsteal1957.ocx
c:\windows\system32\724zback5oor21679.dll
c:\windows\system32\7437sp9mzot359.exe
c:\windows\system32\750aspyware98z9.cpl
c:\windows\system32\755z5t-9-virus159.bin
c:\windows\system32\7593backdooz69.cpl
c:\windows\system32\7594backdoorz963.exe
c:\windows\system32\76f9dzwnl9ade5258.dll
c:\windows\system32\77z5t5o9129.exe
c:\windows\system32\7829zac5door597.dll
c:\windows\system32\7900wo5m1a0z.bin
c:\windows\system32\7989dz5nloader1197.exe
c:\windows\system32\799z9yware5395.cpl
c:\windows\system32\79d3spyw5r91004z.bin
c:\windows\system32\7aeeaz59are322.ocx
c:\windows\system32\7b9downloader16z15.exe
c:\windows\system32\7bd759zal154.exe
c:\windows\system32\7c5athr9at996z.exe
c:\windows\system32\7d5bste9l210z.cpl
c:\windows\system32\7e915tealz35.ocx
c:\windows\system32\7fb1t5i9z1285.dll
c:\windows\system32\7fzd5parse992.ocx
c:\windows\system32\7z1ado5nloader629.dll
c:\windows\system32\7z1cth9ef1515.exe
c:\windows\system32\8085hackz9ol3cb.ocx
c:\windows\system32\82495zy29.cpl
c:\windows\system32\8278n5t-azv9rus5a.ocx
c:\windows\system32\835z9irus5d1.ocx
c:\windows\system32\8556wor9z6.exe
c:\windows\system32\8807spa95ot6zb.dll
c:\windows\system32\8965pz197.bin
c:\windows\system32\8z9addware55589.cpl
c:\windows\system32\905a5parze311.bin
c:\windows\system32\905z6virus59f.cpl
c:\windows\system32\90791wzr5174.cpl
c:\windows\system32\9152z5ya9.dll
c:\windows\system32\915zsp5rse1942.cpl
c:\windows\system32\92145spy47z.dll
c:\windows\system32\92157s5yza8.exe
c:\windows\system32\9252backdozr5165.bin
c:\windows\system32\925zvirus6e95.ocx
c:\windows\system32\93z95worm459.cpl
c:\windows\system32\9413zor95d5.bin
c:\windows\system32\9420spy39z5.cpl
c:\windows\system32\94441hacktooz556.dll
c:\windows\system32\94536z5rus598.exe
c:\windows\system32\95115spambot425z.cpl
c:\windows\system32\95300worz459.ocx
c:\windows\system32\95528hackt5zl55f.ocx

