WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


winbluesoft wont go away

2 posters

descriptionwinbluesoft wont go away Emptywinbluesoft wont go away17th June 2009, 2:45 am

more_horiz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:40 PM, on 6/16/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Program Files\Common Files\AOL\1242956320\ee\aolsoftware.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\setup2.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Flock\FLOCK.EXE
C:\Users\James Williams_2\Downloads\Hijack(GP)This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://http//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Babya Software Group\Babya Logic\msdxm.ocx (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dldtmon.exe] "C:\Program Files\Dell V305\dldtmon.exe"
O4 - HKLM\..\Run: [dldtamon] "C:\Program Files\Dell V305\dldtamon.exe"
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1242956320\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\System32\setup2.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O13 - Gopher Prefix:
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamerival.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v53/wwspades/wwspades.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F191681C-8C4A-4A9E-9B9B-66D37CD18A5C}: NameServer = 85.255.112.150,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{FABA0B27-D20A-497E-9280-9134D3C18734}: NameServer = 85.255.112.150,85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.150,85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.150,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.150,85.255.112.69
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlci_device - - C:\Windows\system32\dlcicoms.exe
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe
O23 - Service: dldt_device - - C:\Windows\system32\dldtcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 14141 bytes

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away17th June 2009, 12:31 pm

more_horiz
Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
    O4 - HKCU\..\Run: [setup2.exe] C:\Windows\System32\setup2.exe
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F191681C-8C4A-4A9E-9B9B-66D37CD18A5C}: NameServer = 85.255.112.150,85.255.112.69
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FABA0B27-D20A-497E-9280-9134D3C18734}: NameServer = 85.255.112.150,85.255.112.69
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.150,85.255.112.69
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.150,85.255.112.69
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.150,85.255.112.69
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Next,

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

winbluesoft wont go away CF_download_FF

winbluesoft wont go away CF_download_rename

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV. (AVG8)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
winbluesoft wont go away DXwU4
winbluesoft wont go away VvYDg