Re: Winblusoft is killing me softly =/11th June 2009, 7:16 pm

c:\windows\system32\9581tz5j9c0.exe
c:\windows\system32\9584virz094.exe
c:\windows\system32\95z615pambot65d.ocx
c:\windows\system32\95zvir359.bin
c:\windows\system32\96150wormzeb5.ocx
c:\windows\system32\961fspywarez9115.dll
c:\windows\system32\96200ziru5720.ocx
c:\windows\system32\962wozm1995.exe
c:\windows\system32\96c75irz583.cpl
c:\windows\system32\96z15spambot1bd.dll
c:\windows\system32\979z5s5ambot5be.bin
c:\windows\system32\98159virus5zc.exe
c:\windows\system32\9851downloadzr2376.exe
c:\windows\system32\9993hackzool531.ocx
c:\windows\system32\9aa2a5dwzre442.bin
c:\windows\system32\9c635teaz310.cpl
c:\windows\system32\9c7dow5zoader89.ocx
c:\windows\system32\9cd7sparze30255.bin
c:\windows\system32\9d63tzie53231.exe
c:\windows\system32\9daazhreat26635.bin
c:\windows\system32\9df6back5oor197z.ocx
c:\windows\system32\9z514spa5bot20.cpl
c:\windows\system32\9z69teal1757.exe
c:\windows\system32\9ze15ownloader2294.bin
c:\windows\system32\a5c9irz585.ocx
c:\windows\system32\b955iz1376.exe
c:\windows\system32\ce0sparz914245.cpl
c:\windows\system32\d3fdozn9oader3165.bin
c:\windows\system32\drivers\gxvxclvmpfwvtbiboejbmlltxdovthwrgrxuw.sys
c:\windows\system32\drivers\gxvxctumxjynkjdaieykspvgppnfoquwjsmge.sys
c:\windows\system32\drivers\gxvxcwabiqjixfqxewmttpiqqoqbavbrfulqj.sys
c:\windows\system32\drivers\SKYNETkqdcdxvr.sys
c:\windows\system32\e1dviz9459.ocx
c:\windows\system32\e3zs95al1435.exe
c:\windows\system32\f0z9own5oader2775.bin
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxclwagllnsiriwuqjftbejpyxevdbsgiwn.dll
c:\windows\system32\gxvxcnsfvxvkcbmuwkturwcrjfcdppxmlskfb.dll
c:\windows\system32\kungsfrxuhampp.dat
c:\windows\system32\kungsfvenkdofq.dll
c:\windows\system32\kungsfveotxyuy.dll
c:\windows\system32\NCTAudioInformation2.dll
c:\windows\system32\yhafd78auhd.dll
c:\windows\system32\z0578worm595.ocx
c:\windows\system32\z1515spambot39d.cpl
c:\windows\system32\z209spars51318.dll
c:\windows\system32\z2590spambot329.bin
c:\windows\system32\z3162spy159.cpl
c:\windows\system32\z3754hacktool3a9.dll
c:\windows\system32\z3783troj5795.cpl
c:\windows\system32\z45vir23569.bin
c:\windows\system32\z496b9ckdoor1915.ocx
c:\windows\system32\z49cdo5n9oader1801.exe
c:\windows\system32\z4ccthreat99554.exe
c:\windows\system32\z5295worm9c5.ocx
c:\windows\system32\z535sparse954.bin
c:\windows\system32\z552a5dw9re1150.dll
c:\windows\system32\z59daddware3099.bin
c:\windows\system32\z5bfvi9538.ocx
c:\windows\system32\z5df9ir1183.ocx
c:\windows\system32\z5e7sp5ware1394.ocx
c:\windows\system32\z63fstea59236.bin
c:\windows\system32\z656ba59door2099.cpl
c:\windows\system32\z6cbbackdoor2495.ocx
c:\windows\system32\z8a5downloader1099.dll
c:\windows\system32\z9e8spyw9re157.bin
c:\windows\system32\za60backdoor9955.ocx
c:\windows\system32\zcf4downl5ader3960.exe
c:\windows\system32\zd98addware501.exe
c:\windows\system32\zf5daddware4339.cpl
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\z0d5thi9f1197.dll
c:\windows\z1709o5m4e6.cpl
c:\windows\z2ac5hief1959.ocx
c:\windows\z4915pambot290.dll
c:\windows\z4936w5rm214.cpl
c:\windows\z59v9r2556.cpl
c:\windows\z65cspywa5e9495.exe
c:\windows\z65cvi9838.bin
c:\windows\z6799orm665.ocx
c:\windows\z6996sp56b6.dll
c:\windows\z6f9thie51884.cpl
c:\windows\z7503hackto595b.bin
c:\windows\z7560sp9mbot6155.exe
c:\windows\z7745pa9se375.cpl
c:\windows\z85279pambot562.bin
c:\windows\z8fc9hreat885.ocx
c:\windows\zb55ad9ware1026.cpl
c:\windows\zc99addwa952256.bin
c:\windows\ze09s5eal2694.dll
C:\ysjmlii.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETxpbvpetu
-------\Service_GXVXCSERV.SYS
-------\Service_kungsftarddtiw

((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.