descriptionwinbluesoft wont go away EmptyC:combofix.txt17th June 2009, 6:54 pm

more_horiz
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10490spzmb59734.bin
c:\windows\10556hac9toolzeb.ocx
c:\windows\105z5troj927.ocx
c:\windows\10907s5ambot6zf.exe
c:\windows\10d5pywaze2099.ocx
c:\windows\11645worz3669.dll
c:\windows\12219spambot2z59.dll
c:\windows\12239spamb595z9.ocx
c:\windows\123599roj258z.bin
c:\windows\12790not9z-virus67c5.ocx
c:\windows\127z5wo9m18.ocx
c:\windows\12959z9cktool512.cpl
c:\windows\12b5spywar5z539.ocx
c:\windows\1303az59are1790.cpl
c:\windows\135z0wo59418.cpl
c:\windows\135z25pambot66a9.exe
c:\windows\13af5iz991.ocx
c:\windows\14274not-9-5irus7z5.ocx
c:\windows\14358wo9maz.cpl
c:\windows\14z1sp9m5ot5b2.dll
c:\windows\1500zhi9f3526.dll
c:\windows\1515s5ywa9z380.dll
c:\windows\15315vir5szf9.bin
c:\windows\1551backd9or7z9.dll
c:\windows\15550spamz9t21c.dll
c:\windows\1588zvirus195.ocx
c:\windows\15d2virz19.dll
c:\windows\15z5bac9door1655.exe
c:\windows\15z62w9r5bf.exe
c:\windows\15z8troj349.cpl
c:\windows\16450not9a-viruscez.dll
c:\windows\16757vi9uszfe.ocx
c:\windows\16990szy567.exe
c:\windows\171sp9mbot7z5.cpl
c:\windows\17775hac9tozl747.bin
c:\windows\17845sp5zbotc9.exe
c:\windows\17f9b9ck5oor2413z.exe
c:\windows\18403hacktool985z.dll
c:\windows\18a1s5eaz20999.bin
c:\windows\18z615py3089.cpl
c:\windows\1934zt5al9155.bin
c:\windows\193fa5dware2083z.dll
c:\windows\1950vi911z05.cpl
c:\windows\19584z95ktool7d.dll
c:\windows\195945acztool930.dll
c:\windows\1973zsp9215.dll
c:\windows\19832spam9ot1z45.ocx
c:\windows\199735orm51z.cpl
c:\windows\19997spazbot752.ocx
c:\windows\1c4espzwa95100.bin
c:\windows\1c92do5nloadzr1399.bin
c:\windows\1e5e9zwnloader2749.dll
c:\windows\1f45ad9zare1355.dll
c:\windows\1f9bsp5zare1241.cpl
c:\windows\1fc9addwa5ez133.bin
c:\windows\1z1569ackto5l337.dll
c:\windows\1z275not-a-vir9s406.dll
c:\windows\20179s5ambotz9a.dll
c:\windows\20293tzo9350.bin
c:\windows\2051spyw9ze191.dll
c:\windows\2054t9zef816.bin
c:\windows\20568v5ru969z.bin
c:\windows\20599hiefz813.bin
c:\windows\20915ot-a9virzs61f.exe
c:\windows\213695zy2d4.cpl
c:\windows\21567s5y3z19.dll
c:\windows\21585viru92z5.exe
c:\windows\2165695ojz1c.ocx
c:\windows\22009hac59zol2dd.dll
c:\windows\22477s5azbot9ec.exe
c:\windows\22525vi5uszd9.exe
c:\windows\22819spam9otzeb5.ocx
c:\windows\22aste59670z.cpl
c:\windows\23573vi9zs37.bin
c:\windows\237a9parze3785.dll
c:\windows\23921ha9k5ozl240.cpl
c:\windows\24053wo9m7az.ocx
c:\windows\24409pambot425z.ocx
c:\windows\2448spambo51z29.dll
c:\windows\24529spy9z.dll
c:\windows\247985orm3z9.cpl
c:\windows\24916not-a-viruz5e.bin
c:\windows\249hi5f6z.bin
c:\windows\24cspywaz91145.dll
c:\windows\25194worz529.exe
c:\windows\25439viruz6899.dll
c:\windows\2548not-a-virus79z.cpl
c:\windows\25492not5a-virzs17c.cpl
c:\windows\25552not-a-zirus987.ocx
c:\windows\25563vz9us216.bin
c:\windows\25995virzsff.ocx
c:\windows\259z7spy859.cpl
c:\windows\25a9addwzre370.ocx
c:\windows\26529troz632.bin
c:\windows\26548n5t9a-vzruscc.cpl
c:\windows\26f1tzreat279195.ocx
c:\windows\26zha9ktool650.bin
c:\windows\275159orm2z5.cpl
c:\windows\27935irz421.bin
c:\windows\27d9a9dzare29115.exe
c:\windows\28105roz209.bin
c:\windows\28141szambot529.cpl
c:\windows\28351tzoj7569.bin
c:\windows\28554not-a-vir9s41z.ocx
c:\windows\292z7not-a-5irus7bb.exe
c:\windows\29500troz2a5.bin
c:\windows\29899troj4z15.bin
c:\windows\29929not-a-9ir5z3da.dll
c:\windows\29949hackto5l3z.ocx
c:\windows\29985spy69z.ocx
c:\windows\29d0addware2z54.cpl
c:\windows\29d5baczdoor90465.exe
c:\windows\2b0fsp5z9re1576.dll
c:\windows\2esp5wa9e10z8.dll
c:\windows\2z05not-a-v59us138.cpl
c:\windows\2z076sp5391.ocx
c:\windows\2z330not-a-9irusc5.dll
c:\windows\2z4639pam5ot228.cpl
c:\windows\30753vzrus64e9.cpl
c:\windows\309089zrus25d5.exe
c:\windows\30z6sparse359.exe
c:\windows\30z98spambo539f9.cpl
c:\windows\311z35ot-a-virus7659.exe
c:\windows\31290v9rzs552.cpl
c:\windows\31b5a5zware509.bin
c:\windows\31f6zownload9r7895.dll
c:\windows\32175hacktzo93c8.dll
c:\windows\32179teaz2257.ocx
c:\windows\33a89par5e2z27.cpl
c:\windows\35195tezl1580.ocx
c:\windows\35356h9cztool4a6.bin
c:\windows\35695w9zm1fa.ocx
c:\windows\3580vzr3299.dll
c:\windows\35f5thre9tz9866.cpl
c:\windows\36f6backdooz2395.bin
c:\windows\3791not-a-vzrus559.dll
c:\windows\37bzhr5a921885.bin
c:\windows\37f0s5ywarz9997.dll
c:\windows\3955spambot60z5.exe
c:\windows\3955zot-a-vir9s5ee.bin
c:\windows\39despywaze565.bin
c:\windows\39e0s5y9aze2560.bin
c:\windows\3ba9vir165z.cpl
c:\windows\3c5aad9w5ze481.bin
c:\windows\3cfcsteal295z5.exe
c:\windows\3d9avi5z5269.dll
c:\windows\3dczspy9a5e2181.cpl
c:\windows\3dd5downz5a9er1174.cpl
c:\windows\3e835ir3z19.ocx
c:\windows\3f0fth5e95z4.ocx
c:\windows\3z0dsteal2559.dll
c:\windows\3z996spambo5345.ocx
c:\windows\4195s9amboz253.cpl
c:\windows\428zs9a5se3248.cpl
c:\windows\4295thze52055.exe
c:\windows\4334zroj97d5.cpl
c:\windows\450doznl59der1428.cpl
c:\windows\4578doznloader790.ocx
c:\windows\469e9h5eat14552z.cpl
c:\windows\47z3not-a-5ir9s5b0.bin
c:\windows\494backzo9r3225.dll
c:\windows\4959zparse29695.ocx
c:\windows\49e7thz5at24981.dll
c:\windows\4a2cback9oor235z5.ocx
c:\windows\4az6sp9rse205.exe
c:\windows\4cbc5ddw9re2994z.ocx
c:\windows\4cc35pazs92934.bin
c:\windows\4cz5addware9901.ocx
c:\windows\4e57spyzare2796.ocx
c:\windows\5000worm91z.exe
c:\windows\50569hrzat22207.exe
c:\windows\50799szy49a9.cpl
c:\windows\51053viru91z0.exe
c:\windows\5118dow5z9ader474.exe
c:\windows\5128spamb5z909.cpl
c:\windows\5155virz699.dll
c:\windows\516zs9arse27545.cpl
c:\windows\5198stza5550.ocx
c:\windows\51z85ac9tool1a3.exe
c:\windows\5239zvirus3c2.cpl
c:\windows\52595zy292.dll
c:\windows\52t9zj153.bin
c:\windows\5333backdoor9004z.exe
c:\windows\54499troj4a4z.cpl
c:\windows\5539threzt9122.dll
c:\windows\5553t9oj5zf.bin
c:\windows\556eazd9are586.exe
c:\windows\5583downloade9z927.exe
c:\windows\55941zroj58a9.exe
c:\windows\55e6stealz965.dll
c:\windows\5609tr59193z.exe
c:\windows\5622th9eat135z8.ocx
c:\windows\562zs9eal958.dll
c:\windows\563fstz9l521.dll
c:\windows\5659szyware299.exe
c:\windows\565ethrea5z963.exe
c:\windows\56c2d9wnlo5dzr2541.exe
c:\windows\56e15ddwa9e22z9.bin
c:\windows\57099zief1941.dll
c:\windows\57754spz6aa9.cpl
c:\windows\579et9rzat15585.dll
c:\windows\57a0sp9rse69z5.ocx
c:\windows\584bvir5992z.bin
c:\windows\5859ba5kdoor2739z.cpl
c:\windows\585addwzr93045.bin
c:\windows\58f5b9ckdozr775.dll
c:\windows\59095spyz5f.cpl
c:\windows\590fthrezt2787.dll
c:\windows\5924vir58z.cpl
c:\windows\5952t5oz5159.dll
c:\windows\5958addwarz9765.dll
c:\windows\5959adzware1060.ocx
c:\windows\595bac5dzor278.dll
c:\windows\5970notza5vi9us36a.ocx
c:\windows\5a9zs9eal2541.bin
c:\windows\5baz9ie596.bin
c:\windows\5c1a9ir2z395.cpl
c:\windows\5d26spyw5re1z609.exe
c:\windows\5d53thrz5919160.bin
c:\windows\5e8s9ealz215.bin
c:\windows\5ez0th9ef2354.dll
c:\windows\5f0z5o9nloader1765.ocx
c:\windows\5z17spar9e2950.exe
c:\windows\5z26vir21869.exe
c:\windows\5z67spa9bot3cf5.exe
c:\windows\5zbv9r5855.cpl
c:\windows\5zecaddwar92979.dll
c:\windows\5zf5vir11259.bin
c:\windows\6035spz989.dll
c:\windows\60959zt-a-virus549.exe
c:\windows\60d7tzreat9593.bin
c:\windows\60fdthrez94695.exe
c:\windows\6107d95zloader2618.cpl
c:\windows\6269zroj1ef5.ocx
c:\windows\626s9amb5t76z.cpl
c:\windows\6357no95a-zirus312.cpl
c:\windows\6493spyw9r59z4.cpl
c:\windows\652cvirz92.exe
c:\windows\6540zhi9f570.dll
c:\windows\6697wzrm5fe.ocx
c:\windows\67639ownzoader2519.exe
c:\windows\6807spam9ot75fz.dll
c:\windows\68cb5zckdo9r768.ocx
c:\windows\68f1spaz5e1969.exe
c:\windows\6936szeal2528.exe
c:\windows\699ed5wnzoader3091.ocx
c:\windows\69afbackdoo5281z.dll
c:\windows\69c5downloaderz328.exe
c:\windows\6be9steaz905.exe
c:\windows\6c26back5ooz5209.ocx
c:\windows\6e60sp9waze3175.cpl
c:\windows\6e95do9nloadez1835.cpl
c:\windows\6z3as5yware9571.bin
c:\windows\7094worm75z.dll
c:\windows\72z4threat575099.bin
c:\windows\737bac5doo9z758.cpl
c:\windows\73b5s5arse1z469.exe
c:\windows\742ado9nlozde51233.cpl
c:\windows\7555stea9525z.cpl
c:\windows\76b09parse1z45.dll
c:\windows\76edspzr5e1419.bin
c:\windows\77925zrmb4.bin
c:\windows\779ct5reat27912z.dll
c:\windows\7845spambo9559z.exe
c:\windows\7a9fd5wnloader24z0.ocx
c:\windows\7c905zarse999.ocx
c:\windows\7da59dzware1481.ocx
c:\windows\7fd5addware139z.exe
c:\windows\806zt59j7e0.cpl
c:\windows\82965orm9z.cpl
c:\windows\837spamzo559e.dll
c:\windows\8795virus1b6z.cpl
c:\windows\8869spamb5t1aez.bin
c:\windows\90075pazb9t5fa.bin
c:\windows\901ztr5j590.bin
c:\windows\91108hacktool65z.cpl
c:\windows\91325orm13z.dll
c:\windows\91415hief2z48.ocx
c:\windows\9175spyware1625z.cpl
c:\windows\9235zownloader2985.bin
c:\windows\92734notza-virus7a5.cpl
c:\windows\9300vzru52a5.dll
c:\windows\9304vir311z5.cpl
c:\windows\931sp5z29.bin
c:\windows\932z5w5rm366.dll
c:\windows\935s5y95z.bin
c:\windows\94361hacktooz659.cpl
c:\windows\94z5spar5e459.cpl
c:\windows\951szarse5.exe
c:\windows\9557thzef2523.ocx
c:\windows\9594z9oj33e.dll
c:\windows\95z35troj5c5.dll
c:\windows\9746zhief5155.bin
c:\windows\97519nzt-a-viru56b6.bin
c:\windows\978ztroj453.cpl
c:\windows\9895not-a-vi9uz40a5.exe
c:\windows\9913spamb5t1cz.cpl
c:\windows\9957not-a-zirus638.cpl
c:\windows\9b50threzt22572.bin
c:\windows\9c4zbackdoor5194.cpl
c:\windows\9cfzvir5053.dll
c:\windows\9z9evi52555.exe
c:\windows\az9thief5984.bin
c:\windows\b03downzoader21905.cpl
c:\windows\c4bv953101z.exe
c:\windows\ce9vi52589z.bin
c:\windows\d10zp9rse1159.bin
c:\windows\d65t9zeat5566.dll
c:\windows\db0vir5z929.cpl
c:\windows\ed3b5zkdoor972.dll
c:\windows\f2ezteal19855.ocx
c:\windows\system32\10619zro55bc.cpl
c:\windows\system32\10703not-a-vi5us59z.ocx
c:\windows\system32\10951ha59tool3zb.dll
c:\windows\system32\109zb9ckdoor16985.ocx
c:\windows\system32\11089s9y51z.dll
c:\windows\system32\11095ackdooz2194.exe
c:\windows\system32\11474troz159.bin
c:\windows\system32\115189pambotz3c.bin
c:\windows\system32\11559spambzt59a.exe
c:\windows\system32\11959zarse3164.cpl
c:\windows\system32\11z2sp5m9ot16d.ocx
c:\windows\system32\12054viru9351z.bin
c:\windows\system32\12218n9t-a-vizu56b3.ocx
c:\windows\system32\1251stza9177.ocx
c:\windows\system32\12750tzoj6a59.dll
c:\windows\system32\12995trojz8d.dll
c:\windows\system32\12bdzp5w9re880.dll
c:\windows\system32\12z70viru53249.exe
c:\windows\system32\13314not-a95iruz57f.bin
c:\windows\system32\13923wor5z5.ocx
c:\windows\system32\13949wor523z.ocx
c:\windows\system32\13985vzru52f5.cpl
c:\windows\system32\1430not-a-virus9z95.bin
c:\windows\system32\14593worm75z.dll
c:\windows\system32\14z63hac9tool29d5.exe
c:\windows\system32\1545zs9y6d5.exe
c:\windows\system32\15595zroj46.exe
c:\windows\system32\155z9ir1575.bin
c:\windows\system32\155zspy95d.dll
c:\windows\system32\1563s9ywarez348.ocx
c:\windows\system32\15729szy761.bin
c:\windows\system32\15962not-a-vir9z7b5.cpl
c:\windows\system32\15987hacktool5ez9.bin
c:\windows\system32\15ezownloader9107.dll
c:\windows\system32\15ezvir9855.dll
c:\windows\system32\160759ot-azvirus506.exe
c:\windows\system32\165cad9waze451.dll
c:\windows\system32\1679trz592b.ocx
c:\windows\system32\16937vi59s29z.dll
c:\windows\system32\17055hackto9l25fz.ocx
c:\windows\system32\17415spazbo945a.dll
c:\windows\system32\17bfspywar9520z.cpl
c:\windows\system32\1858not-a-virzs1c9.ocx
c:\windows\system32\18623no5-a-virzs39a.bin
c:\windows\system32\186b9pyw5re207z.ocx
c:\windows\system32\187cthre9z22524.ocx
c:\windows\system32\18cds9azse5392.dll
c:\windows\system32\18z9st9al2257.cpl
c:\windows\system32\19105rojz66.dll
c:\windows\system32\191709ot-a-vi5us74z.dll
c:\windows\system32\19195ddware37z.dll
c:\windows\system32\192t5oj1z9.cpl
c:\windows\system32\195cdzwnloader366.dll
c:\windows\system32\19645p9zse506.ocx
c:\windows\system32\1974vir935z.bin
c:\windows\system32\1979zt5ojdd.ocx
c:\windows\system32\19c9zpy59re2926.dll
c:\windows\system32\19e2thr5at43z9.exe
c:\windows\system32\19ezthief8995.exe
c:\windows\system32\1c295hze9t24447.ocx
c:\windows\system32\1c3c5irz995.ocx
c:\windows\system32\1df9szars51333.cpl
c:\windows\system32\1e30add5a9e936z.bin
c:\windows\system32\1e91thzeat25295.ocx
c:\windows\system32\1f77add95rz196.dll
c:\windows\system32\1z1895orm54b9.bin
c:\windows\system32\1z6769i5us40f.cpl
c:\windows\system32\1z69spambo56c5.exe
c:\windows\system32\1z859tr5j648.cpl
c:\windows\system32\1zeespy59re304.exe
c:\windows\system32\1zf9backdoo51572.ocx
c:\windows\system32\20155not-a-virus15z9.ocx
c:\windows\system32\20581spamz9t5c35.exe
c:\windows\system32\20905hacktzol4ec.cpl
c:\windows\system32\20zfthief5493.ocx
c:\windows\system32\21275not9a-virus637z.cpl
c:\windows\system32\21390hacktzo5608.ocx
c:\windows\system32\21499spzm5ot1c3.dll
c:\windows\system32\215z8spy289.exe
c:\windows\system32\21bcdo5nloa9er1z92.exe
c:\windows\system32\21cbzir1579.exe
c:\windows\system32\22436hazk9oo515b.ocx
c:\windows\system32\22499not-a-virus2z59.cpl
c:\windows\system32\225zbackdoo53987.ocx
c:\windows\system32\22665z95j76f.exe
c:\windows\system32\229255roj32bz.cpl
c:\windows\system32\22z35virus169.bin
c:\windows\system32\22z75hacktoo936.dll
c:\windows\system32\231759iruz58b5.exe
c:\windows\system32\23f7zpywa9e456.bin
c:\windows\system32\23z60s9y3175.exe
c:\windows\system32\246405py194z.dll
c:\windows\system32\2464zackdo5r3699.dll
c:\windows\system32\24e5d9wnlzader2738.dll
c:\windows\system32\drivers\gxvxcrfdcinxwrptpxxsqoboxtukieibrpnta.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcwqxrnwxvpmerxpbgtclsnrsdmmubnrnv.dll
c:\windows\system32\gxvxcxwalsvrccosdbcrqvkjlqaqtqctpqitp.dll
c:\windows\system32\jgaw400.dll
c:\windows\system32\setup2.exe
c:\windows\z0109w9rm59b.dll
c:\windows\z0495no9-a-vi5us2b9.dll
c:\windows\z0est5a93258.cpl
c:\windows\z1309ddw5re1873.ocx
c:\windows\z15fthr9at26551.bin
c:\windows\z1623not-9-vi5us73a.cpl
c:\windows\z255vir2098.exe
c:\windows\z25addwar51921.cpl
c:\windows\z519steal1027.ocx
c:\windows\z595addware2402.dll
c:\windows\z5979w9rm515.dll
c:\windows\z6036hackt5o92d7.bin
c:\windows\z645vir9s551.cpl
c:\windows\z675thief9959.cpl
c:\windows\z715th9ef1693.cpl
c:\windows\z89979py25a.exe
c:\windows\z92995orm1a5.cpl
c:\windows\z99495ot-a-virus5b6.cpl
c:\windows\z9969ownload5r448.dll
c:\windows\z99spa5se1544.bin
c:\windows\zd3759eal1457.exe
c:\windows\zf8et5ie91246.cpl
c:\windows\zf915i93186.bin
c:\windows\zfd9thi592888.exe

.
.

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away17th June 2009, 6:54 pm

more_horiz
------- Supplementary Scan -------
.
uStart Page = hxxp://http//www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 14:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-17 14:47
ComboFix-quarantined-files.txt 2009-06-17 18:47

Pre-Run: 97,971,478,528 bytes free
Post-Run: 99,253,579,776 bytes free

748 --- E O F --- 2009-05-15 10:55

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away17th June 2009, 6:55 pm

more_horiz
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe [11/22/2008 6:14 AM 73728]
R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [9/24/2008 12:09 AM 155648]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/27/2007 5:22 AM 345432]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/27/2007 5:22 AM 923216]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [11/22/2008 4:51 AM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/27/2007 5:22 AM 566872]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [11/22/2008 6:15 AM 111616]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [11/22/2008 6:15 AM 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [11/22/2008 6:15 AM 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [11/22/2008 6:15 AM 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [11/22/2008 6:15 AM 277440]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\System32\drivers\TM_CFW.sys [11/22/2008 4:51 AM 280392]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\dldtserv.exe [2/25/2008 5:38 PM 99568]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/22/2008 4:50 AM 30192]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\System32\drivers\tj2knd5.sys [5/25/2009 12:14 PM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\System32\drivers\tj2kunic.sys [5/25/2009 12:13 PM 69680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Recordpad - c:\program files\NCH Swift Sound\Recordpad\recordpad.exe
HKLM-Run-WinBlueSoft - c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away17th June 2009, 6:55 pm

more_horiz
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7E98E1EE-0D97-4E48-AD58-AFB224D32606}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{1A690072-2B94-4B96-BD05-2ABBDCA3DAE9}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{CB0073B7-D67B-45DF-9631-3EAE86A416DD}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{F941A0A8-11AD-42B6-844D-45BF2F8D8168}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{818FEA4B-244E-463F-B827-D12D0829BF50}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{8C40712C-124E-4A12-89EE-5006A3BD6A57}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{E088A383-01F3-4859-AA58-5252C3235F97}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{05B5AB04-D7E3-4995-ABD6-24EEFDFD10F2}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F15C6AFB-2B39-41F8-A455-0FD0085E4F31}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A270C37D-CF63-4D81-B7DD-880D3BF2297C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2D979AD3-3162-4081-8491-A89B3D9F5AF7}"= UDP:c:\program files\Dell V305\dldtamon.exe:Dell Device Monitor
"{68CA02B8-E1E0-42AF-BA74-E3A771BF063C}"= TCP:c:\program files\Dell V305\dldtamon.exe:Dell Device Monitor
"{0E3BD90B-3283-416F-84EB-4067E2A94E15}"= UDP:c:\program files\Dell V305\frun.exe:Dell Imaging Toolbox
"{A8C53F17-4181-4452-8B0C-973EF0F9CADD}"= TCP:c:\program files\Dell V305\frun.exe:Dell Imaging Toolbox
"{A7451A10-F7F8-471B-B962-2029B6E6BAD4}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{08575818-4B96-4180-ACE6-3AA275A604DB}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{7DF05405-931E-46B5-87CC-EBD7C6A325ED}"= UDP:c:\program files\Dell V305\dldtmon.exe:Printer Device Monitor
"{6384988E-20E8-4737-9F11-58487160FF38}"= TCP:c:\program files\Dell V305\dldtmon.exe:Printer Device Monitor
"{C86A5773-D497-444C-B729-4932193B812D}"= UDP:c:\windows\System32\dldtcoms.exe:Lexmark Communications System
"{AB3C388F-C1A0-4C56-AD91-B5F42A1767C4}"= TCP:c:\windows\System32\dldtcoms.exe:Lexmark Communications System
"{068FFBE2-52D0-4A39-A81B-548572A19296}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"{611D736A-CD86-44E9-BCE5-3D994F36B73A}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"{3BE49610-21A0-4BA0-A02A-2507B9A664B3}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dldttime.exe:Time Executable
"{68D0193A-32B4-4571-964A-507F173F1EE1}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dldttime.exe:Time Executable
"{823434F2-C974-4051-BEB9-0C3E3CA01435}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dldtjswx.exe:Job Status Window Interface
"{6C0B27C4-0EF7-4255-9571-C1F81763845D}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dldtjswx.exe:Job Status Window Interface
"{832D5E6D-15BD-46AA-B143-D54EF85A9AC5}"= UDP:c:\windows\System32\dlcicoms.exe:Dell 946 Server
"{CF4B1FAF-0230-489A-AA47-3FA9E1640555}"= TCP:c:\windows\System32\dlcicoms.exe:Dell 946 Server
"{A970F9FD-7D45-4755-9FA8-F4ADC5D105CF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{37E3B7A7-F7AA-4984-8DD2-5945C8DEAC48}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4BE6CCE9-FC80-460B-B5BD-A703EBBC9741}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{951A06AE-E746-4D4F-9E9B-4F86A39F51EF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A9967349-4112-498A-8743-3BE08232562D}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{BFDC91F5-5DF4-47E7-8ECD-C052C5C48460}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{E9DBCE7F-084F-4FF7-8ABB-D1FC29849AD4}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{7376C104-C9E4-4AEC-B915-A72A3B66A820}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{A77A88A9-73BC-4B1D-B049-0BD0F49D03DB}"= UDP:990:LocalSubnet:LocalSubnet|IF={97EA40B6-82BD-4E63-80F4-DFBDFF00F736}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{D81722AA-F4F2-4FEC-975D-8C57B7EFB092}"= UDP:c:\program files\Common Files\AOL\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{0401743A-EF7F-42A6-BDF3-28023D356842}"= TCP:c:\program files\Common Files\AOL\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{03D1DD4D-B024-4B35-BE1B-25599C394057}"= UDP:c:\program files\Common Files\AOL\acs\AOLacsd.exe:AOL Connectivity Service
"{89607905-C3CA-4DE3-A58F-133019CE8D07}"= TCP:c:\program files\Common Files\AOL\acs\AOLacsd.exe:AOL Connectivity Service
"{BAB018C8-CD1F-4DE9-A5BE-F55A506A4162}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{2BCF0F2E-8EF4-445D-8FC1-A1B0E16F8058}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{07FF080E-59F8-4AF9-9CD3-FB598BF045E5}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{BEA8A453-6217-4809-AA38-4A39D456C698}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{4E155F3A-C887-4557-BD30-C6C90C92FE5A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{18E6036B-F65F-4609-A26A-A526A321486C}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{19B71611-8C29-4909-A421-65A062ABBE6E}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{75695D55-8C2B-4AEE-842C-60F080DFBD80}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{9ED15ADD-5C48-4082-8204-2D12652DD189}"= UDP:c:\program files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{429FF43A-4FBA-490F-A971-058C5E202FD3}"= TCP:c:\program files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{B0B9BC3F-D5D3-4C0B-AE86-1C7A82D20A8C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1B78D340-1671-4D08-AA4B-5996370B55E7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away17th June 2009, 6:55 pm

more_horiz
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EarthLink Installer"="/C" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-25 442467]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-13 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-13 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-22 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2007-08-27 1807696]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
"DLCICATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
"HostManager"="c:\program files\Common Files\AOL\1242956320\ee\AOLSoftware.exe" [2006-09-26 50736]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-05-24 26112]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

c:\users\James Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

c:\users\James Williams_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-22 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-5-2 1211472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-22 09:07 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away17th June 2009, 6:56 pm