2009-06-11 18:50 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 18:49 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 18:49 . 2009-06-11 18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 18:24 . 2009-06-11 18:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-11 08:44 . 2009-06-11 08:44 -------- d-----w- c:\documents and settings\KU$H\Application Data\IObit
2009-06-11 08:44 . 2009-06-11 08:44 -------- d-----w- c:\program files\IObit
2009-06-11 08:25 . 2009-06-11 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-06-11 03:25 . 2009-06-11 03:25 -------- d-----w- c:\program files\CCleaner
2009-06-10 22:41 . 2009-06-10 22:51 -------- d-----w- c:\program files\Trend Micro
2009-06-10 22:22 . 2009-06-10 22:48 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-10 22:19 . 2009-06-11 00:27 -------- d-----w- c:\program files\7-Zip
2009-06-05 01:25 . 2009-06-05 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-05 00:39 . 2009-06-05 00:39 -------- d-----w- c:\windows\system32\NtmsData
2009-06-05 00:05 . 2009-06-05 00:05 38400 ----a-w- C:\ujoqro.exe
2009-06-05 00:05 . 2009-06-05 02:19 -------- d-----w- c:\program files\RegistryFix7
2009-06-04 23:58 . 2009-06-05 00:00 -------- d-----w- c:\documents and settings\KU$H\Application Data\AVGTOOLBAR
2009-06-04 23:31 . 2009-06-05 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-04 17:42 . 2009-06-04 17:42 0 ----a-w- c:\windows\nsreg.dat
2009-06-04 17:42 . 2009-06-04 17:42 -------- d-----w- c:\documents and settings\KU$H\Local Settings\Application Data\Mozilla
2009-06-04 08:37 . 2009-06-04 08:37 -------- d-sh--w- c:\program files\Common Files\Microsoft Service
2009-06-04 07:03 . 2009-06-04 07:03 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-25 00:01 . 2009-05-25 00:01 -------- d-----w- c:\windows\Sun
2009-05-22 05:39 . 2009-05-22 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\CopyPod
2009-05-22 05:39 . 2009-05-22 05:39 -------- d-----w- c:\program files\CopyPod
2009-05-20 08:09 . 2009-06-11 00:54 -------- d-----w- c:\program files\WinAVI MP4 Converter
2009-05-17 00:11 . 2009-05-17 00:11 -------- d-----w- c:\documents and settings\KU$H\Local Settings\Application Data\TouchStoneSoftware
2009-05-17 00:10 . 2009-05-17 00:10 -------- d-----w- c:\program files\TouchStoneSoftware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 22:27 . 2009-03-25 02:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-10 22:14 . 2009-04-08 05:24 -------- d-----w- c:\documents and settings\KU$H\Application Data\LimeWire
2009-06-10 20:41 . 2009-03-24 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-04 23:29 . 2009-03-24 22:09 -------- d-----w- c:\documents and settings\KU$H\Application Data\uTorrent
2009-06-04 07:29 . 2009-04-02 22:20 426016 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-04 07:29 . 2009-04-02 22:20 2536 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-04 07:12 . 2009-03-24 22:12 -------- d-----w- c:\program files\iTunes
2009-06-04 07:12 . 2009-03-24 22:12 -------- d-----w- c:\program files\iPod
2009-06-04 07:11 . 2009-03-24 22:39 -------- d-----w- c:\program files\Common Files\Apple
2009-06-04 07:10 . 2009-03-24 22:12 -------- d-----w- c:\program files\QuickTime
2009-06-03 09:21 . 2009-04-02 22:20 1992736 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-03 09:21 . 2009-04-02 22:20 16648 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-03 09:20 . 2009-04-02 22:20 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-29 20:36 . 2009-03-24 22:39 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 20:36 . 2009-03-24 22:39 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-20 15:14 . 2009-04-02 22:20 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-20 15:14 . 2009-04-02 22:20 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-13 06:35 . 2009-03-24 22:42 -------- d-----w- c:\documents and settings\KU$H\Application Data\Apple Computer
2009-05-11 21:48 . 2009-05-11 21:48 -------- d-----w- c:\program files\4U Computing
2009-05-08 23:12 . 2009-05-08 09:55 -------- d-----w- c:\program files\4Musics Multiformat Converter
2009-05-08 09:48 . 2009-03-29 17:11 -------- d-----w- c:\program files\Google
2009-05-08 09:47 . 2009-05-08 09:46 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneClone
2009-05-06 13:54 . 2009-04-08 05:21 -------- d-----w- c:\program files\LimeWire
2009-05-05 22:38 . 2009-05-05 22:38 65536 ----a-w- c:\documents and settings\KU$H\Application Data\Sun\Java\Deployment\cache\6.0\52\46868634-62a72e4e-n\ICE_JNIRegistry.dll
2009-05-05 22:38 . 2009-05-05 22:38 65536 ----a-w- c:\documents and settings\KU$H\Application Data\Sun\Java\Deployment\cache\6.0\52\46868634-513e9736-n\ICE_JNIRegistry.dll
2009-04-08 05:24 . 2009-04-08 05:24 9216 ----a-w- c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\plds4.dll
2009-04-08 05:23 . 2009-04-08 05:23 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-08 05:22 . 2009-04-08 05:22 152576 ----a-w- c:\documents and settings\KU$H\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-04-04 22:50 . 2009-04-04 22:50 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-04-04 18:13 . 2009-04-04 18:13 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-02 22:32 . 2008-01-30 00:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-03-25 20:08 . 2009-03-24 21:59 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-24 22:18 . 2009-03-24 22:18 12328 ----a-w- c:\documents and settings\KU$H\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 21:55 . 2009-03-24 21:55 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-19 23:32 . 2009-03-24 22:42 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 23:32 . 2009-03-19 23:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 00:55 . 2009-03-27 15:29 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-03-16 21:18 . 2009-04-02 01:52 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 21:18 . 2009-04-02 01:52 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 21:18 . 2009-04-02 01:52 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 21:18 . 2009-04-02 01:52 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
.

Re: Winblusoft is killing me softly =/11th June 2009, 7:16 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-19 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-08 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5/8/2009 2:55 AM 16512]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components]
\services.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-03-24 20:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
HKCU-Run-CyberDefender Early Detection Center - c:\program files\CyberDefender\AntiSpyware\cdas8.exe
Notify-__c00F985F - c:\windows\system32\__c00F985F.dat

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netflix.com/MemberHome
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 12:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

*

Re: Winblusoft is killing me softly =/11th June 2009, 7:17 pm

*************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3272)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
c:\windows\SoftwareDistribution\Download\fa57c84fa6e4dd9d9b877015ac8c16fd\update\update.exe
.
**************************************************************************
.
Completion time: 2009-06-11 12:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-11 19:11

Pre-Run: 206,419,881,984 bytes free
Post-Run: 206,568,620,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

948 --- E O F --- 2009-06-02 03:57

Re: Winblusoft is killing me softly =/11th June 2009, 7:19 pm

oh p.s can you tell me how to fully remove Kaspersky?

Re: Winblusoft is killing me softly =/11th June 2009, 7:20 pm

Will do after were done, still some malware left. Before we carry on though, I want to get an uninstall log.

Open HijackThis.
When Hijack This opens, click "Open the Misc Tools section"
Then select "Open Uninstall Manager"
Click on "Save List..." (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Re: Winblusoft is killing me softly =/11th June 2009, 7:25 pm

4U WMA MP3 Converter 6.2.8
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AIM 6
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner (remove only)
CopyPod (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
HijackThis 2.0.2
hp deskjet 5550 series
iTunes
Java(TM) 6 Update 11
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing Platinum 20
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
NVIDIA Drivers
QuickTime
Realtek AC'97 Audio
Smart Defrag 1.11
SpeechRedist
The Rosetta Stone
Undelete Plus 2.98
VC80CRTRedist - 8.0.50727.762
VIA Rhine-Family Fast Ethernet Adapter
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Yahoo! Messenger
Yahoo! Toolbar

Re: Winblusoft is killing me softly =/11th June 2009, 7:32 pm

Hello.
Did you edit that log by any chance? I do see Limewire on the system, yet not in the uninstall log.