more_horiz
((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-12-15 12:10 . 2009-12-15 12:10 9099 ----a-w- c:\windows\system32\5b26backdooz15659.bin
2009-12-13 11:47 . 2009-12-13 11:47 14440 ----a-w- c:\windows\system32\5f85steal29z3.bin
2009-12-08 12:42 . 2009-12-08 12:42 14712 ----a-w- c:\windows\system32\554zvirus699.dll
2009-11-25 21:07 . 2009-11-25 21:07 12018 ----a-w- c:\windows\system32\5290ztroj439.exe
2009-11-13 22:31 . 2009-11-13 22:31 15357 ----a-w- c:\windows\system32\6704s9amzo576e.exe
2009-11-13 08:34 . 2009-11-13 08:34 12567 ----a-w- c:\windows\system32\29905irus7z5.bin
2009-10-27 13:28 . 2009-10-27 13:28 3525 ----a-w- c:\windows\system32\60edsz5a9550.dll
2009-10-22 19:23 . 2009-10-22 19:23 3099 ----a-w- c:\windows\system32\28112nzt-a-viru53b9.exe
2009-10-16 17:04 . 2009-10-16 17:04 17814 ----a-w- c:\windows\system32\955troj6az9.bin
2009-10-16 07:22 . 2009-10-16 07:22 5031 ----a-w- c:\windows\system32\5da9azdwar51559.exe
2009-10-15 06:57 . 2009-10-15 06:57 16177 ----a-w- c:\windows\system32\5z951virusb2.dll
2009-09-15 08:09 . 2009-09-15 08:09 16331 ----a-w- c:\windows\system32\5836znot-a-virus696.dll
2009-09-14 19:36 . 2009-09-14 19:36 14558 ----a-w- c:\windows\system32\z0655troj7e9.exe
2009-09-13 06:56 . 2009-09-13 06:56 5178 ----a-w- c:\windows\system32\a8th59f1278z.dll
2009-09-03 09:39 . 2009-09-03 09:39 10835 ----a-w- c:\windows\system32\5945s9ambot3ze.bin
2009-09-02 22:02 . 2009-09-02 22:02 10020 ----a-w- c:\windows\system32\31255szy509.dll
2009-09-01 20:43 . 2009-09-01 20:43 8200 ----a-w- c:\windows\system32\459cdownl5ader3089z.exe
2009-09-01 05:04 . 2009-09-01 05:04 7066 ----a-w- c:\windows\system32\z566759oj60c.exe
2009-08-15 09:19 . 2009-08-15 09:19 9014 ----a-w- c:\windows\system32\31z599acktool785.bin
2009-08-04 20:27 . 2009-08-04 20:27 4665 ----a-w- c:\windows\system32\2z032hackto955ed.exe
2009-08-02 02:25 . 2009-08-02 02:25 2541 ----a-w- c:\windows\system32\z758backdoor2669.exe
2009-07-25 13:47 . 2009-07-25 13:47 5838 ----a-w- c:\windows\system32\4953tro5265z.bin
2009-07-16 21:56 . 2009-07-16 21:56 14330 ----a-w- c:\windows\system32\dc9zack5oor15699.exe
2009-07-06 02:33 . 2009-07-06 02:33 7478 ----a-w- c:\windows\system32\z199not-5-virus115.bin
2009-06-27 20:40 . 2009-06-27 20:40 7081 ----a-w- c:\windows\system32\5545spy1f9z.dll
2009-06-24 13:11 . 2009-06-24 13:11 12229 ----a-w- c:\windows\system32\9291downl5zder754.exe
2009-06-22 07:39 . 2009-06-22 07:39 16033 ----a-w- c:\windows\system32\47d7addzar517659.bin
2009-06-20 14:05 . 2009-06-20 14:05 11864 ----a-w- c:\windows\system32\755bazkdoor24889.exe
2009-06-19 00:42 . 2009-06-19 00:42 16796 ----a-w- c:\windows\system32\b26thzeat525329.exe
2009-06-18 13:37 . 2009-06-18 13:37 14739 ----a-w- c:\windows\system32\5cz0downlo9d5r3272.dll
2009-06-17 18:45 . 2009-06-17 18:45 -------- d-----w- c:\users\James Williams_2\AppData\Local\temp
2009-06-17 18:45 . 2009-06-17 18:45 -------- d-----w- c:\users\James Williams\AppData\Local\temp
2009-06-17 18:45 . 2009-06-17 18:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-06-16 17:36 . 2009-06-16 17:36 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-16 17:33 . 2009-06-16 17:33 -------- d-----w- c:\program files\AVG
2009-06-14 18:10 . 2009-06-14 18:10 16566 ----a-w- c:\windows\system32\f3ezteal29359.bin
2009-06-14 03:48 . 2009-06-14 03:48 -------- d-----w- c:\program files\Game Rival
2009-06-13 11:56 . 2009-06-13 11:56 2708 ----a-w- c:\windows\system32\599downloaderz539.exe
2009-06-06 15:52 . 2009-06-06 15:52 15424 ----a-w- c:\windows\system32\3166thr59t26223z.dll
2009-06-06 04:06 . 2009-06-06 04:06 -------- d-----w- c:\program files\iPod
2009-06-06 04:06 . 2009-06-06 04:07 -------- d-----w- c:\program files\iTunes
2009-06-06 03:56 . 2009-06-06 03:56 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 14:01 . 2009-06-03 14:01 10781 ----a-w- c:\windows\system32\32647z5ambot298.bin
2009-06-02 20:59 . 2009-06-02 20:59 16 ----a-w- c:\windows\popcinfo.dat
2009-06-02 20:17 . 2009-06-02 20:18 -------- d-----w- c:\program files\Bejeweled 2
2009-06-02 20:17 . 2009-06-02 20:17 -------- d-----w- c:\program files\bfgclient
2009-06-02 20:16 . 2009-06-02 20:17 -------- d-----w- C:\BigFishGamesCache
2009-06-02 02:19 . 2009-02-24 22:22 589824 ----a-w- c:\users\James Williams\AppData\Roaming\Flock\Browser\Profiles\fb4pfu1w.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
2009-06-01 19:48 . 2009-06-01 19:48 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\Flock
2009-06-01 19:48 . 2009-06-01 19:48 -------- d-----w- c:\users\James Williams_2\AppData\Local\Flock
2009-06-01 01:19 . 2009-06-01 01:19 -------- d-----w- c:\users\James Williams\AppData\Roaming\Flock
2009-06-01 01:19 . 2009-06-01 01:19 -------- d-----w- c:\users\James Williams\AppData\Local\Flock
2009-06-01 01:19 . 2009-06-17 02:19 -------- d-----w- c:\program files\Flock
2009-06-01 01:17 . 2007-09-17 14:34 136528 ------w- c:\programdata\AOL\UserProfiles\All Users\SUDS\CACHE\4397.2.4\radioupd.exe
2009-05-24 14:52 . 2009-05-24 14:53 -------- d-----w- c:\program files\Common Files\aolback
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\Install ICQ
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\Install iTunes
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\Install AOL Communicator
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\AOL Instant Messenger
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\aolextras
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\programdata\Pure Networks
2009-05-24 14:51 . 1999-04-17 05:06 10752 ----a-w- c:\windows\system32\aamd532.dll
2009-05-24 14:51 . 2001-11-21 14:15 102400 ----a-w- c:\windows\system32\SimpleRegistry.dll
2009-05-24 14:51 . 1998-04-24 04:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-05-24 14:51 . 2009-05-31 20:18 -------- d-----w- c:\program files\Pure Networks
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\users\James Williams\AppData\Roaming\You've Got Pictures Screensaver
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\windows\occache
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\program files\Learn2.com
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\programdata\Viewpoint
2009-05-24 14:50 . 2009-05-24 14:51 -------- d-----w- c:\program files\Viewpoint
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-05-24 14:49 . 2009-05-24 14:49 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- C:\My Music
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\4Media
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\Real
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\Common Files\Real
2009-05-24 14:47 . 2004-05-07 20:54 65536 ----a-w- c:\windows\system32\jgsh400.dll
2009-05-24 14:47 . 2004-05-07 20:54 45568 ----a-w- c:\windows\system32\jgsd400.dll
2009-05-24 14:47 . 2004-05-07 20:54 35840 ----a-w- c:\windows\system32\jgmd400.dll
2009-05-24 14:46 . 2009-05-24 14:46 -------- d-----w- c:\programdata\AOL Downloads
2009-05-23 05:52 . 2009-05-23 05:52 -------- d-----w- c:\users\James Williams\AppData\Local\AOL
2009-05-22 01:39 . 2006-11-01 20:18 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys
2009-05-22 01:38 . 2009-06-01 01:14 -------- d-----w- c:\programdata\AOL
2009-05-22 01:38 . 2009-06-01 01:14 -------- d-----w- c:\program files\Common Files\AOL
2009-05-22 01:38 . 2009-06-01 01:09 -------- d--h--w- C:\TEMP
2009-05-21 03:30 . 2009-05-21 03:30 -------- d-----w- c:\users\James Williams_2\AppData\Local\Stardock_Corporation
2009-05-21 03:19 . 2009-05-21 03:19 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\Talkback
2009-05-21 03:18 . 2009-05-21 03:18 -------- d-----w- c:\users\James Williams_2\AppData\Local\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 03:48 . 2008-12-05 00:54 -------- d-----w- c:\program files\Oberon Media
2009-06-13 23:14 . 2008-12-14 20:06 -------- d-----w- c:\programdata\Dl_cats
2009-06-06 04:06 . 2008-11-26 15:48 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 04:04 . 2008-11-26 15:49 -------- d-----w- c:\program files\QuickTime
2009-06-05 19:37 . 2008-12-11 19:56 -------- d-----w- c:\programdata\Microsoft Help
2009-06-01 01:15 . 2009-06-01 01:10 -------- d-----w- c:\program files\AOL 9.0
2009-06-01 01:14 . 2009-05-24 14:59 -------- d-----w- c:\users\James Williams\AppData\Roaming\AOL
2009-06-01 01:13 . 2009-06-01 01:10 -------- d-----w- c:\program files\Common Files\aolshare
2009-05-29 01:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-29 01:00 . 2009-02-17 02:13 -------- d-----w- c:\program files\DivX
2009-05-26 00:12 . 2009-05-26 00:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-05-25 16:07 . 2009-05-25 16:07 -------- d-----w- c:\program files\Terayon
2009-05-25 16:07 . 2008-11-22 08:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 15:57 . 2009-05-25 15:57 -------- d---a-w- c:\program files\Connection Wizard
2009-05-25 15:57 . 2009-05-25 15:56 -------- d-----w- c:\program files\NetZeroInstaller
2009-05-24 14:46 . 2009-01-01 23:30 335 ----a-w- c:\windows\nsreg.dat
2009-05-16 02:43 . 2009-03-10 01:07 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\DivX
2009-05-14 07:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-11 11:26 . 2009-05-11 11:26 8439 ----a-w- c:\windows\system32\91918hazktool35c.bin
2009-05-11 05:42 . 2009-05-11 05:42 12509 ----a-w- c:\windows\system32\9787zot9a-virus657.bin
2009-05-08 12:39 . 2009-05-08 12:39 -------- d-----w- c:\programdata\Roxio
2009-05-08 12:39 . 2009-05-08 12:39 -------- d-----w- c:\users\James Williams\AppData\Roaming\Roxio
2009-04-30 20:50 . 2009-03-11 20:44 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\Audacity
2009-04-27 17:32 . 2009-04-27 17:32 12043 ----a-w- c:\windows\system32\7319t5r9atz0313.bin
2009-04-24 20:02 . 2009-04-24 20:01 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-04-14 21:59 . 2009-04-14 21:59 3303 ----a-w- c:\windows\system32\3115ztr5j229.exe
2009-04-11 02:37 . 2009-04-11 02:37 69632 ----a-r- c:\users\James Williams_2\AppData\Roaming\Microsoft\Installer\{66F49D6A-E999-4DB0-ADB6-EE546806E340}\NewShortcut2_33D628D2DE174DBC9E7D9A4B4649EF81.exe
2009-04-08 23:23 . 2009-04-08 23:23 10438 ----a-w- c:\windows\system32\5784v5r9s57dz.exe
2009-03-31 20:26 . 2009-03-31 20:26 554880 ----a-w- c:\users\Public\MyWebTattoo.exe
2009-03-19 20:32 . 2009-04-07 15:27 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2007-01-12 21:49 . 2009-02-11 02:22 25770 ----a-w- c:\program files\SFX Machine Pro Read Me.rtf
2008-11-22 08:50 . 2009-01-02 00:28 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-11-22 09:01 . 2008-11-22 09:01 76 --sh--r- c:\windows\CT4CET.bin
2008-11-22 09:59 . 2008-11-22 09:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 17:37 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-22 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away17th June 2009, 6:56 pm

more_horiz
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away17th June 2009, 6:57 pm

more_horiz
ComboFix 09-06-16.05 - James Williams_2 06/17/2009 14:37.1 - NTFSx86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1024 [GMT -4:00]
Running from: c:\users\James Williams_2\Downloads\combo-fix.exe
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
SP: PC-cillin Internet Security - Spyware Protection *disabled* (Outdated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away17th June 2009, 7:16 pm

more_horiz
Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\5b26backdooz15659.bin
c:\windows\system32\5f85steal29z3.bin
c:\windows\system32\554zvirus699.dll
c:\windows\system32\5290ztroj439.exe
c:\windows\system32\6704s9amzo576e.exe
c:\windows\system32\29905irus7z5.bin
c:\windows\system32\60edsz5a9550.dll
c:\windows\system32\28112nzt-a-viru53b9.exe
c:\windows\system32\955troj6az9.bin
c:\windows\system32\5da9azdwar51559.exe
c:\windows\system32\5z951virusb2.dll
c:\windows\system32\5836znot-a-virus696.dll
c:\windows\system32\z0655troj7e9.exe
c:\windows\system32\a8th59f1278z.dll
c:\windows\system32\5945s9ambot3ze.bin
c:\windows\system32\31255szy509.dll
c:\windows\system32\459cdownl5ader3089z.exe
c:\windows\system32\z566759oj60c.exe
c:\windows\system32\31z599acktool785.bin
c:\windows\system32\2z032hackto955ed.exe
c:\windows\system32\z758backdoor2669.exe
c:\windows\system32\4953tro5265z.bin
c:\windows\system32\dc9zack5oor15699.exe
c:\windows\system32\z199not-5-virus115.bin
c:\windows\system32\5545spy1f9z.dll
c:\windows\system32\9291downl5zder754.exe
c:\windows\system32\47d7addzar517659.bin
c:\windows\system32\755bazkdoor24889.exe
c:\windows\system32\b26thzeat525329.exe
c:\windows\system32\5cz0downlo9d5r3272.dll
c:\windows\system32\f3ezteal29359.bin
c:\windows\system32\599downloaderz539.exe
c:\windows\system32\3166thr59t26223z.dll
c:\windows\system32\32647z5ambot298.bin
c:\windows\system32\91918hazktool35c.bin
c:\windows\system32\9787zot9a-virus657.bin
c:\windows\system32\5784v5r9s57dz.exe
c:\windows\system32\3115ztr5j229.exe

Folder::
c:\programdata\Viewpoint
c:\program files\Viewpoint


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
winbluesoft wont go away Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
winbluesoft wont go away DXwU4
winbluesoft wont go away VvYDg

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away18th June 2009, 12:48 am

more_horiz
ComboFix 09-06-16.05 - James Williams_2 06/17/2009 20:30.2 - NTFSx86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.1.1033.18.2037.883 [GMT -4:00]
Running from: c:\users\James Williams_2\Downloads\combo-fix.exe
Command switches used :: c:\users\James Williams_2\Desktop\CFScript.txt
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
SP: PC-cillin Internet Security - Spyware Protection *disabled* (Outdated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\28112nzt-a-viru53b9.exe"
"c:\windows\system32\29905irus7z5.bin"
"c:\windows\system32\2z032hackto955ed.exe"
"c:\windows\system32\3115ztr5j229.exe"
"c:\windows\system32\31255szy509.dll"
"c:\windows\system32\3166thr59t26223z.dll"
"c:\windows\system32\31z599acktool785.bin"
"c:\windows\system32\32647z5ambot298.bin"
"c:\windows\system32\459cdownl5ader3089z.exe"
"c:\windows\system32\47d7addzar517659.bin"
"c:\windows\system32\4953tro5265z.bin"
"c:\windows\system32\5290ztroj439.exe"
"c:\windows\system32\5545spy1f9z.dll"
"c:\windows\system32\554zvirus699.dll"
"c:\windows\system32\5784v5r9s57dz.exe"
"c:\windows\system32\5836znot-a-virus696.dll"
"c:\windows\system32\5945s9ambot3ze.bin"
"c:\windows\system32\599downloaderz539.exe"
"c:\windows\system32\5b26backdooz15659.bin"
"c:\windows\system32\5cz0downlo9d5r3272.dll"
"c:\windows\system32\5da9azdwar51559.exe"
"c:\windows\system32\5f85steal29z3.bin"
"c:\windows\system32\5z951virusb2.dll"
"c:\windows\system32\60edsz5a9550.dll"
"c:\windows\system32\6704s9amzo576e.exe"
"c:\windows\system32\755bazkdoor24889.exe"
"c:\windows\system32\91918hazktool35c.bin"
"c:\windows\system32\9291downl5zder754.exe"
"c:\windows\system32\955troj6az9.bin"
"c:\windows\system32\9787zot9a-virus657.bin"
"c:\windows\system32\a8th59f1278z.dll"
"c:\windows\system32\b26thzeat525329.exe"
"c:\windows\system32\dc9zack5oor15699.exe"
"c:\windows\system32\f3ezteal29359.bin"
"c:\windows\system32\z0655troj7e9.exe"
"c:\windows\system32\z199not-5-virus115.bin"
"c:\windows\system32\z566759oj60c.exe"
"c:\windows\system32\z758backdoor2669.exe"
.

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away18th June 2009, 12:49 am

more_horiz
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint
c:\programdata\Viewpoint
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
c:\programdata\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-672059697.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-681648789.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-716026614.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1588488936.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1697589072.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1024896942.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1136233701.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\290547230.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-207333975.mtx
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\346840136.mtx
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\648662744.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-299234580.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-347626359.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\2091149108.swf
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx
c:\programdata\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9\FLFBootStrap.mtx
c:\programdata\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus\FLFBootStrap.mtx
c:\windows\system32\24z6downloade92195.ocx

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away18th June 2009, 12:49 am