P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If uTorrent/Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
C:\ujoqro.exe

Folder::
c:\documents and settings\KU$H\Application Data\LimeWire
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\KU$H\Application Data\uTorrent
C:\Program Files\LimeWire
C:\Program Files\Viewpoint
C:\Program Files\uTorrent

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Winblusoft is killing me softly =/ Sfxdaw

Winblusoft is killing me softly =/ Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Re: Winblusoft is killing me softly =/11th June 2009, 7:41 pm

ya i uninstalled limewire before i sent the uninstall log. why isn't Utorrent on the add/remove program list?

i am unable to delete the Java(TM)

"The feature you are trying to use is on a network resource that is unavailable"

"Click OK to try again, or enter an alternate path to a folder containing the installation package 'jre1.6.0_11-c.msi' in the box below"

Re: Winblusoft is killing me softly =/11th June 2009, 7:44 pm

Okay, we'll delete that later. For know, run my Combofix script.

Re: Winblusoft is killing me softly =/11th June 2009, 8:01 pm

ComboFix 09-06-11.05 - KU$H 06/11/2009 12:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.278 [GMT -7:00]
Running from: c:\documents and settings\KU$H\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\KU$H\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"C:\ujoqro.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\KU$H\Application Data\LimeWire
c:\documents and settings\KU$H\Application Data\uTorrent
c:\program files\LimeWire
c:\program files\uTorrent
c:\documents and settings\KU$H\Application Data\LimeWire\active.mojito
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js

Re: Winblusoft is killing me softly =/11th June 2009, 8:01 pm

c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif

Re: Winblusoft is killing me softly =/11th June 2009, 8:02 pm

c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gifc:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\KU$H\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\KU$H\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\KU$H\Application Data\LimeWire\createtimes.cache
c:\documents and settings\KU$H\Application Data\LimeWire\downloads.dat
c:\documents and settings\KU$H\Application Data\LimeWire\fileurns.bak
c:\documents and settings\KU$H\Application Data\LimeWire\fileurns.cache
c:\documents and settings\KU$H\Application Data\LimeWire\gnutella.net
c:\documents and settings\KU$H\Application Data\LimeWire\installation.props
c:\documents and settings\KU$H\Application Data\LimeWire\library.dat
c:\documents and settings\KU$H\Application Data\LimeWire\library5.dat
c:\documents and settings\KU$H\Application Data\LimeWire\limewire.props
c:\documents and settings\KU$H\Application Data\LimeWire\mojito.props
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\Cache\262F2A34d01
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Ad01
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\KU$H\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\KU$H\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\KU$H\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\KU$H\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\KU$H\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\KU$H\Application Data\LimeWire\questions.props
c:\documents and settings\KU$H\Application Data\LimeWire\responses.cache
c:\documents and settings\KU$H\Application Data\LimeWire\simpp.xml
c:\documents and settings\KU$H\Application Data\LimeWire\spam.dat
c:\documents and settings\KU$H\Application Data\LimeWire\tables.props
c:\documents and settings\KU$H\Application Data\LimeWire\ttdata.cache
c:\documents and settings\KU$H\Application Data\LimeWire\ttroot.cache
c:\documents and settings\KU$H\Application Data\LimeWire\version.xml
c:\documents and settings\KU$H\Application Data\LimeWire\versions.props
c:\documents and settings\KU$H\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\KU$H\Application Data\LimeWire\xml\data\video.sxml3