more_horiz
c:\windows\system32\2511zvi9us311.dll
c:\windows\system32\25130zp970d.dll
c:\windows\system32\25396nzt9a-virus197.bin
c:\windows\system32\25416ha9ztoo552.cpl
c:\windows\system32\25516spambzt592.cpl
c:\windows\system32\2561spyzare27259.bin
c:\windows\system32\2569steaz600.exe
c:\windows\system32\25843v5rzs23b9.cpl
c:\windows\system32\259z95roj50.dll
c:\windows\system32\25cfzhreat99491.ocx
c:\windows\system32\25d9addw9rez209.cpl
c:\windows\system32\26339spy5cbz.bin
c:\windows\system32\26599noz-a-virusa4.exe
c:\windows\system32\26f4zd9ware125.exe
c:\windows\system32\273ebz9kdoor7985.cpl
c:\windows\system32\28112nzt-a-viru53b9.exe
c:\windows\system32\285909ro5z7c.ocx
c:\windows\system32\285b95r33z.cpl
c:\windows\system32\28e39pyzare24905.dll
c:\windows\system32\28z93w5rm3c6.cpl
c:\windows\system32\2911s95az984.cpl
c:\windows\system32\29163not-azvi5us979.cpl
c:\windows\system32\291zspa5se2405.exe
c:\windows\system32\29392not-a-vir5s115z.exe
c:\windows\system32\29789zp5mb9t1cb.bin
c:\windows\system32\29905irus7z5.bin
c:\windows\system32\299ebackd5or2z12.bin
c:\windows\system32\2a915hreat1z71.ocx
c:\windows\system32\2e98thrzat25072.ocx
c:\windows\system32\2ef5virz669.exe
c:\windows\system32\2z0199roj745.bin
c:\windows\system32\2z032hackto955ed.exe
c:\windows\system32\2z573virus7119.exe
c:\windows\system32\30259vizu9599.ocx
c:\windows\system32\30340troj957z.exe
c:\windows\system32\30949zpamb5t39d.exe
c:\windows\system32\31019hac9too5z9.cpl
c:\windows\system32\310965pamboz93b.bin
c:\windows\system32\3115ztr5j229.exe
c:\windows\system32\31255szy509.dll
c:\windows\system32\312z5t9oj5bc.ocx
c:\windows\system32\3166thr59t26223z.dll
c:\windows\system32\31z599acktool785.bin
c:\windows\system32\323355pamz9t2cd.cpl
c:\windows\system32\32544n5t-z-virus697.bin
c:\windows\system32\32647z5ambot298.bin
c:\windows\system32\3271spazbot7895.bin
c:\windows\system32\3273baczdoo52496.ocx
c:\windows\system32\3307bac5doo9z79.exe
c:\windows\system32\335caddz5re17759.ocx
c:\windows\system32\335zthreat282859.dll
c:\windows\system32\34409ot-a-vz5us325.exe
c:\windows\system32\3546sparsez9615.bin
c:\windows\system32\355zroj1945.ocx
c:\windows\system32\35a2th9ea521z47.cpl
c:\windows\system32\35dea5dzar9753.exe
c:\windows\system32\35z9steal459.exe
c:\windows\system32\36b9vzr155.exe
c:\windows\system32\37a9vir2z45.ocx
c:\windows\system32\3802spyware17z95.ocx
c:\windows\system32\3871tr5jza9.cpl
c:\windows\system32\3875threat127z49.cpl
c:\windows\system32\39036not-a-zi5us172.ocx
c:\windows\system32\3967sz5al3226.ocx
c:\windows\system32\3980thr9at503z7.ocx
c:\windows\system32\3a99addw5ze14929.ocx
c:\windows\system32\3aadthi5f399z.cpl
c:\windows\system32\3c99z5r1641.bin
c:\windows\system32\3z05pyw9re2618.bin
c:\windows\system32\4098tr5jzd9.cpl
c:\windows\system32\4259roz35f.dll
c:\windows\system32\42z7s5y23f9.cpl
c:\windows\system32\446zthreat22595.dll
c:\windows\system32\449bszarse2541.cpl
c:\windows\system32\4513wo9m16z.ocx
c:\windows\system32\455zba9kdoor914.bin
c:\windows\system32\459cdownl5ader3089z.exe
c:\windows\system32\45d5addwzre24049.exe
c:\windows\system32\45z7sp9535.cpl
c:\windows\system32\45zdthreat6395.cpl
c:\windows\system32\46fzaddware35139.exe
c:\windows\system32\47d7addzar517659.bin
c:\windows\system32\47e3thie525z19.ocx
c:\windows\system32\4909bazkdo5r3192.exe
c:\windows\system32\4953tro5265z.bin
c:\windows\system32\495e5teaz1241.dll
c:\windows\system32\49bzdownloa5er979.dll
c:\windows\system32\4a86b5ckdoor3z9.dll
c:\windows\system32\4a969parze2565.dll
c:\windows\system32\4abz5ownloader2619.ocx
c:\windows\system32\4adf5ackdoor30z9.exe
c:\windows\system32\4az2v59921.cpl
c:\windows\system32\4czbth5ef2592.ocx
c:\windows\system32\4f74spyware25z95.ocx
c:\windows\system32\4z63s5y99c.cpl
c:\windows\system32\5002zhief25759.cpl
c:\windows\system32\5047spywzre2953.exe
c:\windows\system32\50a7szar5e16889.ocx
c:\windows\system32\50z9vir95.dll
c:\windows\system32\51575ir1609z.exe
c:\windows\system32\5158vzr9753.ocx
c:\windows\system32\51969viruszd1.dll
c:\windows\system32\51aav9r53z9.cpl
c:\windows\system32\51e5baz9door2981.ocx
c:\windows\system32\5239zhackt9ol20d.exe
c:\windows\system32\52848szy129.ocx
c:\windows\system32\5290ztroj439.exe
c:\windows\system32\529139zy1ad.exe
c:\windows\system32\52c9downloade5295z9.ocx
c:\windows\system32\52z9thief592.cpl
c:\windows\system32\52zavi52927.ocx
c:\windows\system32\539zthreat11818.exe
c:\windows\system32\541zwo9md5.dll
c:\windows\system32\5428s9y5ez.cpl
c:\windows\system32\551aviz897.dll
c:\windows\system32\552fdownload9r3165z.dll
c:\windows\system32\5545spy1f9z.dll
c:\windows\system32\554zvirus699.dll
c:\windows\system32\5556th9ez438.cpl
c:\windows\system32\555bz5arse49.bin
c:\windows\system32\55624not-z-v9rus2c.ocx
c:\windows\system32\5576a9zware1186.cpl
c:\windows\system32\5599backdoor1917z.exe
c:\windows\system32\55z4sparse2991.dll
c:\windows\system32\5615ackzoor6359.ocx
c:\windows\system32\5626hackto9l55z.bin
c:\windows\system32\569athief2z29.cpl
c:\windows\system32\569cvi9314z.dll
c:\windows\system32\569z49py53a.ocx
c:\windows\system32\56z7spy5cf9.dll
c:\windows\system32\5784v5r9s57dz.exe
c:\windows\system32\5795zackd9or877.dll
c:\windows\system32\57acdown59ader12z9.ocx
c:\windows\system32\58015zpy90f.ocx
c:\windows\system32\5836znot-a-virus696.dll
c:\windows\system32\589cs5y9zre25.dll
c:\windows\system32\59139zo9-a-virus275.cpl
c:\windows\system32\5921spz9bot52.cpl
c:\windows\system32\5941zir554.exe
c:\windows\system32\5945s9ambot3ze.bin
c:\windows\system32\59555tr9j7z9.exe
c:\windows\system32\595athiez9349.bin
c:\windows\system32\595zn9t-a-v5rus1b.exe
c:\windows\system32\5988zi51947.exe
c:\windows\system32\59929ormd2z.ocx
c:\windows\system32\5998downloader7z2.bin
c:\windows\system32\599downloaderz539.exe
c:\windows\system32\59d1zir3089.dll
c:\windows\system32\59z6v9r5s610.dll
c:\windows\system32\5a9cv9r294z.exe
c:\windows\system32\5b0a9hre5tz0578.dll
c:\windows\system32\5b26backdooz15659.bin
c:\windows\system32\5bf5bazkdo9r1017.cpl
c:\windows\system32\5c06th5eat22z96.exe
c:\windows\system32\5caaszarse1950.exe
c:\windows\system32\5ce9stea51597z.bin
c:\windows\system32\5cz0downlo9d5r3272.dll
c:\windows\system32\5cz0downloader983.cpl
c:\windows\system32\5da9azdwar51559.exe
c:\windows\system32\5efzspa9s5986.dll
c:\windows\system32\5ez6addwar91738.cpl
c:\windows\system32\5f85steal29z3.bin
c:\windows\system32\5fa1zdd9are31365.ocx
c:\windows\system32\5z36back9oor604.ocx
c:\windows\system32\5z57add5ar92055.exe
c:\windows\system32\5z5dsparse619.exe
c:\windows\system32\5z85t5ie9459.bin
c:\windows\system32\5z951virusb2.dll
c:\windows\system32\6058s9ywarez95.ocx
c:\windows\system32\607c9i5335z.cpl
c:\windows\system32\60edsz5a9550.dll
c:\windows\system32\613ea9dwar5220z.cpl
c:\windows\system32\63e25ir25z89.ocx
c:\windows\system32\6694addwa5ez11.dll
c:\windows\system32\66f49ddwar5550z.cpl
c:\windows\system32\6704s9amzo576e.exe
c:\windows\system32\6755not-a-v9rus185z.bin
c:\windows\system32\6760spzmbo95d45.ocx
c:\windows\system32\6953addware10z5.ocx
c:\windows\system32\6955spy6e6z.bin
c:\windows\system32\69b1spzrse27925.bin
c:\windows\system32\69c759dware3z5.bin
c:\windows\system32\6ab9bzckdo5r2505.exe
c:\windows\system32\6c6ds5ezl27519.cpl
c:\windows\system32\6c7f9teal265z.ocx
c:\windows\system32\6cb0spa9ze1252.exe
c:\windows\system32\6z07ad9ware2953.cpl
c:\windows\system32\6zb5backdoor2971.ocx
c:\windows\system32\6zbathi592724.ocx
c:\windows\system32\704bspzwa9e5718.ocx
c:\windows\system32\7319t5r9atz0313.bin
c:\windows\system32\75505ot-a-9iruz2cb.ocx
c:\windows\system32\7555tzief98.ocx
c:\windows\system32\755bazkdoor24889.exe
c:\windows\system32\7585spamb9tcbz.cpl
c:\windows\system32\7585zteal984.dll
c:\windows\system32\759zsp5ware2364.ocx
c:\windows\system32\7653ste9l504z.cpl
c:\windows\system32\76935iz2609.cpl
c:\windows\system32\76dado9nloaze51509.dll
c:\windows\system32\77fcspa9sz5965.cpl
c:\windows\system32\78azthief8975.ocx
c:\windows\system32\793spar5e1545z.dll
c:\windows\system32\7947nzt-a-vir5sd2.dll
c:\windows\system32\7b7vi9957z.ocx
c:\windows\system32\7b9zb9ckdoor19895.ocx
c:\windows\system32\7c8sparse59z9.cpl
c:\windows\system32\7cdd9parse575z.ocx
c:\windows\system32\7cz6st5al19959.ocx
c:\windows\system32\7d685teal89z.ocx
c:\windows\system32\7daezhi9f553.bin
c:\windows\system32\7f83th9ef52z9.ocx
c:\windows\system32\7fz9bac5door773.dll
c:\windows\system32\8491h5zktool22c.cpl
c:\windows\system32\8536hack9o5l5z7.exe
c:\windows\system32\8z60spa5botac9.cpl
c:\windows\system32\8z7addw5re26309.cpl
c:\windows\system32\902z9roj78f5.cpl
c:\windows\system32\9039spy565z.exe
c:\windows\system32\9089ackt5zl342.bin
c:\windows\system32\911z5spy58c.cpl
c:\windows\system32\91918hazktool35c.bin
c:\windows\system32\92172z5rm6cf.ocx
c:\windows\system32\9291downl5zder754.exe
c:\windows\system32\92cathreaz32652.bin
c:\windows\system32\92dbackdoo5z443.exe
c:\windows\system32\93056szy2395.ocx
c:\windows\system32\93095acktool47z.ocx
c:\windows\system32\9394not5a-virus6z.cpl
c:\windows\system32\93z52troj11a5.ocx
c:\windows\system32\9527sp5791z.cpl
c:\windows\system32\955troj6az9.bin
c:\windows\system32\95652viru554z.exe
c:\windows\system32\9577thief2z00.ocx
c:\windows\system32\95785worm60bz.bin
c:\windows\system32\95dath5ef3162z.bin
c:\windows\system32\95dv9z20.ocx
c:\windows\system32\95e0thiefz52.cpl
c:\windows\system32\95e7zhreat8619.exe
c:\windows\system32\96161viruszaf5.ocx
c:\windows\system32\9787zot9a-virus657.bin
c:\windows\system32\9843s5arse23z5.ocx
c:\windows\system32\9845spy137z.cpl
c:\windows\system32\99c5pywarez227.exe
c:\windows\system32\9a12downloader506z.exe
c:\windows\system32\9a3aspywaze365.bin
c:\windows\system32\9b53th5eat2z379.dll
c:\windows\system32\9f75vir25z8.bin
c:\windows\system32\9z79hac5tool4a0.bin
c:\windows\system32\9zfdown5oader2008.bin
c:\windows\system32\a5v9z551.dll
c:\windows\system32\a8th59f1278z.dll
c:\windows\system32\b26thzeat525329.exe
c:\windows\system32\c565ddwarz595.ocx
c:\windows\system32\c6fdownlo5d9z741.dll
c:\windows\system32\cbc5p9ware676z.cpl
c:\windows\system32\cfddownlzad9r13995.cpl
c:\windows\system32\d36thre5t8z97.exe
c:\windows\system32\d7dzownloade52299.bin
c:\windows\system32\d7zste5l9505.bin
c:\windows\system32\dc9zack5oor15699.exe
c:\windows\system32\dcc5t9al1974z.bin
c:\windows\system32\e39steal2957z.ocx
c:\windows\system32\e74threa93561z.ocx
c:\windows\system32\f3ezteal29359.bin
c:\windows\system32\z0565s9yb8.dll
c:\windows\system32\z0655troj7e9.exe
c:\windows\system32\z0812w5rm54a9.ocx
c:\windows\system32\z1152worm5e9.cpl
c:\windows\system32\z155spyw9re2492.dll
c:\windows\system32\z1765spy7679.ocx
c:\windows\system32\z199not-5-virus115.bin
c:\windows\system32\z1b1back9oor14555.ocx
c:\windows\system32\z2298tr5j450.exe
c:\windows\system32\z26dthief2591.cpl
c:\windows\system32\z349th5ef2436.ocx
c:\windows\system32\z46359orm46.cpl
c:\windows\system32\z4699sp56a39.cpl
c:\windows\system32\z4739h5ef823.dll
c:\windows\system32\z5095not9a-virus770.cpl
c:\windows\system32\z566759oj60c.exe
c:\windows\system32\z5799spy5f4.dll
c:\windows\system32\z6192w5rm750.bin
c:\windows\system32\z619tr5j7ac.ocx
c:\windows\system32\z61dth59f2277.dll
c:\windows\system32\z6769hacktoo57c9.dll
c:\windows\system32\z758backdoor2669.exe
c:\windows\system32\z75eaddware199.bin
c:\windows\system32\z769v5rus9ea.cpl
c:\windows\system32\z8936spambo57c6.dll
c:\windows\system32\z9069no9-a-viru529e.ocx
c:\windows\system32\zb0dst9al555.bin
c:\windows\system32\zf54thief14945.dll

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away18th June 2009, 12:50 am

more_horiz
((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.

2009-06-18 00:36 . 2009-06-18 00:40 -------- d-----w- c:\users\James Williams_2\AppData\Local\temp
2009-06-18 00:36 . 2009-06-18 00:36 -------- d-----w- c:\users\James Williams\AppData\Local\temp
2009-06-16 17:36 . 2009-06-16 17:36 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-16 17:33 . 2009-06-16 17:33 -------- d-----w- c:\program files\AVG
2009-06-14 03:48 . 2009-06-14 03:48 -------- d-----w- c:\program files\Game Rival
2009-06-06 04:06 . 2009-06-06 04:06 -------- d-----w- c:\program files\iPod
2009-06-06 04:06 . 2009-06-06 04:07 -------- d-----w- c:\program files\iTunes
2009-06-06 03:56 . 2009-06-06 03:56 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-02 20:59 . 2009-06-02 20:59 16 ----a-w- c:\windows\popcinfo.dat
2009-06-02 20:17 . 2009-06-02 20:18 -------- d-----w- c:\program files\Bejeweled 2
2009-06-02 20:17 . 2009-06-02 20:17 -------- d-----w- c:\program files\bfgclient
2009-06-02 20:16 . 2009-06-02 20:17 -------- d-----w- C:\BigFishGamesCache
2009-06-02 02:19 . 2009-02-24 22:22 589824 ----a-w- c:\users\James Williams\AppData\Roaming\Flock\Browser\Profiles\fb4pfu1w.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
2009-06-01 19:48 . 2009-06-01 19:48 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\Flock
2009-06-01 19:48 . 2009-06-01 19:48 -------- d-----w- c:\users\James Williams_2\AppData\Local\Flock
2009-06-01 01:19 . 2009-06-01 01:19 -------- d-----w- c:\users\James Williams\AppData\Roaming\Flock
2009-06-01 01:19 . 2009-06-01 01:19 -------- d-----w- c:\users\James Williams\AppData\Local\Flock
2009-06-01 01:19 . 2009-06-17 02:19 -------- d-----w- c:\program files\Flock
2009-06-01 01:17 . 2007-09-17 14:34 136528 ------w- c:\programdata\AOL\UserProfiles\All Users\SUDS\CACHE\4397.2.4\radioupd.exe
2009-05-24 14:52 . 2009-05-24 14:53 -------- d-----w- c:\program files\Common Files\aolback
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\Install ICQ
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\Install iTunes
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\Install AOL Communicator
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\AOL Instant Messenger
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- C:\aolextras
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\programdata\Pure Networks
2009-05-24 14:51 . 1999-04-17 05:06 10752 ----a-w- c:\windows\system32\aamd532.dll
2009-05-24 14:51 . 2001-11-21 14:15 102400 ----a-w- c:\windows\system32\SimpleRegistry.dll
2009-05-24 14:51 . 1998-04-24 04:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-05-24 14:51 . 2009-05-31 20:18 -------- d-----w- c:\program files\Pure Networks
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\users\James Williams\AppData\Roaming\You've Got Pictures Screensaver
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\windows\occache
2009-05-24 14:51 . 2009-05-24 14:51 -------- d-----w- c:\program files\Learn2.com
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-05-24 14:49 . 2009-05-24 14:49 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- C:\My Music
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\4Media
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\Real
2009-05-24 14:49 . 2009-05-24 14:49 -------- d-----w- c:\program files\Common Files\Real
2009-05-24 14:47 . 2004-05-07 20:54 65536 ----a-w- c:\windows\system32\jgsh400.dll
2009-05-24 14:47 . 2004-05-07 20:54 45568 ----a-w- c:\windows\system32\jgsd400.dll
2009-05-24 14:47 . 2004-05-07 20:54 35840 ----a-w- c:\windows\system32\jgmd400.dll
2009-05-24 14:46 . 2009-05-24 14:46 -------- d-----w- c:\programdata\AOL Downloads
2009-05-23 05:52 . 2009-05-23 05:52 -------- d-----w- c:\users\James Williams\AppData\Local\AOL
2009-05-22 01:39 . 2006-11-01 20:18 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys
2009-05-22 01:38 . 2009-06-01 01:14 -------- d-----w- c:\programdata\AOL
2009-05-22 01:38 . 2009-06-01 01:14 -------- d-----w- c:\program files\Common Files\AOL
2009-05-22 01:38 . 2009-06-01 01:09 -------- d--h--w- C:\TEMP
2009-05-21 03:30 . 2009-05-21 03:30 -------- d-----w- c:\users\James Williams_2\AppData\Local\Stardock_Corporation
2009-05-21 03:19 . 2009-05-21 03:19 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\Talkback
2009-05-21 03:18 . 2009-05-21 03:18 -------- d-----w- c:\users\James Williams_2\AppData\Local\Mozilla

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away18th June 2009, 12:51 am

more_horiz
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 03:48 . 2008-12-05 00:54 -------- d-----w- c:\program files\Oberon Media
2009-06-13 23:14 . 2008-12-14 20:06 -------- d-----w- c:\programdata\Dl_cats
2009-06-06 04:06 . 2008-11-26 15:48 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 04:04 . 2008-11-26 15:49 -------- d-----w- c:\program files\QuickTime
2009-06-05 19:37 . 2008-12-11 19:56 -------- d-----w- c:\programdata\Microsoft Help
2009-06-01 01:15 . 2009-06-01 01:10 -------- d-----w- c:\program files\AOL 9.0
2009-06-01 01:14 . 2009-05-24 14:59 -------- d-----w- c:\users\James Williams\AppData\Roaming\AOL
2009-06-01 01:13 . 2009-06-01 01:10 -------- d-----w- c:\program files\Common Files\aolshare
2009-05-29 01:00 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-29 01:00 . 2009-02-17 02:13 -------- d-----w- c:\program files\DivX
2009-05-26 00:12 . 2009-05-26 00:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-05-25 16:07 . 2009-05-25 16:07 -------- d-----w- c:\program files\Terayon
2009-05-25 16:07 . 2008-11-22 08:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 15:57 . 2009-05-25 15:57 -------- d---a-w- c:\program files\Connection Wizard
2009-05-25 15:57 . 2009-05-25 15:56 -------- d-----w- c:\program files\NetZeroInstaller
2009-05-24 14:46 . 2009-01-01 23:30 335 ----a-w- c:\windows\nsreg.dat
2009-05-16 02:43 . 2009-03-10 01:07 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\DivX
2009-05-14 07:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-08 12:39 . 2009-05-08 12:39 -------- d-----w- c:\programdata\Roxio
2009-05-08 12:39 . 2009-05-08 12:39 -------- d-----w- c:\users\James Williams\AppData\Roaming\Roxio
2009-04-30 20:50 . 2009-03-11 20:44 -------- d-----w- c:\users\James Williams_2\AppData\Roaming\Audacity
2009-04-24 20:02 . 2009-04-24 20:01 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-04-11 02:37 . 2009-04-11 02:37 69632 ----a-r- c:\users\James Williams_2\AppData\Roaming\Microsoft\Installer\{66F49D6A-E999-4DB0-ADB6-EE546806E340}\NewShortcut2_33D628D2DE174DBC9E7D9A4B4649EF81.exe
2009-03-31 20:26 . 2009-03-31 20:26 554880 ----a-w- c:\users\Public\MyWebTattoo.exe
2007-01-12 21:49 . 2009-02-11 02:22 25770 ----a-w- c:\program files\SFX Machine Pro Read Me.rtf
2008-11-22 08:50 . 2009-01-02 00:28 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-11-22 09:01 . 2008-11-22 09:01 76 --sh--r- c:\windows\CT4CET.bin
2008-11-22 09:59 . 2008-11-22 09:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-06-17_18.46.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18248_none_f34a4cecba3fd10b\mshtmler.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18248_none_ae0ee83906df1e56\admparse.dll
+ 2008-11-22 10:08 . 2008-11-22 10:08 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\WininetPlugin.dll
+ 2008-01-21 01:58 . 2009-06-18 00:40 44526 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-18 00:40 80396 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-26 15:01 . 2009-06-18 00:38 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-26 15:01 . 2009-06-17 18:34 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-26 15:01 . 2009-06-18 00:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-26 15:01 . 2009-06-17 18:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-26 15:01 . 2009-06-17 18:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-26 15:01 . 2009-06-18 00:38 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:25 . 2008-01-21 02:25 6656 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18254_none_33f7ddc1da1f1d8a\McrMgr.dll
+ 2008-11-26 21:26 . 2009-06-18 00:36 2890 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-11-26 21:26 . 2009-06-06 04:11 2890 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-03-04 20:31 . 2009-06-18 00:40 5970 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-635421117-3193100926-2788871618-1001_UserData.bin
- 2009-06-17 18:34 . 2009-06-17 18:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-18 00:38 . 2009-06-18 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-18 00:38 . 2009-06-18 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-17 18:34 . 2009-06-17 18:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-01-21 02:24 . 2008-01-21 02:24 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18248_none_647f330bae383e13\ieui.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18248_none_478070c58c9d650d\sqmapi.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18248_none_ae0ee83906df1e56\ieakui.dll
+ 2008-11-26 16:29 . 2009-06-18 00:21 364340 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-06-17 19:05 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-17 18:45 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-17 19:05 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-06-17 18:45 101350 c:\windows\System32\perfc009.dat
+ 2009-05-13 10:44 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22435_none_f2f64e4f84abbcec\OESpamFilter.dat
+ 2009-05-13 10:44 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18259_none_f25b10ee6b9abd39\OESpamFilter.dat
+ 2009-05-13 10:44 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21056_none_f0fb46578794b34f\OESpamFilter.dat
+ 2009-05-13 10:44 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16860_none_f060ffc26e84642a\OESpamFilter.dat
+ 2008-01-21 02:24 . 2008-01-21 02:24 2455488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21046_none_fa10127687d0d070\ieapfltr.dat
+ 2008-01-21 02:24 . 2008-01-21 02:24 2455488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16851_none_f976cc2b6ebf9aa2\ieapfltr.dat
+ 2006-11-02 10:22 . 2009-06-18 00:37 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-06-02 01:54 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-06-18 00:28 . 2009-06-18 00:28 6328320 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-05-01 07:01 . 2009-06-17 23:19 68822149 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away18th June 2009, 12:51 am