Re: Winblusoft is killing me softly =/11th June 2009, 8:03 pm

c:\documents and settings\KU$H\Application Data\uTorrent\[PeerDen.com]GetData.Recover.My.Files.v3.9.8.6356-Lz0.rar.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\~Wu Tang Discography.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\2Pac Discography [2007].1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\2Pac Discography [2007].torrent
c:\documents and settings\KU$H\Application Data\uTorrent\4U.WMA.MP3.Converter.v6.2.8.WinAll-CAMPAiGNER.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\50 Cent.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\A Kid Named Cudi.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Aesop Rock - discography (6 studio albums + 4 EP's).torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Amy_Winehouse-Frank-(Deluxe_Edition)-2CD-2008-MTD.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Another Stones Throw Collection.1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Another Stones Throw Collection.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Arctic Monkeys.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\AVG Antivirus 8.0 [EXPIRES YEAR 2018] [CLEAN] [blaze69].rar.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Born Like This.1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Born Like This.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Breaking.Bad.S02E07.Negro.Y.Azul.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Breaking.Bad.S02E08.HDTV.XviD-DOT.[VTV].avi.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Breaking.Bad.S02E12.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Broken Social Scene.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Busdriver.1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Busdriver.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Champion Sound.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Chromeo - Fancy Footwork [2007].torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Chromeo - She's in Control.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Cool Ass Ninjas.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\CopyPod+serial.rar.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Crystal Castles.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\D'n'B_(2007)-[R5e71 ].torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Daedelus.1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Daedelus.2.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Daedelus.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Daft Punk COMPLETE Discography Vol. 2.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Daft Punk COMPLETE Discography.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Danger Doom.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\dht.dat
c:\documents and settings\KU$H\Application Data\uTorrent\dht.dat.old
c:\documents and settings\KU$H\Application Data\uTorrent\Eligh - Enigma (2005) - Rap - www.torrentazos.com By FEFE2003.rar.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Eminem-Relapse-(RETAIL)-2009-h8me.rar.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Eminem-Relapse-2009.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Eminem - Discography.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Eminem discography.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Eminem.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Eminem_Presents_The_Re-Up.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\erykah badu.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Expressions (2012 A.U.).torrent
c:\documents and settings\KU$H\Application Data\uTorrent\F'Real.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Felt.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Flying Lotus.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Foo Fighters - Colour and The Shape(adonis).torrent
c:\documents and settings\KU$H\Application Data\uTorrent\G-Unit-Terminate.On.Sight.Retail-2008-[NoFS].torrent
c:\documents and settings\KU$H\Application Data\uTorrent\G-Unit-Terminate_On_Sight-(RapGodFathers.com).torrent
c:\documents and settings\KU$H\Application Data\uTorrent\G-Unit - Beg For Mercy.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Gza - Beneath The Surface (1999).torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Gza - Legend of the Liquid Sword.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\GZA - Liquid Swords.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\GZA - Words From The Genius.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Handful Of Riffs - Art Of Acoustic Blues Guitar With Woody Mann + Tabbook - DMWINC.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\hippity hop.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\INCUBUS - DISCOGRAPHY [CHANNEL NEO].torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Incubus.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Iron Flag.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\James Pants - welcome.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Jay Dee.1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Jay Dee.2.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Jay Dee.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Jimi Hendrix.1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Jimi Hendrix.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Kanye West - 808s and Heartbreak.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Kanye West - 808sNHeartbreak[2008][CD+2 SkidVid_XviD+Cov].torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Kanye West - Graduation (2007).torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Kanye West.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Kaspersky Internet Security 2009 Working Keys {MEGA PACK} by RAFA.rar.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Kid Cudi Vs. Crookers - Day 'n' Nite (Radio Edit) [Single][2009] 320kbps - I.Tunes.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Lamb Of God.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Learn Guitar blues - Over 13 videos.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Legend of the Wu-Tang Clan- Wu-Tang Clan's Greatest Hits.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Lick Library Effortless Guitar - Essential Blues Guitar.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Lick Library Learn To Play Blues Lead Guitar.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Living.Legends-The.Gathering[2008][mp3@320kbps-OT]FLAWL3SS.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Madlib - Beat Konducta Vol. 5 [Dil Cosby Suite] (October 28, 2008).torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Madlib - Beat Konducta Vol. 6 [Dil Withers Suite] (October 15, 2008).torrent
c:\documents and settings\KU$H\Application Data\uTorrent\madlib.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Madvillain - Madvillainy 2 The Madlib Remix (2008).1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Madvillain - Madvillainy 2 The Madlib Remix (2008).torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Madvillain - Madvillainy.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Mavis Beacon Teaches Typing Platinum 20.rar.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\MC Paul Barman.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Method Man - Tical.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Method Man & Redman - Blackout 2 [``DaCiple``].torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Method Man and Redman - Blackout!.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Method Man.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\MF DOOM.1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\MF DOOM.2.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\MF DOOM.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\MF_Doom-MM_Food-(Explicit_Retail)-2004-C4.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\MF_Doom_-_Is_Viktor_Vaughn_Vaudeville_Villain-2003-KMA.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\MF_Grimm-The_Hunt_For_The_Gingerbread_Man-2007-C4.1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\MF_Grimm-The_Hunt_For_The_Gingerbread_Man-2007-C4.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\MGMT - Oracular Spectacular [2008].torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Mobb Deep Discography-((InfamousFlip.com)).torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Moby - Discography (1992-2006).1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Moby - Discography (1992-2006).torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Moby - Last Night [2008][CD+2 SkidVid_Xvid+Cov]192Kbps.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Moby Go-The Very Best of Moby.1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Moby Go-The Very Best of Moby.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Modest Mouse - 15 Albums & EPs.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Mos Def&Talib Kweli - Blackstar.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Murray's Revenge.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Murs-Murs_For_President-2008-FTD[www.dutchdawn.com].torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Murs-The_End_Of_The_Beginning-2003-FTD.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Murs Rules The World.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Nick Drake.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Notorious[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Ol' Dirty Bastard.torrent

Re: Winblusoft is killing me softly =/11th June 2009, 8:03 pm

c:\documents and settings\KU$H\Application Data\uTorrent\Operation Doomsday.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Peanut Butter Wolf's Jukebox 45s.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Peanut Butter Wolf Presents - Chrome Children Vol. 2.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\peanut butter wolf.1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\peanut butter wolf.2.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\peanut butter wolf.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Pink Floyd - The Dark Side of the Moon.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Pro Tools.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Quasimoto- The Unseen.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Radiohead Discography @ 320Kbps.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Restless.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\resume.dat
c:\documents and settings\KU$H\Application Data\uTorrent\resume.dat.old
c:\documents and settings\KU$H\Application Data\uTorrent\RosettaStone_Installer_Disk.iso.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\RS_French.iso.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\RS_Ital_I_and_II_DVD.iso.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\rss.dat
c:\documents and settings\KU$H\Application Data\uTorrent\rss.dat.old
c:\documents and settings\KU$H\Application Data\uTorrent\RZA.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Santogold-Santogold-2008.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Scrubs OST Season 1-5.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Scrubs.S08E16.HDTV.XviD-0TV.[VTV].avi.1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Scrubs.S08E16.HDTV.XviD-0TV.[VTV].avi.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Scrubs.S08E17.My.Chief.Concern.HDTV.XviD-FQM.[VTV].avi.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Scrubs.S08E18.HDTV.XviD-NoTV.[VTV].avi.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\settings.dat
c:\documents and settings\KU$H\Application Data\uTorrent\settings.dat.old
c:\documents and settings\KU$H\Application Data\uTorrent\Steve_Aoki-Pillowface_And_His_Airplane_Chronicles-2008-RTB.rar.1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Steve_Aoki-Pillowface_And_His_Airplane_Chronicles-2008-RTB.rar.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Stones Throw - Volume 3.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Stones Throw Artist Collection.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Talib Kweli & Madlib - Liberation (December 31, 2006).torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Beat Konducta Vol. 1-2_ Movie Scenes.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Beatles Complete Discography @ 320 kbps.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Complete Anthology (MIA).torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Cool Kids-The Bake Sale EP-2008-www.HHWorlds.com.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Doors.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Game Discography.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Grouch - f*** The Dumb.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Instant Classics Mixtape.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\THE KILLERS - DISCOGRAPHY [CHANNEL NEO].torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Killers.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Notorious B.I.G. Discography.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Office Season 5 episodes 1-10.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Office Season 5.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Offspring.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Smashing Pumpkins [Discografia][Rock][Inc covers][Visit pctrecords].torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Smashing Pumpkins Greatest Hits.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Smashing Pumpkins.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Sufferer and the Witness.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Wackness - Soundtrack (The Missing Tracks).torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The Wackness - Soundtrack.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The.Office.S05E15.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The.Office.S05E19.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The.Office.S05E20.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The.Office.S05E21.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The.Office.S05E22.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The.Office.S05E23.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The.Office.S05E24.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The.Office.S05E25.HDTV.XviD-LOL.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The.Office.S05E26.HDTV.XviD-LOL-[tracker.BTARENA.org].torrent.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The.Office.S05E26.HDTV.XviD-LOL.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\The_Grouch-Show_You_The_World-2008-FTD_INT.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Ting Tings - We Started Nothing.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Top 100 Best Techno Vol.17 [2009].torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Top 100 Trance and Techno Party Songs of All Time Vol. 3.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Totally Flossed Out.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\undelete_plus_setup.exe.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Usher Discography.(5 Albums).moXXon.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\VA-Peanut_Butter_Wolf_Presents_Chrome_Children-(Retail)-2006-EGO.1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\VA-Peanut_Butter_Wolf_Presents_Chrome_Children-(Retail)-2006-EGO.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\VA-Think_Differently_Music_Presents-Wu-Tang_Meets_The_Indie_Culture-2005-C4.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\VA - The Entire History Of Punk.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\VA.-.Electro.House.Collection.32.( 2009).LanzamientosMp3.es.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\warpcdd165.1.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\warpcdd165.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\WinAVI iPod PSP 3GP MP4 Video Converter (20060804)[v3.1][+Serial].torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Wu-Tang Clan-Wu-Tang Forever.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Wu-Tang Clan - The W.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Wu-Tang.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Yameen - Never Knows Best (2008).torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Zero 7 - AnotherLateNight.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Zion I - Street Legends (2007) - Rap By FEFE2003.rar.torrent
c:\documents and settings\KU$H\Application Data\uTorrent\Zion I and The Grouch - Heroes in the City of Dope.torrent
c:\program files\LimeWire\hs_err_pid2564.log
c:\program files\LimeWire\hs_err_pid2660.log
c:\program files\LimeWire\hs_err_pid3160.log
c:\program files\LimeWire\hs_err_pid3232.log
c:\program files\LimeWire\hs_err_pid3748.log
c:\program files\LimeWire\hs_err_pid3820.log
c:\program files\uTorrent\uTorrent.exe
C:\ujoqro.exe

Re: Winblusoft is killing me softly =/11th June 2009, 8:03 pm

.
((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.

2009-06-11 18:50 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 18:49 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 18:49 . 2009-06-11 18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 18:24 . 2009-06-11 18:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-11 08:44 . 2009-06-11 08:44 -------- d-----w- c:\documents and settings\KU$H\Application Data\IObit
2009-06-11 08:44 . 2009-06-11 08:44 -------- d-----w- c:\program files\IObit
2009-06-11 08:25 . 2009-06-11 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-06-11 03:25 . 2009-06-11 03:25 -------- d-----w- c:\program files\CCleaner
2009-06-10 22:41 . 2009-06-10 22:51 -------- d-----w- c:\program files\Trend Micro
2009-06-10 22:22 . 2009-06-10 22:48 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-10 22:19 . 2009-06-11 00:27 -------- d-----w- c:\program files\7-Zip
2009-06-05 20:57 . 2009-06-05 20:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 01:25 . 2009-06-05 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-05 00:39 . 2009-06-05 00:39 -------- d-----w- c:\windows\system32\NtmsData
2009-06-05 00:05 . 2009-06-05 02:19 -------- d-----w- c:\program files\RegistryFix7
2009-06-04 23:58 . 2009-06-05 00:00 -------- d-----w- c:\documents and settings\KU$H\Application Data\AVGTOOLBAR
2009-06-04 23:31 . 2009-06-05 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-04 17:42 . 2009-06-04 17:42 0 ----a-w- c:\windows\nsreg.dat
2009-06-04 17:42 . 2009-06-04 17:42 -------- d-----w- c:\documents and settings\KU$H\Local Settings\Application Data\Mozilla
2009-06-04 08:37 . 2009-06-04 08:37 -------- d-sh--w- c:\program files\Common Files\Microsoft Service
2009-05-25 00:01 . 2009-05-25 00:01 -------- d-----w- c:\windows\Sun
2009-05-22 05:39 . 2009-05-22 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\CopyPod
2009-05-22 05:39 . 2009-05-22 05:39 -------- d-----w- c:\program files\CopyPod
2009-05-20 08:09 . 2009-06-11 00:54 -------- d-----w- c:\program files\WinAVI MP4 Converter
2009-05-17 00:11 . 2009-05-17 00:11 -------- d-----w- c:\documents and settings\KU$H\Local Settings\Application Data\TouchStoneSoftware
2009-05-17 00:10 . 2009-05-17 00:10 -------- d-----w- c:\program files\TouchStoneSoftware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 19:35 . 2009-03-24 22:12 -------- d-----w- c:\program files\iTunes
2009-06-11 19:34 . 2009-03-24 22:12 -------- d-----w- c:\program files\iPod
2009-06-11 19:34 . 2009-03-24 22:39 -------- d-----w- c:\program files\Common Files\Apple
2009-06-10 22:27 . 2009-03-25 02:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-04 07:29 . 2009-04-02 22:20 426016 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-04 07:29 . 2009-04-02 22:20 2536 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-04 07:10 . 2009-03-24 22:12 -------- d-----w- c:\program files\QuickTime
2009-06-03 09:21 . 2009-04-02 22:20 1992736 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-03 09:21 . 2009-04-02 22:20 16648 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-03 09:20 . 2009-04-02 22:20 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-29 20:36 . 2009-03-24 22:39 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 20:36 . 2009-03-24 22:39 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-20 15:14 . 2009-04-02 22:20 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-20 15:14 . 2009-04-02 22:20 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-13 06:35 . 2009-03-24 22:42 -------- d-----w- c:\documents and settings\KU$H\Application Data\Apple Computer
2009-05-11 21:48 . 2009-05-11 21:48 -------- d-----w- c:\program files\4U Computing
2009-05-08 23:12 . 2009-05-08 09:55 -------- d-----w- c:\program files\4Musics Multiformat Converter
2009-05-08 09:48 . 2009-03-29 17:11 -------- d-----w- c:\program files\Google
2009-05-08 09:47 . 2009-05-08 09:46 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneClone
2009-05-05 22:38 . 2009-05-05 22:38 65536 ----a-w- c:\documents and settings\KU$H\Application Data\Sun\Java\Deployment\cache\6.0\52\46868634-62a72e4e-n\ICE_JNIRegistry.dll
2009-05-05 22:38 . 2009-05-05 22:38 65536 ----a-w- c:\documents and settings\KU$H\Application Data\Sun\Java\Deployment\cache\6.0\52\46868634-513e9736-n\ICE_JNIRegistry.dll
2009-04-08 05:23 . 2009-04-08 05:23 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-08 05:22 . 2009-04-08 05:22 152576 ----a-w- c:\documents and settings\KU$H\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-04-04 22:50 . 2009-04-04 22:50 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-04-04 18:13 . 2009-04-04 18:13 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-02 22:32 . 2008-01-30 00:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-03-25 20:08 . 2009-03-24 21:59 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-24 22:18 . 2009-03-24 22:18 12328 ----a-w- c:\documents and settings\KU$H\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 21:55 . 2009-03-24 21:55 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-19 23:32 . 2009-03-24 22:42 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 23:32 . 2009-03-19 23:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 00:55 . 2009-03-27 15:29 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-03-16 21:18 . 2009-04-02 01:52 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 21:18 . 2009-04-02 01:52 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 21:18 . 2009-04-02 01:52 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 21:18 . 2009-04-02 01:52 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
.

Re: Winblusoft is killing me softly =/11th June 2009, 8:03 pm

((((((((((((((((((((((((((((( SnapShot@2009-06-11_19.10.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-11 19:52 . 2009-06-11 19:52 16384 c:\windows\temp\Perflib_Perfdata_4cc.dat
+ 2009-06-11 19:52 . 2009-06-11 19:52 16384 c:\windows\temp\Perflib_Perfdata_42c.dat
+ 2009-06-11 19:47 . 2009-06-11 19:47 389120 c:\windows\system32\CF23809.exe
+ 2009-06-11 19:35 . 2009-06-11 19:35 102400 c:\windows\Installer\{5D601655-6D54-4384-B52C-17EC5385FBBD}\iTunesIco.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-19 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-08 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5/8/2009 2:55 AM 16512]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components]
\services.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-03-24 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netflix.com/MemberHome
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\KU$H\Application Data\Mozilla\Firefox\Profiles\9hg5tkul.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.netflix.com/MemberHome
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 12:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1252)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CF23809.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-06-11 12:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-11 19:54
ComboFix2.txt 2009-06-11 19:12

Pre-Run: 206,371,512,320 bytes free
Post-Run: 206,346,842,112 bytes free

740 --- E O F --- 2009-06-02 03:57

Re: Winblusoft is killing me softly =/11th June 2009, 8:10 pm

Hello.
Getting better, still a few things to do though.

Now open a new notepad file.
Input this into the notepad file:

regedit /e C:\upload.txt "HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components"
start notepad C:\upload.txt
del look.bat
exit
Save this as look.bat, save it to your desktop.
Double click look.bat and the black cmd window will open and close, this is normal.

Next, please upload the report file (C:\upload.txt) to rapidshare.com so I can take a peek at it. Smile...

Re: Winblusoft is killing me softly =/11th June 2009, 8:15 pm

http://rapidshare.com/files/243486295/upload.txt.html

Cheers Mate

Re: Winblusoft is killing me softly =/11th June 2009, 8:19 pm

Hello.

Now open a new notepad file.
Input this into the notepad file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components]
"StubPath"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=-
Save this as fix.reg, save it to your desktop.
Double click fix.reg to run it.
Select yes to the registry merge prompt.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Winblusoft is killing me softly =/ CF_Cleanup

This will also reset your restore points.

How is the machine running now?

Re: Winblusoft is killing me softly =/11th June 2009, 8:31 pm

haha wow, nice stuff man..thanks a lot!

so now...uh..Kaspersky removal?

also i have a few questions.

1. how can i learn about this stuff/ get better at computer skills? im only 17 and i would love to become "Pro"

2.Software Recommendations?

Re: Winblusoft is killing me softly =/11th June 2009, 8:33 pm

oh and the Java6(TM) ?

Re: Winblusoft is killing me softly =/11th June 2009, 8:49 pm

There are a number of online schools where you can learn malware removal for free.

Please download JavaRa from here

First, unzip it.
Then run JavaRa. (If you are running Vista, you will need to right click JavaRa > select "Run as administrator")
Select English from the drop down menu and press Select.
This will open JavaRa.
Press Remove older versions
Press yes to the prompt.
It will make a log file of what it's removed.
Copy and paste the log back here.

Re: Winblusoft is killing me softly =/11th June 2009, 8:52 pm

JavaRa 1.14 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Jun 11 13:51:55 2009

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

Re: Winblusoft is killing me softly =/11th June 2009, 9:05 pm

Okay, that should do it. Smile...

Re: Winblusoft is killing me softly =/11th June 2009, 9:06 pm

okay last thing, thank you so much for the help man!

kaspersky removal...

Re: Winblusoft is killing me softly =/11th June 2009, 9:16 pm

Certainly.
What version of Kaspersky is it?

Re: Winblusoft is killing me softly =/11th June 2009, 9:21 pm

idk. i uninstalled using add/remove, but the windows security center says "Kaspersky is turned off. and there is still C:\Program Files\Kaspersky Lab

Re: Winblusoft is killing me softly =/11th June 2009, 9:30 pm

Download and run kavremover9.zip

Let me know what it detects, and I'll give you the code to remove it.

Re: Winblusoft is killing me softly =/12th June 2009, 11:46 am

nvm it's all good. thanks for all the help!!

how do i mark this as fixed? or delete this?

thanks for all the help!!

Re: Winblusoft is killing me softly =/12th June 2009, 12:26 pm

Normal members can't add solved tags, only mods can. I don't usually add the solved tags, I leave it open for a few days in case anymore situations arise.

Winblusoft is killing me softly =/

descriptionWinblusoft is killing me softly =/10th June 2009, 11:44 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 12:24 am

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 12:32 am

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 12:35 am

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 12:39 am

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 12:46 am

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 12:47 am

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 1:10 am

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 1:12 am

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 1:14 am

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 1:16 am

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 1:25 am

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 5:33 am

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 4:07 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 6:30 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 6:35 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 6:51 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 6:57 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 7:15 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 7:16 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 7:16 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 7:16 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 7:17 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 7:19 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 7:20 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 7:25 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 7:32 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 7:41 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 7:44 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 8:01 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 8:01 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 8:02 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 8:03 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 8:03 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 8:03 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 8:03 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 8:10 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 8:15 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 8:19 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 8:31 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 8:33 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 8:49 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 8:52 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 9:05 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 9:06 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 9:16 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 9:21 pm

descriptionRe: Winblusoft is killing me softly =/11th June 2009, 9:30 pm

descriptionRe: Winblusoft is killing me softly =/12th June 2009, 11:46 am

descriptionRe: Winblusoft is killing me softly =/12th June 2009, 12:26 pm

descriptionRe: Winblusoft is killing me softly =/