more_horiz
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 17:37 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-22 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EarthLink Installer"="/C" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-25 442467]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-13 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-13 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-22 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2007-08-27 1807696]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
"DLCICATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
"HostManager"="c:\program files\Common Files\AOL\1242956320\ee\AOLSoftware.exe" [2006-09-26 50736]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-05-24 26112]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

c:\users\James Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

c:\users\James Williams_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-22 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-5-2 1211472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-22 09:07 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away18th June 2009, 12:51 am

more_horiz
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7E98E1EE-0D97-4E48-AD58-AFB224D32606}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{1A690072-2B94-4B96-BD05-2ABBDCA3DAE9}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{CB0073B7-D67B-45DF-9631-3EAE86A416DD}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{F941A0A8-11AD-42B6-844D-45BF2F8D8168}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{818FEA4B-244E-463F-B827-D12D0829BF50}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{8C40712C-124E-4A12-89EE-5006A3BD6A57}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{E088A383-01F3-4859-AA58-5252C3235F97}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{05B5AB04-D7E3-4995-ABD6-24EEFDFD10F2}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F15C6AFB-2B39-41F8-A455-0FD0085E4F31}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A270C37D-CF63-4D81-B7DD-880D3BF2297C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2D979AD3-3162-4081-8491-A89B3D9F5AF7}"= UDP:c:\program files\Dell V305\dldtamon.exe:Dell Device Monitor
"{68CA02B8-E1E0-42AF-BA74-E3A771BF063C}"= TCP:c:\program files\Dell V305\dldtamon.exe:Dell Device Monitor
"{0E3BD90B-3283-416F-84EB-4067E2A94E15}"= UDP:c:\program files\Dell V305\frun.exe:Dell Imaging Toolbox
"{A8C53F17-4181-4452-8B0C-973EF0F9CADD}"= TCP:c:\program files\Dell V305\frun.exe:Dell Imaging Toolbox
"{A7451A10-F7F8-471B-B962-2029B6E6BAD4}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{08575818-4B96-4180-ACE6-3AA275A604DB}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{7DF05405-931E-46B5-87CC-EBD7C6A325ED}"= UDP:c:\program files\Dell V305\dldtmon.exe:Printer Device Monitor
"{6384988E-20E8-4737-9F11-58487160FF38}"= TCP:c:\program files\Dell V305\dldtmon.exe:Printer Device Monitor
"{C86A5773-D497-444C-B729-4932193B812D}"= UDP:c:\windows\System32\dldtcoms.exe:Lexmark Communications System
"{AB3C388F-C1A0-4C56-AD91-B5F42A1767C4}"= TCP:c:\windows\System32\dldtcoms.exe:Lexmark Communications System
"{068FFBE2-52D0-4A39-A81B-548572A19296}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"{611D736A-CD86-44E9-BCE5-3D994F36B73A}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dldtpswx.exe:Printer Status Window Interface
"{3BE49610-21A0-4BA0-A02A-2507B9A664B3}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dldttime.exe:Time Executable
"{68D0193A-32B4-4571-964A-507F173F1EE1}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dldttime.exe:Time Executable
"{823434F2-C974-4051-BEB9-0C3E3CA01435}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dldtjswx.exe:Job Status Window Interface
"{6C0B27C4-0EF7-4255-9571-C1F81763845D}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dldtjswx.exe:Job Status Window Interface
"{832D5E6D-15BD-46AA-B143-D54EF85A9AC5}"= UDP:c:\windows\System32\dlcicoms.exe:Dell 946 Server
"{CF4B1FAF-0230-489A-AA47-3FA9E1640555}"= TCP:c:\windows\System32\dlcicoms.exe:Dell 946 Server
"{A970F9FD-7D45-4755-9FA8-F4ADC5D105CF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{37E3B7A7-F7AA-4984-8DD2-5945C8DEAC48}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4BE6CCE9-FC80-460B-B5BD-A703EBBC9741}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{951A06AE-E746-4D4F-9E9B-4F86A39F51EF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A9967349-4112-498A-8743-3BE08232562D}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{BFDC91F5-5DF4-47E7-8ECD-C052C5C48460}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{E9DBCE7F-084F-4FF7-8ABB-D1FC29849AD4}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{7376C104-C9E4-4AEC-B915-A72A3B66A820}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{A77A88A9-73BC-4B1D-B049-0BD0F49D03DB}"= UDP:990:LocalSubnet:LocalSubnet|IF={97EA40B6-82BD-4E63-80F4-DFBDFF00F736}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{D81722AA-F4F2-4FEC-975D-8C57B7EFB092}"= UDP:c:\program files\Common Files\AOL\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{0401743A-EF7F-42A6-BDF3-28023D356842}"= TCP:c:\program files\Common Files\AOL\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{03D1DD4D-B024-4B35-BE1B-25599C394057}"= UDP:c:\program files\Common Files\AOL\acs\AOLacsd.exe:AOL Connectivity Service
"{89607905-C3CA-4DE3-A58F-133019CE8D07}"= TCP:c:\program files\Common Files\AOL\acs\AOLacsd.exe:AOL Connectivity Service
"{BAB018C8-CD1F-4DE9-A5BE-F55A506A4162}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{2BCF0F2E-8EF4-445D-8FC1-A1B0E16F8058}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{07FF080E-59F8-4AF9-9CD3-FB598BF045E5}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{BEA8A453-6217-4809-AA38-4A39D456C698}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{4E155F3A-C887-4557-BD30-C6C90C92FE5A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{18E6036B-F65F-4609-A26A-A526A321486C}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{19B71611-8C29-4909-A421-65A062ABBE6E}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{75695D55-8C2B-4AEE-842C-60F080DFBD80}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{9ED15ADD-5C48-4082-8204-2D12652DD189}"= UDP:c:\program files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{429FF43A-4FBA-490F-A971-058C5E202FD3}"= TCP:c:\program files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{B0B9BC3F-D5D3-4C0B-AE86-1C7A82D20A8C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1B78D340-1671-4D08-AA4B-5996370B55E7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away18th June 2009, 12:52 am

more_horiz
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe [11/22/2008 6:14 AM 73728]
R2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [9/24/2008 12:09 AM 155648]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/27/2007 5:22 AM 345432]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/27/2007 5:22 AM 923216]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [11/22/2008 4:51 AM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/27/2007 5:22 AM 566872]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [11/22/2008 6:15 AM 111616]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [11/22/2008 6:15 AM 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [11/22/2008 6:15 AM 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [11/22/2008 6:15 AM 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [11/22/2008 6:15 AM 277440]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\System32\drivers\TM_CFW.sys [11/22/2008 4:51 AM 280392]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\dldtserv.exe [2/25/2008 5:38 PM 99568]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/22/2008 4:50 AM 30192]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\System32\drivers\tj2knd5.sys [5/25/2009 12:14 PM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\System32\drivers\tj2kunic.sys [5/25/2009 12:13 PM 69680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://http//www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 20:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\TEMP\TMP00000001FB51FEC235BF6EAF 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\windows\System32\wlanext.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\dlcicoms.exe
c:\windows\System32\dldtcoms.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\progra~1\TRENDM~1\INTERN~1\pccguide.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Dell V305\dldtmsdmon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-18 20:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-18 00:44
ComboFix2.txt 2009-06-17 18:47

Pre-Run: 100,166,864,896 bytes free
Post-Run: 100,056,252,416 bytes free

722 --- E O F --- 2009-06-17 23:17

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away18th June 2009, 1:00 am

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

winbluesoft wont go away CF_Cleanup

This will also reset your restore points.

How is the machine running now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
winbluesoft wont go away DXwU4
winbluesoft wont go away VvYDg

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away18th June 2009, 3:11 am

more_horiz
running like new...thanks alot for your help and i will try to donate.

descriptionwinbluesoft wont go away EmptyRe: winbluesoft wont go away

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum