win blue soft HELP

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

win blue soft HELP29th May 2009, 12:40 am

Hii, everyone!

my computer has this infection called win blue soft. It pops up and gives me false alerts. Also it changed my desktop background to something that says "WARNING, system infected". I've tried to follow the steps given in the guids of this forum, but my computer will not let me access the internet or any program at all. Not even the task manager. I am on another computer at the moment.

Any help will be greatly appreciated.

Re: win blue soft HELP29th May 2009, 1:19 am

sorry, also i cannot copy and paste from "hijack this" as i am on another computer which is not infected. As i said, my main computer which has win blue soft will not let me start up anything. I've tried to uninstall, didn't work. i can't open any of my files, the internet explorer browser or my existing anti virus software. Also, it automatically moves my mouse cursor to the start button and logs off evey now and then. what is going on?

Re: win blue soft HELP29th May 2009, 1:20 am

*by copy and paste i mean the long log from the hijackthis notepad

Re: win blue soft HELP29th May 2009, 3:03 am

This is a description from someone elsees thread, i'm experiencing the same problem.

I just picked up the winBlueSoft malware... I've read previous reccomendations but I can't execute any of them.
1. I can't access the internet now.
2. Copied Revo, hijack this, Mbam, but can't run them. Each time I double click I get a message on teh bottom rt side saying "Process cess cess cess c terminated ; Harmful memory infection was detected" (Or it shows what ever process I just attempted)
3. Also, keep getting 2 popups on the lower lt and rt side of screen every 60 seconds sayin, "Infiltration Alet Your computer is being attacked by an internet virus. "
4. Also the Windows Security Center window keeps poping up.
5. Lastly, the computer will reboot after about 5 minutes of idle useage.

Re: win blue soft HELP29th May 2009, 11:39 am

I've somehow managed to get avenger and "hijack this" onto my infected computer. however it will not let me run them properly. I opened avenger and ticked the remove rootkits box with no script in the script box. however error messages keep popping up. i don't know wat to do.

ps: i have disconnected the computer from the internet as the winbluesoft seems to be less active when disconnected.

Re: win blue soft HELP29th May 2009, 12:40 pm

Here is the script from hijack this. i got it to work somehow on my infected computer. hope someone can help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:42 PM, on 29/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\clickview\clickview library\clickviewhomeservice.exe
c:\program files\clickview\clickview library\clickviewserverservice.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
C:\Program Files\PC Tools Internet Security\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lingoes\Translator2\Lingoes.exe
C:\WINDOWS\system32\setup2.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Documents and Settings\user\Desktop\hijackgpthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Browser Defender\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Browser Defender Toolbar - {23B0D39A-E245-41B7-BF86-1238CF62625E} - C:\Program Files\Browser Defender\PCTBrowserDefender.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB Keyboard] C:\Program Files\USB Keyboard Driver\kb_2k.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Internet Security\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Lingoes] C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Double Desktop Switcher] C:\Program Files\Double Desktop Switcher\DoubleDesktop.exe
O4 - HKCU\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: MutiKeyboard Driver.lnk = C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\KbdDrv.exe.000
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {23B0D39A-E245-41B7-BF86-1238CF62625E} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepage
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209982679796
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll

Re: win blue soft HELP29th May 2009, 12:41 pm

O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: blocker.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Browser Defender\BDTUpdateService.exe
O23 - Service: ClickView Home Service - www.clickview.com.au - c:\program files\clickview\clickview library\clickviewhomeservice.exe
O23 - Service: ClickView Library Server - www.clickview.com.au - c:\program files\clickview\clickview library\clickviewserverservice.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: D4ACF08D - Unknown owner - C:\WINDOWS\system32\D641528B.EXE (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe

--
End of file - 16038 bytes

Re: win blue soft HELP29th May 2009, 12:43 pm

sorry it couldn't fit on one post.

no spaces were inserted in between.
just a direct cut and past from one post to next.

Re: win blue soft HELP29th May 2009, 7:33 pm

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV. (PC-Tools)
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: win blue soft HELP30th May 2009, 9:42 am

hello, thanks for the reply. i can't seem to run combo-fix even following the instructions. A small grey box appears just below centre of the screen. It looks like a loading bar with a red gauge, however it sort of just freezes.

I'm running it without internet connection though. and i have manually switched off my virus system. any suggestions?

Re: win blue soft HELP30th May 2009, 12:45 pm

Malware probably interfering.

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Try running Combofix from safe mode.

Re: win blue soft HELP30th May 2009, 12:51 pm

i got a notepad file called BOOTEX, is that useful at all?
also when i try to run avenger it comes up with several error messages in a row

Re: win blue soft HELP30th May 2009, 1:08 pm

also, i have tried to run combo fix from safe mode. but it will not work either.

error message reads as follows:

a device attached to the system is not functioning

this message appears for almost all other programs when in safe mode

Re: win blue soft HELP30th May 2009, 1:24 pm

in normal mode when i run combo-fix. The gauge has managed to load, but the message is:

Error: some files can not be created. please close all applications, reboot windows and restart the installation.[

However restarting my computer is not changing the message.

Also i cannot access my task manager

Re: win blue soft HELP30th May 2009, 1:53 pm

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

O4 - HKCU\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe
O20 - AppInit_DLLs: blocker.dll
Press "Fix Checked"
Close Hijack This.

Reboot and try running Combofix again.

Re: win blue soft HELP30th May 2009, 10:52 pm

Thanks Belahazur. Combo fix is running, but why is it run in chinese? My default language is English, but i do type chinese characters for some projects. How do i change the text back to english?

Re: win blue soft HELP30th May 2009, 10:56 pm

Not sure, but the log will come out in English either way, I'll be able to understand it.

Re: win blue soft HELP30th May 2009, 11:03 pm

actually, only the instructions are in chinese, the rest of the text is in english letters. =D

um, could you please stay online for a bit, i would like to fix up my computer soon. thanks so much for all your help

Re: win blue soft HELP30th May 2009, 11:21 pm

Combo fix ran for about 15 minutes where all this text came up. Then it restarted and the blue screen reappeared, but it seems to be inactive. however the cursor is flashing. where do i find the text to post to you?

Re: win blue soft HELP30th May 2009, 11:24 pm

Don't worry, I'll be online for the next 1hr or so, then bed.

Leave it for a little while. It might still be doing something.

Re: win blue soft HELP30th May 2009, 11:25 pm

hi, thanks again. the script has been found, but its too big to post. how do i get it to you?

also how long do you reckon it will take?

Re: win blue soft HELP30th May 2009, 11:32 pm

Split it up into more than one post.

How long? As in how long until your free to go?
Depends what the log tells me.

Re: win blue soft HELP30th May 2009, 11:35 pm

ComboFix 09-05-29.01 - user 5/2009 Sun 8:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.1023.319 [GMT 10:00]
Ö´ÐÐÎ»ÖÃ: c:\documents and settings\user\Desktop\Fix-Combo.exe
AV: Internet Security Anti-Virus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Internet Security Firewall *disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}
* ³É¹¦´´ÔìÐÂ»¹Ôµã
.

((((((((((((((((((((((((((((((((((((((( ±»É¾³ýµÄµµ°¸ )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\docume~1\user\LOCALS~1\Temp\{E5ADE036-6E17-4473-980A-16CAE81E04E6}\_extra\objects\cmdline.dll
c:\documents and settings\user\Local Settings\Temp\{E5ADE036-6E17-4473-980A-16CAE81E04E6}\_extra\objects\cmdline.dll
c:\windows\10065n9t-a-vzrus463.dll
c:\windows\1035spar9ez0565.cpl
c:\windows\103645zrus5f89.exe
c:\windows\10497n5tza-virus259.dll
c:\windows\1053s5ar9z2845.bin
c:\windows\10553woz9313.bin
c:\windows\10679zot5a-virus127.dll
c:\windows\10769z5rse367.cpl
c:\windows\108z5virus39f9.dll
c:\windows\109095rojzb6.exe
c:\windows\10928spazb5t55b.exe
c:\windows\11065t5oj44z9.dll
c:\windows\11128n59-z-virus51.dll
c:\windows\1114s9yware3z5.cpl
c:\windows\11385haz9tool1e5.bin
c:\windows\1154z9pamb5t9e.bin
c:\windows\11574no9-5-virus3aez.dll
c:\windows\11689z51391.ocx
c:\windows\1196no5-a-zirus4e5.cpl
c:\windows\11a5vi95z.ocx
c:\windows\12270no5-a-9iruz216.exe
c:\windows\12439not-a-vzrus5fb.dll
c:\windows\12513not-a-virz939b.dll
c:\windows\12583hazk9ool2dd.dll
c:\windows\128zaddware5984.ocx
c:\windows\1293thi59z061.dll
c:\windows\12964t5zj67d9.bin
c:\windows\12b6b5c9zoor2895.ocx
c:\windows\13295not-a-9irus42z.exe
c:\windows\136dste951833z.cpl
c:\windows\1375addw9rez656.ocx
c:\windows\1435z9roj187.cpl
c:\windows\1476ad59are925z.bin
c:\windows\14794spy5z1.ocx
c:\windows\147z5virusb95.bin
c:\windows\14947no9-z-virus335.dll
c:\windows\14988wo5m6z9.exe
c:\windows\14b25ownloadzr99.bin
c:\windows\1503virz9210.exe
c:\windows\15072not-a-vz5us988.dll
c:\windows\15075hac9t5ol21z.bin
c:\windows\15083z9y4db.exe
c:\windows\1517z5orm1c59.exe
c:\windows\15180s5amb9t3zc.dll
c:\windows\15245tzo969d5.cpl
c:\windows\152709roj3cz.bin
c:\windows\153119rzje4.ocx
c:\windows\15347zroj3795.dll
c:\windows\15659viruz6f.exe
c:\windows\1590wzr9530.bin
c:\windows\15948tro925bz.bin
c:\windows\15959viru55az.ocx
c:\windows\15972t5zj32a.bin
c:\windows\159fa9d5are1922z.dll
c:\windows\15b9spzware935.cpl
c:\windows\15z77spy297.dll
c:\windows\16054zroj3539.cpl
c:\windows\160645zrus943.bin
c:\windows\161f5i9218z.dll
c:\windows\16218s5ambotz869.cpl
c:\windows\162659py3e3z.ocx
c:\windows\16476not-a-ziru93875.ocx
c:\windows\16550spambzt796.dll
c:\windows\166dthzeat95083.exe
c:\windows\1695z5orm79b.bin
c:\windows\169rzj5555.bin
c:\windows\16aaddwaze905.cpl
c:\windows\16z995ir9s4c.bin
c:\windows\17015hr9at758z.ocx
c:\windows\17105vzr9s492.bin
c:\windows\17159hzcktool8f.dll
c:\windows\1730zn5t9a-virus106.cpl
c:\windows\17582s596z6.exe
c:\windows\1759spyzar93855.cpl
c:\windows\17747v59usz56.bin
c:\windows\17759not-a-virzs7ac.bin
c:\windows\1784vi9us5bz.exe
c:\windows\17895hacktozlab.cpl
c:\windows\17935wzrm1a5.cpl
c:\windows\17975spam5otz2.ocx
c:\windows\17z5thief99.exe
c:\windows\1804795rmze9.cpl
c:\windows\183z9sp93c35.exe
c:\windows\18549tzoj6549.ocx
c:\windows\18826troj5z59.exe
c:\windows\18949not-a-vi5us24az.ocx
c:\windows\191zstea5698.bin
c:\windows\193275iruz219.cpl
c:\windows\19339zpamb5t15a.dll
c:\windows\193599py71z.cpl
c:\windows\1939thr95t1z050.cpl
c:\windows\194155acktozl676.ocx
c:\windows\19633wo5z2d5.cpl
c:\windows\19773noz-59virus5bc.exe
c:\windows\199fad5wa9e1z82.exe
c:\windows\19aazparse2050.ocx
c:\windows\19ac5ownload9r101z.ocx
c:\windows\19azthr5at25626.dll
c:\windows\19bthr5zt19352.bin
c:\windows\19fath5ef3z09.ocx
c:\windows\1a69threaz19450.bin
c:\windows\1ab8a9dwarz2605.ocx
c:\windows\1b68steaz9005.ocx
c:\windows\1ccdspy9are23z35.exe
c:\windows\1d5zs9yware976.cpl
c:\windows\1dz9spywar566.exe
c:\windows\1e5zvi516809.bin
c:\windows\1ea09pazs5841.cpl
c:\windows\1ez9steal5255.bin
c:\windows\1f1dsp5rse296z.bin
c:\windows\1fb8tz9ef11175.ocx
c:\windows\1z005t9o57a1.ocx
c:\windows\1z05ba5kdoor1793.dll
c:\windows\1z501hack9ool1c1.bin
c:\windows\1z697w5rm4b69.exe
c:\windows\1z861sp5mbot6d9.bin
c:\windows\1z8e9parse2305.exe
c:\windows\1z94downlo5der196.ocx
c:\windows\1za0backd5or9966.ocx
c:\windows\2003zworm59b.exe
c:\windows\202bdow5loadz92210.dll
c:\windows\202fspywa952260z.cpl
c:\windows\20434not-z-v9r5s188.bin
c:\windows\20591zpy4ab.ocx
c:\windows\2096dzwnlo5der352.cpl
c:\windows\2119threzt95296.bin
c:\windows\2128adzwa9e2385.bin
c:\windows\2129vi9uz505.exe
c:\windows\21555t9zj7e5.bin
c:\windows\21b5zpyw5re25849.exe
c:\windows\21b9steal5644z.exe
c:\windows\21z319ackto5l682.dll
c:\windows\21z58trojc9.dll
c:\windows\2205vir159z.cpl
c:\windows\22060not-a5v9zus390.cpl
c:\windows\22095nzt-a-viru595.ocx
c:\windows\220hac9zoo57cf.cpl
c:\windows\220zw5rm39e.bin
c:\windows\224445o9-a-virus24z.ocx
c:\windows\22532s5amboz9c8.exe
c:\windows\226fv5r1z139.exe
c:\windows\22820hazktool6c59.exe
c:\windows\22859z5am9ot517.dll
c:\windows\22952zpambot2ad.dll
c:\windows\22z6not-a-virus559.ocx
c:\windows\23345szy9a95.bin
c:\windows\2347995rm7z5.exe
c:\windows\23499zpy6265.bin
c:\windows\23596trojz1.bin
c:\windows\235ezparse27099.exe
c:\windows\23954ha9ktool7zd.bin
c:\windows\23z1spambo5397.exe
c:\windows\24239v5rus1z8.exe
c:\windows\24360spa95ot4za.ocx
c:\windows\2449spyz59.bin
c:\windows\2451troj56z9.exe
c:\windows\24539zi5us56a9.exe
c:\windows\2497not-a9vzrus1195.bin
c:\windows\24z85not-a-vi59s67e.bin
c:\windows\25059tr9j6dz.ocx
c:\windows\25195ir10z59.bin
c:\windows\2536z5orm39a.ocx
c:\windows\25496trojze9.bin
c:\windows\25539spamzot689.bin
c:\windows\25586s9y45z.cpl
c:\windows\2558zspy1fe9.bin
c:\windows\255astea92278z.bin
c:\windows\25729tr5j591z.bin
c:\windows\25869ha5ktooz456.ocx
c:\windows\25915hreat32081z.ocx
c:\windows\259395yware5z.exe
c:\windows\25953spz41c.exe
c:\windows\25978trzj496.exe
c:\windows\2597viz2515.exe
c:\windows\259c5zief2892.exe
c:\windows\259pyz9e.cpl
c:\windows\25z1addware5249.bin
c:\windows\26203hac9tool71z5.ocx
c:\windows\26256h9cktozl49d.cpl
c:\windows\26262viruz5b9.bin
c:\windows\262z795rm425.exe
c:\windows\26311not-5-vir9s9z.ocx
c:\windows\263625py79dz.exe
c:\windows\26591spy577z.cpl
c:\windows\26671viru96zf5.dll
c:\windows\2678sp5zbot50b9.dll
c:\windows\26850hacktoo5z93.dll
c:\windows\26bz5ow9loader2043.ocx
c:\windows\26zadownloa5er9214.cpl
c:\windows\2706spa5sez697.exe
c:\windows\27091ha9ztool51b.exe
c:\windows\270z9not9a-virus25e5.cpl
c:\windows\27135vizus49e.ocx
c:\windows\2715zwor5937.cpl
c:\windows\27201s9a5bot5az.exe
c:\windows\27296zacktool9a5.dll
c:\windows\272da9dza5e1048.cpl
c:\windows\2744virz5599.ocx
c:\windows\2753thz9a514786.exe
c:\windows\275z5spy51e9.exe
c:\windows\27855spzm5ot1a9.cpl
c:\windows\279339ro54c5z.ocx
c:\windows\27944vizu59.ocx
c:\windows\279z5s5y3a5.bin
c:\windows\27z4t5ief593.ocx
c:\windows\2818zpy7589.ocx
c:\windows\28195tr9z25d.exe
c:\windows\281downlo9der2z54.ocx
c:\windows\28569zo5m13a9.dll
c:\windows\2869zworm551.bin
c:\windows\28795wzrm4669.ocx
c:\windows\2883s9yzare30925.cpl
c:\windows\28962nzt-a-vir9s185.exe
c:\windows\2898not-az5irus59b.ocx
c:\windows\29060not-5-virusz29.ocx
c:\windows\2910spzrse5376.ocx
c:\windows\2912not-z9virus52e5.dll
c:\windows\291not-a-vizus97e5.cpl
c:\windows\29473vizus459.exe
c:\windows\2965spazse5940.bin
c:\windows\298aad5warz3069.dll
c:\windows\298dbackdoor5793z.cpl
c:\windows\29945or97dz.ocx
c:\windows\2999spyz5f.exe
c:\windows\299cs59al2465z.exe
c:\windows\29d4addzare27705.cpl
c:\windows\29z49py5are48.cpl
c:\windows\29z55spambot558.dll
c:\windows\29z70spambotd59.bin
c:\windows\2b215ackdoo97z4.cpl
c:\windows\2b32s9arse1915z.exe
c:\windows\2b56thief91z5.ocx
c:\windows\2b9fste5l10z5.exe
c:\windows\2cf1backdoor5z91.bin
c:\windows\2cf1s9ealz785.bin
c:\windows\2cz5t9ief566.dll
c:\windows\2d1evzr9252.cpl
c:\windows\2d45s5ea9z54.exe
c:\windows\2e15tz95f491.dll
c:\windows\2e6z9ow5loader2718.dll
c:\windows\2ee5backdoo92z57.dll
c:\windows\2f99zpywar5150.dll
c:\windows\2fa69hrez511750.ocx
c:\windows\2z108spambot519.dll
c:\windows\2z594worm753.ocx
c:\windows\2z642spy5e9.dll
c:\windows\2z71s5am9ot3f8.exe
c:\windows\2z95downloader1349.dll
c:\windows\30053spa5bot4f9z.ocx
c:\windows\30195zroj9645.cpl
c:\windows\30210worm3z95.cpl
c:\windows\30221h5cktoo919dz.dll
c:\windows\302809oz-a-5irus13e.bin
c:\windows\302z5h5ckt9ol157.exe
c:\windows\30859zpamb597af.bin
c:\windows\30884wo9m65z5.exe
c:\windows\30907s5amb9t28ez.bin
c:\windows\3091spazbo53bc.bin
c:\windows\3091zack5ool69f.cpl
c:\windows\3095s9arse22z4.cpl
c:\windows\30z75not-9-virus97.cpl
c:\windows\31141vir9sz35.exe
c:\windows\3129s5eal3z8.bin
c:\windows\315zpy5895.exe
c:\windows\31802spamboz4759.ocx
c:\windows\3197zworm48d5.dll
c:\windows\32062spam5ot69z.exe
c:\windows\32119zo5m15e.exe
c:\windows\32552virus91fz.ocx
c:\windows\32695t5ojzc7.exe
c:\windows\3299spam5otzf3.ocx
c:\windows\32z90vi5us561.ocx
c:\windows\3300sp95arz1981.ocx
c:\windows\3314zpy5are6549.ocx
c:\windows\3412bzck9o5r2074.bin
c:\windows\3460hacktool459z.bin
c:\windows\3491zackto5l291.bin
c:\windows\3502virus539z.cpl
c:\windows\350ddownlzader2879.cpl
c:\windows\3539thrza518194.dll
c:\windows\3544zsp9mbot233.dll
c:\windows\35679pamboz5cc.bin
c:\windows\3568spzmbot5bf9.exe
c:\windows\3579zo9m1d8.ocx
c:\windows\3597spazbot57c.cpl
c:\windows\35a9pyware1845z.bin
c:\windows\35bdspa9z52725.exe
c:\windows\35c5thi9fz678.ocx
c:\windows\35z4thie91054.dll
c:\windows\3629th59f28z4.cpl
c:\windows\3696spar5e2z7.ocx
c:\windows\369athief755z.cpl
c:\windows\3704vi53z269.ocx
c:\windows\37b9addwz9e1550.dll
c:\windows\384dad5w9rez900.exe
c:\windows\3855viruz79a9.cpl
c:\windows\3858down5oader1z399.bin
c:\windows\3893not-azv5rus672.exe
c:\windows\3905z5orm503.ocx
c:\windows\39315nzt-5-virus62d.ocx
c:\windows\3954szy30e5.ocx
c:\windows\395zw9rm6f4.bin
c:\windows\39600wozm225.dll
c:\windows\39b6spy9zre593.bin
c:\windows\39f4z9dw5re2464.dll
c:\windows\3a12zddw9re9745.dll
c:\windows\3aa1add9are250z.ocx
c:\windows\3ae0s5ywa9ez103.cpl
c:\windows\3az5sparse1090.bin
c:\windows\3b2ad9wnloz5er2811.dll
c:\windows\3bbcdo5n9oazer714.dll
c:\windows\3bbddo5zl9ader2692.bin
c:\windows\3c01downloz9e52277.exe
c:\windows\3ca9thiez24525.exe
c:\windows\3d22spa5s9z608.dll
c:\windows\3e9fspyware25z9.cpl
c:\windows\3ecaszeal695.dll
c:\windows\3fdft5izf2923.cpl
c:\windows\3ffezp9ware5908.dll
c:\windows\3z5295pambot4f4.exe
c:\windows\3z5599roj30e.cpl
c:\windows\3z995ir1190.bin
c:\windows\3za59ir9935.ocx
c:\windows\3zb3th5e92457.dll
c:\windows\3zf2s5yware499.bin
c:\windows\4039steal3575z.ocx
c:\windows\4058vi557z9.ocx
c:\windows\413cth9eat5z843.dll
c:\windows\415bspyware9z9.ocx
c:\windows\4179zddware1445.cpl
c:\windows\4182spzmbot5229.bin
c:\windows\4256tro9213z.cpl
c:\windows\42a2s5eaz9275.dll
c:\windows\42z0not-a95irus279.exe
c:\windows\4379wormz15.ocx
c:\windows\437cs5arse896z.cpl
c:\windows\439dd9wnzoad5r2748.exe
c:\windows\43f5virz8849.bin
c:\windows\440z9teal1539.dll
c:\windows\4429a5dware25z4.cpl
c:\windows\444d9ownzo5der1661.exe
c:\windows\4455not-9zvirus7c0.exe
c:\windows\44zbs9eal2045.cpl
c:\windows\44ze9ackdoo5507.cpl
c:\windows\451hz5kto9l4d2.exe
c:\windows\45405hreat1z699.ocx
c:\windows\4541d9wn5oaderz070.bin
c:\windows\4554do5nloa9er146z.ocx
c:\windows\4578threat25z239.dll
c:\windows\457edownloa59r836z.ocx
c:\windows\4591spy5az.cpl
c:\windows\4596zroj4f5.cpl
c:\windows\45a3s95az513.bin
c:\windows\45d5th9ez2073.cpl
c:\windows\45d6dowzloade99685.bin
c:\windows\45e9steaz428.ocx
c:\windows\45zb5ddw9re2917.exe
c:\windows\4635downloadez9485.exe
c:\windows\4673tz9j750.bin
c:\windows\4795steal2509z.dll
c:\windows\4896dzwn9oader19095.ocx
c:\windows\4959spy9z5.bin
c:\windows\495a9dwzre1296.bin
c:\windows\496adzware32485.dll
c:\windows\4993addwarz1051.exe
c:\windows\499fzhief24515.cpl
c:\windows\49b9threaz21556.dll
c:\windows\49bead9w5re5z.dll
c:\windows\49cdaddwarez435.bin
c:\windows\4a195hi9f2294z.bin
c:\windows\4b1dbackz9o51940.exe
c:\windows\4b1s9a5se8z2.exe
c:\windows\4b5cdown9oader38z.bin
c:\windows\4bf9zhr5at19022.bin
c:\windows\4c879hi5f1958z.exe
c:\windows\4cd05ddware239z.dll
c:\windows\4e35ddw9re1315z.dll
c:\windows\4e47zpywa9e1105.ocx
c:\windows\4eectzr9at5054.exe
c:\windows\500fdo5nloadez963.exe
c:\windows\5051spzware25689.cpl
c:\windows\506zhief9556.bin
c:\windows\5073trzj394.ocx
c:\windows\5078zspy59f.exe
c:\windows\50f5t9reaz17017.ocx
c:\windows\515zspywa9e3172.cpl
c:\windows\5195parz93062.ocx
c:\windows\51f9thzeat27016.bin
c:\windows\51z97spambo9105.dll
c:\windows\5207w9rmzb5.cpl
c:\windows\5215dowzloader9179.cpl
c:\windows\5267szy39d9.dll
c:\windows\5270backd9or578z.cpl
c:\windows\5290n5t-a-vir9s447z.ocx
c:\windows\529za5dware1544.bin
c:\windows\52afz9ief1524.cpl
c:\windows\52cz95r2938.dll
c:\windows\52dczp9rse509.bin
c:\windows\52z8addw9re2961.cpl
c:\windows\52z9downloader3053.dll
c:\windows\53acspy9arz988.cpl
c:\windows\54d9a5dwarz1697.bin
c:\windows\54fzth5ef13039.ocx
c:\windows\550steaz3915.bin
c:\windows\5513not-a-9iruz7c6.cpl
c:\windows\5538thiez997.cpl
c:\windows\554dste9l1127z.cpl
c:\windows\55529ir12z.dll
c:\windows\5555bac9zoor1973.bin
c:\windows\5567downloader29z.dll
c:\windows\5580zi9us516.exe
c:\windows\55884s9y63z.exe
c:\windows\5592trojz355.dll
c:\windows\5593zd9ware2533.exe
c:\windows\5595hac5tool3zf.dll
c:\windows\55999zpya8.cpl
c:\windows\559ethief23z4.ocx
c:\windows\55a6vzr95.dll
c:\windows\55z18worm93.exe
c:\windows\55z1addwar9813.exe
c:\windows\5639no5-9-virus2z4.dll
c:\windows\5652thre9z20307.bin
c:\windows\56691trzj78a.cpl
c:\windows\56740szy2f9.dll
c:\windows\56925pyzc9.cpl
c:\windows\5695no9-azvirus53d.bin
c:\windows\56aazhief297.bin
c:\windows\56fcs5arsz8529.bin
c:\windows\56zfvir6895.bin
c:\windows\5726thre9t17505z.cpl
c:\windows\57295hie931z7.exe
c:\windows\5755trzj59e.cpl
c:\windows\575cbackdoor9535z.cpl
c:\windows\578za9dwa5e1478.ocx
c:\windows\57985szy465.dll
c:\windows\5798spazse1949.exe
c:\windows\57995troj4z6.exe
c:\windows\57b9downl5adzr13189.ocx
c:\windows\58429spam9zt148.cpl

Re: win blue soft HELP30th May 2009, 11:39 pm

c:\windows\5855stea9286z.ocx
c:\windows\5873hackto9l2z2.bin
c:\windows\5883sp95are18z4.bin
c:\windows\589559irus2fcz.cpl
c:\windows\58azba9kdoor1854.bin
c:\windows\58d8spz59re1233.bin
c:\windows\5908sp95bzt2d.bin
c:\windows\591229irusze.bin
c:\windows\5926steal31z25.bin
c:\windows\5943spy259z.exe
c:\windows\59596zroj601.cpl
c:\windows\5960thzeat240975.ocx
c:\windows\5968th9zat5180.bin
c:\windows\596zspars93055.cpl
c:\windows\59749te5l360z.dll
c:\windows\5975thizf2487.bin
c:\windows\5978ztroj2dc.bin
c:\windows\597dst5zl22509.bin
c:\windows\5989dow9loadez1573.dll
c:\windows\598db9ckdoor27z.dll
c:\windows\59949ot-z-virus456.bin
c:\windows\5997hzcktool159.dll
c:\windows\59a6addware6z65.bin
c:\windows\59z9s5ywar92832.dll
c:\windows\5a6c9zarse13815.exe
c:\windows\5a6dbzck5oor429.ocx
c:\windows\5aadspy9are2z58.cpl
c:\windows\5ae9szarse2318.dll
c:\windows\5b24backdzor16569.bin
c:\windows\5b5dbackd9orz81.cpl
c:\windows\5b82d9wnloadzr415.cpl
c:\windows\5c8athreat25890z.exe
c:\windows\5cb8spaz9e3156.dll
c:\windows\5d39addwarz2557.bin
c:\windows\5d3addwz5e29779.cpl
c:\windows\5d4dadz9are1960.ocx
c:\windows\5d91thizf3253.bin
c:\windows\5d9zvir2844.dll
c:\windows\5da4stzal1092.dll
c:\windows\5dfadzwa9e866.ocx
c:\windows\5e335zre9t22122.exe
c:\windows\5e36thief59z.dll
c:\windows\5e39zparse2705.exe
c:\windows\5e42t5ief4z19.bin
c:\windows\5e4tzi5f3967.ocx
c:\windows\5e6zs5e9l1310.ocx
c:\windows\5e9ethreat7z76.ocx
c:\windows\5f06b9ckdooz1768.bin
c:\windows\5f3athr9at72z2.bin
c:\windows\5f9czackdoor5045.cpl
c:\windows\5fd79aczdo5r204.ocx
c:\windows\5fz9spa5se2085.cpl
c:\windows\5z0s5arse31029.bin
c:\windows\5z1avir18959.exe
c:\windows\5z3esteal9379.dll
c:\windows\5z48tro94705.dll
c:\windows\5z5595eal2710.exe
c:\windows\5z68b5ckdoor939.exe
c:\windows\5z9dthreat6515.cpl
c:\windows\5zd4thi5f9856.dll
c:\windows\6047st5al559z.exe
c:\windows\6085st95l2950z.bin
c:\windows\6093zir2055.dll
c:\windows\60zbvir95.ocx
c:\windows\6132tz59478.ocx
c:\windows\6159wo5mz23.ocx
c:\windows\618dad5ware9z60.exe
c:\windows\6198spamzot59b.ocx
c:\windows\6221downlza5er759.cpl
c:\windows\6235v9rz419.exe
c:\windows\62739py4d5z.exe
c:\windows\635zthreat29953.dll
c:\windows\6399nzt-a-vi9us59.dll
c:\windows\63a9v5r2008z.ocx
c:\windows\64f5thiez19935.ocx
c:\windows\6552a9dware1995z.cpl
c:\windows\655b5h9ef17z8.ocx
c:\windows\658zspars9369.cpl
c:\windows\6597spyware7z5.exe
c:\windows\65b9spazs53098.cpl
c:\windows\6652zpy5859.cpl
c:\windows\6659wzrm17d5.bin
c:\windows\6693viz5999.bin
c:\windows\6696sp5w9ze59.cpl
c:\windows\6703hacktz593e0.dll
c:\windows\676zspy935.exe
c:\windows\679cthr5at22479z.bin
c:\windows\67e4b9ckdozr1750.dll
c:\windows\67e9stea5415z.cpl
c:\windows\6855zpyware9950.exe
c:\windows\6859downzoader4595.dll
c:\windows\68949ot-z-vi5us50f.cpl
c:\windows\691cthre5tz9939.dll
c:\windows\694threat25z495.bin
c:\windows\6956downloazer14859.cpl
c:\windows\6999adzware540.dll
c:\windows\69e9bac5door1z80.bin
c:\windows\69z5threat16498.bin
c:\windows\6a2bthi591036z.cpl
c:\windows\6a68sp5rze2989.exe
c:\windows\6a6cbackd9z53183.dll
c:\windows\6a9hrez530735.bin
c:\windows\6c9asp5rsz1480.exe
c:\windows\6daas9eal512z.dll
c:\windows\6ddzaddw9re2552.ocx
c:\windows\6e35vir95z0.ocx
c:\windows\6e56spzr9e5065.dll
c:\windows\6e995hizf884.dll
c:\windows\6f19dow5lzader2094.bin
c:\windows\6f55thzeat9559.ocx
c:\windows\6f59zddware1576.bin
c:\windows\6z05hackto9l455.dll
c:\windows\6z289pars52547.bin
c:\windows\6z53addw9re695.cpl
c:\windows\70a09ddw5rz2354.cpl
c:\windows\70d59zyware1411.bin
c:\windows\70z2thief95.ocx
c:\windows\70zfthi9f3185.exe
c:\windows\71dathreat29z495.exe
c:\windows\7206w5rz595.cpl
c:\windows\7229not-z9vir5s3d3.cpl
c:\windows\72z9t5oj670.dll
c:\windows\730f9pa5se9z2.cpl
c:\windows\7339pz1b5.exe
c:\windows\7351viruz5d95.bin
c:\windows\73c15ow9loazer495.bin
c:\windows\7425hac9zool753.ocx
c:\windows\7480tro5zae9.dll
c:\windows\748vzrus9615.cpl
c:\windows\74a5b95kdozr3143.cpl
c:\windows\74z5thi95949.bin
c:\windows\7505hack5ozl9df.ocx
c:\windows\7516not-a-zir9s554.exe
c:\windows\75595hzef9424.exe
c:\windows\756st9al6z5.ocx
c:\windows\75a3s5yware39z4.dll
c:\windows\75c5adzwar91044.cpl
c:\windows\76359ackdoor28z1.ocx
c:\windows\765zsteal16349.dll
c:\windows\76spambzt595.ocx
c:\windows\7712downlozde93105.bin
c:\windows\7727s9ywarz5435.cpl
c:\windows\7729viz1256.cpl
c:\windows\776a95zare3156.cpl
c:\windows\77a5s9az5e109.dll
c:\windows\77c39ownzoade51160.cpl
c:\windows\7890h5ck9zolc3.cpl
c:\windows\7907not-a-vzr9s7b35.exe
c:\windows\7909threzt22555.cpl
c:\windows\7919spzware19945.ocx
c:\windows\7933ha9ktzo571c.cpl
c:\windows\7945zteal2090.dll
c:\windows\7959thizf2559.dll
c:\windows\798adownl9azer1158.ocx
c:\windows\79a1back5oor1942z.ocx
c:\windows\79a8s5ywaze37.exe
c:\windows\79cthief15z5.bin
c:\windows\7a2a5zea996.ocx
c:\windows\7az9stea51972.ocx
c:\windows\7ba7addwa9e2z325.ocx
c:\windows\7badspy9arz597.dll
c:\windows\7c43sp95arz189.bin
c:\windows\7c695zyware456.dll
c:\windows\7c7ddownzoad5r4239.bin
c:\windows\7c85zpars92247.cpl
c:\windows\7c94ztea51052.cpl
c:\windows\7d13dow9loaze52204.exe
c:\windows\7d52th9zf1254.ocx
c:\windows\7d89thi9f5957z.cpl
c:\windows\7dc7down9ozder1557.ocx
c:\windows\7e315ddwaze1959.ocx
c:\windows\7e5fbac95ozr1010.exe
c:\windows\7ebebackd5oz294.bin
c:\windows\7f33vi9z533.exe
c:\windows\7f67zhreat239515.dll
c:\windows\7fdzthreat119559.bin
c:\windows\7z35ha95tool6d7.cpl
c:\windows\7z575ormf99.dll
c:\windows\7z859teal543.exe
c:\windows\7ze5v9r440.exe
c:\windows\80529orm4ez5.cpl
c:\windows\8056tr5z1d99.exe
c:\windows\8064s95mbotz5b.bin
c:\windows\8189not-5-virus921z.exe
c:\windows\83469pambzt6a5.bin
c:\windows\84z7troj519.bin
c:\windows\8521worm59z.ocx
c:\windows\854troj79z.ocx
c:\windows\8593zorm399.exe
c:\windows\864down9zad5r2695.exe
c:\windows\8972zorm5cc9.dll
c:\windows\8997wor51z1.dll
c:\windows\89zsparse93475.dll
c:\windows\8a7dowz5oad9r1572.bin
c:\windows\8z56spy5739.dll
c:\windows\908vir5s585z.bin
c:\windows\9093wor58z.ocx
c:\windows\9119s5ambot1z8.exe
c:\windows\91292not-a-virzs415.bin
c:\windows\9152noz-a-v5rusc9.bin
c:\windows\91537troj6z5.exe
c:\windows\91912tzoj6f55.dll
c:\windows\9197back5zor1247.exe
c:\windows\9211zt5oj7ff.cpl
c:\windows\9255addwar5102z.cpl
c:\windows\93157spy35z5.dll
c:\windows\9359szamb9t664.cpl
c:\windows\93937spamb5z221.cpl
c:\windows\93b1v5r232z.cpl
c:\windows\93c8vir1z55.ocx
c:\windows\940woz5950.cpl
c:\windows\94449troj555z.cpl
c:\windows\94bspzw5re1784.exe
c:\windows\94edaddwa5ez22.exe
c:\windows\9501sp5mbot4z.cpl
c:\windows\95045ro91dz.dll
c:\windows\952z9spambot2e6.exe
c:\windows\9569backzoor3033.cpl
c:\windows\95910spazb5t69e.exe
c:\windows\9596zroj366.bin
c:\windows\95bthrzat9485.dll
c:\windows\95f5threzt814.bin
c:\windows\95zthief2219.dll
c:\windows\9639w5rmze.exe
c:\windows\9658thiefz858.dll
c:\windows\96a5downloader2z63.ocx
c:\windows\96d2steal153z.dll
c:\windows\96e7vir58z3.exe
c:\windows\9791sp56ez.ocx
c:\windows\97d5zteal639.dll
c:\windows\97ezspywa5e2353.exe
c:\windows\97fspar9e1z285.bin
c:\windows\98229py5z4.cpl
c:\windows\9826virusze5.ocx
c:\windows\9841zs5ambot7aa.ocx
c:\windows\985szambot94d5.dll
c:\windows\986z5iru95bc.exe
c:\windows\9905spa5b9t6d7z.cpl
c:\windows\99538w5rm2bz.bin
c:\windows\9955hz5ktool19b.bin
c:\windows\9955hzcktool6c9.exe
c:\windows\997145zambot189.exe
c:\windows\99z1t5oj208.bin
c:\windows\9a9v9r72z5.ocx
c:\windows\9acb5hief991z.ocx
c:\windows\9adaa5zware2934.cpl
c:\windows\9c9adownloader592z.cpl
c:\windows\9cfthi5fz920.exe
c:\windows\9cz7spywar5894.cpl
c:\windows\9e33s5ywzre1159.bin
c:\windows\9f8v9r6z25.ocx
c:\windows\9f92thiefz1585.cpl
c:\windows\9z285spy495.bin
c:\windows\9zebsp5rse2585.cpl
c:\windows\a5zth9eat31151.cpl
c:\windows\a7s5y9are882z.cpl
c:\windows\a95spywarez19.bin
c:\windows\abc9ackzoor1145.ocx
c:\windows\b53bzckdoor3982.ocx
c:\windows\bba5pz9are1431.dll
c:\windows\cf3a9d5are1145z.cpl
c:\windows\cz35ownloa9er2267.dll
c:\windows\d7bsparze1599.dll
c:\windows\df9stzal359.exe
c:\windows\e1es5z9are467.dll
c:\windows\e9zdown5o9der8.bin
c:\windows\f1da9d5arz1337.cpl
c:\windows\f89vir5z01.dll
c:\windows\ff6t5i9z917.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\100029pzmbot35.cpl
c:\windows\system32\10217not-a5virzs2549.dll
c:\windows\system32\10499spazbot5f05.bin
c:\windows\system32\105079acztool358.dll
c:\windows\system32\10599spy6z15.dll
c:\windows\system32\10792s59362z.dll
c:\windows\system32\10935wo5m2f5z.exe
c:\windows\system32\10b5tzal2293.exe
c:\windows\system32\10z79wormf5.dll
c:\windows\system32\10z8worm5379.dll
c:\windows\system32\11289ownloa5erz443.dll
c:\windows\system32\112z9spambo535e9.ocx
c:\windows\system32\11523tzoj7a19.exe
c:\windows\system32\11909not5a-virusz19.cpl
c:\windows\system32\12025h9cktooz64.exe
c:\windows\system32\121az9dware9685.bin
c:\windows\system32\12597wozm54c.cpl
c:\windows\system32\125z4ha9ktool470.bin
c:\windows\system32\12792spamzo573a.cpl
c:\windows\system32\12795trz5755.cpl
c:\windows\system32\129059ot-a-vizus3b75.bin
c:\windows\system32\13298spamb5t5za.bin
c:\windows\system32\13645t5oz529.ocx
c:\windows\system32\13855wzr9656.bin
c:\windows\system32\13983zirus53c.bin
c:\windows\system32\13adbackd59r3z4.exe
c:\windows\system32\13z68s9ambot253.ocx
c:\windows\system32\14193hazktool53c9.ocx
c:\windows\system32\1431thre5z15109.ocx
c:\windows\system32\14401spz593.cpl
c:\windows\system32\14e9downloa9er5z0.cpl
c:\windows\system32\14z94virus795.ocx
c:\windows\system32\151z99py2b5.cpl
c:\windows\system32\15213woz56a99.cpl
c:\windows\system32\152969py65z.bin
c:\windows\system32\15299hzef2635.exe
c:\windows\system32\15490wo9m3z3.exe
c:\windows\system32\15531z5rm76d9.exe
c:\windows\system32\1553hacktooz709.ocx
c:\windows\system32\1555zpam9ot4eb.cpl
c:\windows\system32\15741wormzb59.ocx
c:\windows\system32\15841hackz5o970a.ocx
c:\windows\system32\15859troj90z.bin
c:\windows\system32\15a2stealz92.bin
c:\windows\system32\15z109o5m40f.exe
c:\windows\system32\15z6steal9729.ocx
c:\windows\system32\1619vir5s68cz.cpl
c:\windows\system32\1656spy9aze889.dll
c:\windows\system32\16952hzcktool340.dll
c:\windows\system32\16969v5zus379.dll
c:\windows\system32\16z43not5a-9irus14c.ocx
c:\windows\system32\17061wor5z079.dll
c:\windows\system32\170threat2580z9.exe
c:\windows\system32\17550not-a-viruz956.dll
c:\windows\system32\17617za95tool3dc.dll
c:\windows\system32\17859spzmbot565.bin
c:\windows\system32\17980viz5s5e8.dll
c:\windows\system32\17e5szyware8589.dll
c:\windows\system32\17z31spambot99b5.cpl
c:\windows\system32\18539n9t5a-virusz5d.dll
c:\windows\system32\185vz92359.ocx
c:\windows\system32\18672zirus459.cpl
c:\windows\system32\186z35py91.dll
c:\windows\system32\1895stea52658z.exe
c:\windows\system32\18b0spars91z125.ocx
c:\windows\system32\18b9hie5z992.ocx
c:\windows\system32\18fddowzloade95355.exe
c:\windows\system32\18z20n9t-a-vir5s733.dll
c:\windows\system32\19079zirus55.bin
c:\windows\system32\1916hazkt5ol908.ocx
c:\windows\system32\19175virus95z.bin
c:\windows\system32\19196hackto5l9z.dll
c:\windows\system32\19202z9y55c.ocx
c:\windows\system32\19281t5oj398z.ocx
c:\windows\system32\19385not-a-v5rus9zd.bin
c:\windows\system32\19394wo5z7c3.cpl
c:\windows\system32\1955worm6f4z.cpl
c:\windows\system32\1956zddware2932.bin
c:\windows\system32\1958downloadez2055.bin
c:\windows\system32\195999roj7bz.bin
c:\windows\system32\195thief19z0.cpl
c:\windows\system32\19639not-azvirus6b85.ocx
c:\windows\system32\197609irus5dz.ocx
c:\windows\system32\1979down5oader2z31.ocx
c:\windows\system32\19805zirus50a.ocx
c:\windows\system32\198z55pambot468.cpl
c:\windows\system32\1991ztroj259.cpl
c:\windows\system32\1995thief1z93.cpl
c:\windows\system32\19999w5rm4az.bin
c:\windows\system32\199bz9r1975.exe
c:\windows\system32\19ebdo5nloaderz018.bin
c:\windows\system32\19z73vir5s206.dll
c:\windows\system32\1a85zownl9ader3177.ocx
c:\windows\system32\1adethi952z43.exe
c:\windows\system32\1azedown5oader933.exe
c:\windows\system32\1b15b9ckdooz3095.dll
c:\windows\system32\1b55addware5190z.exe
c:\windows\system32\1ba09parse51z5.dll
c:\windows\system32\1bae9p5rsez969.dll
c:\windows\system32\1bz2backd9or885.exe
c:\windows\system32\1bz6sparse97185.cpl
c:\windows\system32\1c5fa9dware31z9.cpl
c:\windows\system32\1cf3downloadez559.exe
c:\windows\system32\1db7ba9zdo5r219.ocx
c:\windows\system32\1ed5h9ef828z.exe
c:\windows\system32\1es59rse2258z.cpl
c:\windows\system32\1f8fvzr9685.bin
c:\windows\system32\1fz7spyware5399.cpl
c:\windows\system32\1z08vir15309.cpl
c:\windows\system32\1z09steal24785.cpl
c:\windows\system32\1z15s5arse1079.dll
c:\windows\system32\1z40095rus7ec.cpl
c:\windows\system32\1z403spa9b5t593.cpl
c:\windows\system32\1z51steal2909.ocx
c:\windows\system32\1zaaback9oor18625.exe
c:\windows\system32\1zc2a5dw9re1127.cpl
c:\windows\system32\20129vz5us4af9.bin
c:\windows\system32\20315w9rz4ed.ocx
c:\windows\system32\20407spamb5tz9.cpl
c:\windows\system32\20582worz7a9.exe
c:\windows\system32\207159iruz1d5.exe
c:\windows\system32\20851not-a-zirus7709.ocx
c:\windows\system32\209z1spy7715.cpl
c:\windows\system32\2103zwo5m309.ocx
c:\windows\system32\211bbacz95or709.cpl
c:\windows\system32\2124addwaze5379.ocx
c:\windows\system32\219105irus395z.bin
c:\windows\system32\21998spz5fa.exe
c:\windows\system32\21z76spy5905.cpl

Re: win blue soft HELP30th May 2009, 11:40 pm

c:\windows\system32\2206spamb95z0c.dll
c:\windows\system32\22476sp97ze5.cpl
c:\windows\system32\229009p5b2z.cpl
c:\windows\system32\22933v5rus2z4.bin
c:\windows\system32\22957hazk9ool549.ocx
c:\windows\system32\22z195ro94c4.exe
c:\windows\system32\23090hzck5ool7a8.bin
c:\windows\system32\23389spy5b4z.bin
c:\windows\system32\2338sp5rsez2679.ocx
c:\windows\system32\23554viru95zf.cpl
c:\windows\system32\23579szambot12.bin
c:\windows\system32\23585n9t-a-virusz35.dll
c:\windows\system32\237795pamb9t4cz.dll
c:\windows\system32\23965z9cktool535.exe
c:\windows\system32\2397ztro5146.bin
c:\windows\system32\23d8add5zr92697.ocx
c:\windows\system32\23z97troj1d35.exe
c:\windows\system32\2427virusz985.cpl
c:\windows\system32\243z65ot-a9virus310.ocx
c:\windows\system32\24559spzf9.ocx
c:\windows\system32\245c9hiez765.bin
c:\windows\system32\247f5parse1906z.ocx
c:\windows\system32\2484spz594.exe
c:\windows\system32\24893s5y276z.dll
c:\windows\system32\2489tro5zf9.exe
c:\windows\system32\24923v5rus6z1.bin
c:\windows\system32\24953spydz.dll
c:\windows\system32\24996hacktooz52.ocx
c:\windows\system32\25057spamzot9ed.ocx
c:\windows\system32\2509zrus245.cpl
c:\windows\system32\250bsteaz986.ocx
c:\windows\system32\253429o5m45z.cpl
c:\windows\system32\25419virus1ze.bin
c:\windows\system32\2541vz91004.dll
c:\windows\system32\25695szy599.exe
c:\windows\system32\25719troj2z9.dll
c:\windows\system32\25730sp91z5.bin
c:\windows\system32\257z5s5ambot2e49.cpl
c:\windows\system32\258475pambo92z4.exe
c:\windows\system32\2590t9ojaz.dll
c:\windows\system32\2592zspa5bo964.dll
c:\windows\system32\2593zvirus119.dll
c:\windows\system32\25950not-a-v9rus420z.exe
c:\windows\system32\25z9spars51269.cpl
c:\windows\system32\2604virz795.exe
c:\windows\system32\263z3spa5bot659.ocx
c:\windows\system32\26494z59j4ad.bin
c:\windows\system32\2653a9dwarez291.dll
c:\windows\system32\27009haczto5l17c.exe
c:\windows\system32\270129oz-a5virus4a9.dll
c:\windows\system32\273345a9ktzol60a.ocx
c:\windows\system32\27501troz229.exe
c:\windows\system32\27640hack59ol5z6.bin
c:\windows\system32\279759rusdz.cpl
c:\windows\system32\27fzs5eal2933.cpl
c:\windows\system32\27z3vi9us157.cpl
c:\windows\system32\280z5wor96ea.cpl
c:\windows\system32\28331hac9zool5e2.exe
c:\windows\system32\2907worm659z.ocx
c:\windows\system32\29110spa5bot4d0z.bin
c:\windows\system32\2912doznloader5429.dll
c:\windows\system32\29145vz5us907.cpl
c:\windows\system32\292029orz1f5.dll
c:\windows\system32\29252not-a-viru96f5z.ocx
c:\windows\system32\2925zackdoor3029.cpl
c:\windows\system32\293fspy59ze1301.bin
c:\windows\system32\29451zir9sf2.cpl
c:\windows\system32\29467zor56c9.dll
c:\windows\system32\2949notza-virus56b.ocx
c:\windows\system32\29542spyz8c.ocx
c:\windows\system32\2955zspambot5c7.cpl
c:\windows\system32\29579spambot2a5z.bin
c:\windows\system32\295dvir321z9.exe
c:\windows\system32\295es5arze684.bin
c:\windows\system32\295fazdwa9e2032.dll
c:\windows\system32\29620zroj5c2.exe
c:\windows\system32\2962zt5oj6b4.bin
c:\windows\system32\29655zo9-a-virus622.ocx
c:\windows\system32\29692hackto5l5bez.exe
c:\windows\system32\29703not-a-virusz995.ocx
c:\windows\system32\29707worz75.bin
c:\windows\system32\29751no9za-virus794.bin
c:\windows\system32\2976z9orm75f.cpl
c:\windows\system32\29791troj5z5.cpl
c:\windows\system32\29886spa5bot348z.dll
c:\windows\system32\298zback5oo91488.ocx
c:\windows\system32\29933worm3z5.ocx
c:\windows\system32\2999zworm552.cpl
c:\windows\system32\29z4downlo9der1785.exe
c:\windows\system32\29z935pambot629.ocx
c:\windows\system32\2c32sp5r9ez746.cpl
c:\windows\system32\2e115pywar9z19.exe
c:\windows\system32\2e35szars91570.exe
c:\windows\system32\2f9esparsz3205.exe
c:\windows\system32\2fzaadd59re1659.cpl
c:\windows\system32\2z455teal2129.ocx
c:\windows\system32\2z5079roj3bd.dll
c:\windows\system32\2z903virus599.exe
c:\windows\system32\2z992sp572a.ocx
c:\windows\system32\2z9eback5oor575.ocx
c:\windows\system32\303879ot5a-virus4c6z.bin
c:\windows\system32\30489not-z-viru596a.bin
c:\windows\system32\30625v9rus45z.cpl
c:\windows\system32\30797zr5j509.exe
c:\windows\system32\30904not-a-vzr5s203.exe
c:\windows\system32\30zcspyw9r52809.exe
c:\windows\system32\31051hack5zolb29.bin
c:\windows\system32\3110zv5rus29f.ocx
c:\windows\system32\3121thz5at18293.exe
c:\windows\system32\31287not-a9vizus435.ocx
c:\windows\system32\3148vzrus65e9.bin
c:\windows\system32\31512szy5d9.exe
c:\windows\system32\318559orm17z.dll
c:\windows\system32\31z79worm65e.exe
c:\windows\system32\31za9ir1405.cpl
c:\windows\system32\3209thzef1558.exe
c:\windows\system32\32359ownloader60z.dll
c:\windows\system32\32397t5zj570.cpl
c:\windows\system32\3241not-a95izus3f4.cpl
c:\windows\system32\326809p56z8.ocx
c:\windows\system32\32695spzmbot192.dll
c:\windows\system32\3296zspy4955.cpl
c:\windows\system32\32ddspzr5e1969.exe
c:\windows\system32\3317z5oj549.cpl
c:\windows\system32\3351szambot95.exe
c:\windows\system32\344not9a5vizus3d7.dll
c:\windows\system32\34ceba9kdoor160z5.dll
c:\windows\system32\34e1bzck9oor365.ocx
c:\windows\system32\3513zo5nloade92157.dll
c:\windows\system32\3552v9r1871z.bin
c:\windows\system32\35639orz5e8.exe
c:\windows\system32\35696not9a-viruz4d5.dll
c:\windows\system32\3579troj36cz.cpl
c:\windows\system32\35894zrojbf9.exe
c:\windows\system32\3591sp9rsz1354.dll
c:\windows\system32\35949not-a-viru92zf.ocx
c:\windows\system32\35985oznlo9der2926.dll
c:\windows\system32\359ct9zef203.dll
c:\windows\system32\35aetzief1769.cpl
c:\windows\system32\35da9ir23z1.dll
c:\windows\system32\35f0backdz5r359.cpl
c:\windows\system32\35z04s9y3e5.dll
c:\windows\system32\35zaddware22349.cpl
c:\windows\system32\36f5addw9rez99.exe
c:\windows\system32\373ft9reat58z34.ocx
c:\windows\system32\3755woz9c4.cpl
c:\windows\system32\375spzw9re3155.ocx
c:\windows\system32\378zthr5at9329.exe
c:\windows\system32\3877viru95b5z.ocx
c:\windows\system32\38fespyw5re17z9.exe
c:\windows\system32\3905zwormd15.ocx
c:\windows\system32\393abazk5oor1535.ocx
c:\windows\system32\3949zacktool5e8.dll
c:\windows\system32\396zhacktool5ba.dll
c:\windows\system32\39759ownloader30z5.ocx
c:\windows\system32\39b5viz1307.cpl
c:\windows\system32\3a88spzw9re555.exe
c:\windows\system32\3a8faddwaze9599.exe
c:\windows\system32\3a93s5yware951z.dll
c:\windows\system32\3aez5pyware1797.exe
c:\windows\system32\3afzsp5r9e605.bin
c:\windows\system32\3b59b5czdoor22469.bin
c:\windows\system32\3bab5i928z3.dll
c:\windows\system32\3d49down9oadez3058.bin
c:\windows\system32\3e195ownloadzr16099.dll
c:\windows\system32\3e37d5wnloader9z37.exe
c:\windows\system32\3e3dad5waze21249.cpl
c:\windows\system32\3eb3d5wnloazer1292.cpl
c:\windows\system32\3edfdownloa9zr5660.dll
c:\windows\system32\3f6cspazs93045.cpl
c:\windows\system32\3fc5ste95849z.dll
c:\windows\system32\3z39add5are1269.dll
c:\windows\system32\3z942sp5552.dll
c:\windows\system32\3z95ir2652.dll
c:\windows\system32\3zbasp9war51486.cpl
c:\windows\system32\401dzi91575.exe
c:\windows\system32\40cdaddw9rz18765.cpl
c:\windows\system32\4128tzi5f9286.ocx
c:\windows\system32\41295z9rse259.bin
c:\windows\system32\4155ha9ktzol775.cpl
c:\windows\system32\420aadd9are1z195.exe
c:\windows\system32\434s5eal91z.dll
c:\windows\system32\43549hizf222.exe
c:\windows\system32\435caddz9re450.cpl
c:\windows\system32\43f9hrez53.dll
c:\windows\system32\444zspar591564.bin
c:\windows\system32\44azba5kd9or2807.exe
c:\windows\system32\44azdow5lo9der1588.dll
c:\windows\system32\4550n5t9a-vzrus6e.dll
c:\windows\system32\45579hzef53.exe
c:\windows\system32\45669t5al82z.bin
c:\windows\system32\4571s9ealz079.exe
c:\windows\system32\45e9downlzader4029.cpl
c:\windows\system32\45f2spzrse9155.ocx
c:\windows\system32\466eaddw9rz19145.exe
c:\windows\system32\4679thzef9945.dll
c:\windows\system32\4852downloa9erz85.ocx
c:\windows\system32\48b5thr5atz9749.cpl
c:\windows\system32\48edth5e9t1959z.dll
c:\windows\system32\4955orm31z.dll
c:\windows\system32\495zthreat5915.exe
c:\windows\system32\49b0szea5642.exe
c:\windows\system32\49b7th5zat49259.ocx
c:\windows\system32\49fzspars51586.exe
c:\windows\system32\4b59vzr23555.ocx
c:\windows\system32\4cz1spa5s91790.bin
c:\windows\system32\4d7zthief39245.dll
c:\windows\system32\4d9szarse9195.dll
c:\windows\system32\4db9s5ywarz322.ocx
c:\windows\system32\4e6bsp9rse1566z.dll
c:\windows\system32\4e6fspzrse2595.ocx
c:\windows\system32\4f02stza51397.bin
c:\windows\system32\4f0zvir958.dll
c:\windows\system32\4fa25own9oader32z5.exe
c:\windows\system32\4z19thre5t29743.ocx
c:\windows\system32\503bs9eaz2145.bin
c:\windows\system32\50576hacktool3z99.cpl
c:\windows\system32\505espz9ar5374.ocx
c:\windows\system32\506zviru92525.exe
c:\windows\system32\50a4thiefz939.exe
c:\windows\system32\50ezstea95608.bin
c:\windows\system32\50f9vir59z5.bin
c:\windows\system32\51119oz550e.exe
c:\windows\system32\51131troj9bz.dll
c:\windows\system32\51625iz9916.bin
c:\windows\system32\517z0troj5b9.cpl
c:\windows\system32\518dadd95re35z.ocx
c:\windows\system32\5237thr5at218z9.cpl
c:\windows\system32\5250ste591z65.dll
c:\windows\system32\526ba5z9are815.ocx
c:\windows\system32\52zbth9e5150.bin
c:\windows\system32\5305doznl59der269.cpl
c:\windows\system32\5348not-a-9irz54b7.ocx
c:\windows\system32\5391spy5z5.dll
c:\windows\system32\539thizf5975.bin
c:\windows\system32\53z65tro94a9.cpl
c:\windows\system32\5407n5t-z-virus2b9.bin
c:\windows\system32\54735ackd9or22z.cpl
c:\windows\system32\54c4adzwar9516.bin
c:\windows\system32\5543hacktooz509.ocx
c:\windows\system32\55659zdware13755.dll
c:\windows\system32\5569notz95virus274.bin
c:\windows\system32\5569vzr2139.dll
c:\windows\system32\5573t5iefz5589.bin
c:\windows\system32\558a9hief288z.cpl
c:\windows\system32\55957hackto9lz4a.bin
c:\windows\system32\55a7thre9t450z.ocx
c:\windows\system32\55b9downlzader1549.bin
c:\windows\system32\55bbstea9z169.ocx
c:\windows\system32\55dcsz9rse2164.dll
c:\windows\system32\55z5do9nloader993.cpl
c:\windows\system32\55zds9eal2695.cpl
c:\windows\system32\5656not-a-vzrus2b9.ocx
c:\windows\system32\5758adzware9630.exe
c:\windows\system32\577cad9warez565.exe
c:\windows\system32\57805spz7699.bin
c:\windows\system32\5792spazs5928.bin
c:\windows\system32\57946virusz47.bin
c:\windows\system32\579evi9z071.cpl
c:\windows\system32\585z7wo9m26f.bin
c:\windows\system32\5916zow5loader2057.exe
c:\windows\system32\5918troj392z.cpl
c:\windows\system32\5926vizus547.bin
c:\windows\system32\592z9ddwar5931.cpl
c:\windows\system32\5939threatz2199.bin
c:\windows\system32\5946spyw5rz2581.exe
c:\windows\system32\5949nzt-a-virus504.bin
c:\windows\system32\59514not-a-vz9us43.cpl
c:\windows\system32\5951zownloader1911.ocx
c:\windows\system32\5954hacktoz9457.cpl
c:\windows\system32\59635pazse1359.ocx
c:\windows\system32\5983sparze2045.cpl
c:\windows\system32\59953tzoj26c.dll
c:\windows\system32\59a59zeal1055.exe
c:\windows\system32\59eazhreat19054.ocx
c:\windows\system32\5a29addwa5e70z9.cpl
c:\windows\system32\5a29thzef1876.ocx
c:\windows\system32\5a29vi930z5.bin
c:\windows\system32\5a5c5z9eat317.ocx
c:\windows\system32\5a5fv9r295z.exe
c:\windows\system32\5a9addware5z5.exe
c:\windows\system32\5afbackd9or1z81.ocx
c:\windows\system32\5az8steal3589.bin
c:\windows\system32\5b0csparse5792z.bin
c:\windows\system32\5b63virz94.cpl

Re: win blue soft HELP30th May 2009, 11:41 pm

c:\windows\system32\5c2z9teal107.ocx
c:\windows\system32\5c89sp5rse571z.exe
c:\windows\system32\5cbzthief2509.dll
c:\windows\system32\5ddezh9e5937.bin
c:\windows\system32\5de4vz95772.dll
c:\windows\system32\5df9threz522829.bin
c:\windows\system32\5e35thrza96573.exe
c:\windows\system32\5e5cthiz9372.cpl
c:\windows\system32\5e82back9oor1z50.bin
c:\windows\system32\5eb5vir29z9.exe
c:\windows\system32\5f1dow9loa5er279z.bin
c:\windows\system32\5f3steal906z.exe
c:\windows\system32\5f45spyza9e2364.bin
c:\windows\system32\5f91sp59se2483z.dll
c:\windows\system32\5fccaddzare9161.ocx
c:\windows\system32\5z22steal2797.dll
c:\windows\system32\5z24vi5us929.bin
c:\windows\system32\5z4worm196.exe
c:\windows\system32\5z78thr9at15626.ocx
c:\windows\system32\600spa5bo943z.cpl
c:\windows\system32\6123ad5w9ze493.dll
c:\windows\system32\6175nzt-a-v9rus4ca5.ocx
c:\windows\system32\62495parse57z.exe
c:\windows\system32\63295hief14z2.exe
c:\windows\system32\6395sparsz2255.ocx
c:\windows\system32\653zthr9a520520.cpl
c:\windows\system32\6559ddwarz3131.exe
c:\windows\system32\657t9izf1127.cpl
c:\windows\system32\6593a5dwaze2240.bin
c:\windows\system32\6599spyz94.cpl
c:\windows\system32\659evirz523.cpl
c:\windows\system32\65a9downloazer2196.cpl
c:\windows\system32\66z5downloade53915.dll
c:\windows\system32\673bspyw9re5571z.dll
c:\windows\system32\67z2spy359.ocx
c:\windows\system32\685azpywar59689.bin
c:\windows\system32\6953downlo9der3z18.cpl
c:\windows\system32\69azdownload95250.exe
c:\windows\system32\69d5bazkdoor2291.dll
c:\windows\system32\69f2s5eal119z.cpl
c:\windows\system32\6a9zaddware536.cpl
c:\windows\system32\6az9sparse17975.cpl
c:\windows\system32\6b29addware57z99.cpl
c:\windows\system32\6bf05iz899.dll
c:\windows\system32\6d28dz9nloade52700.exe
c:\windows\system32\6dz9a9d5are2657.exe
c:\windows\system32\6e2st5a9249z.bin
c:\windows\system32\6e51thiez5393.cpl
c:\windows\system32\6e60szarse495.ocx
c:\windows\system32\6eefvzr2529.cpl
c:\windows\system32\6efczhr9at25484.dll
c:\windows\system32\6f5dst9az1925.exe
c:\windows\system32\6ffa5dwa9e39z.exe
c:\windows\system32\6z09spy345.cpl
c:\windows\system32\6z25sparse9076.bin
c:\windows\system32\6z28download9r557.bin
c:\windows\system32\6z569hreat19512.dll
c:\windows\system32\6z59hac5tool92.bin
c:\windows\system32\6z5bsteal969.cpl
c:\windows\system32\6z975tea92142.ocx
c:\windows\system32\6z9thief2596.cpl
c:\windows\system32\6za5ste9l2559.dll
c:\windows\system32\6zcbthr5at5946.cpl
c:\windows\system32\6zdvir975.exe
c:\windows\system32\70169ir5z47.dll
c:\windows\system32\7095szyware9793.bin
c:\windows\system32\70b4zhief25519.ocx
c:\windows\system32\7205downloadzr969.bin
c:\windows\system32\721t9reat2z058.cpl
c:\windows\system32\7295not-a-vir9s6e5z.bin
c:\windows\system32\72casp9rze5806.bin
c:\windows\system32\72z0s5arse9504.cpl
c:\windows\system32\72zddow5loa9er3030.ocx
c:\windows\system32\733e9teal25z8.exe
c:\windows\system32\73c7downl9ad5z3186.bin
c:\windows\system32\73e19tea52611z.dll
c:\windows\system32\74175zreat5689.ocx
c:\windows\system32\74df9tea597z.dll
c:\windows\system32\74dzspy5are1999.exe
c:\windows\system32\7510no5-a-vzru95e7.exe
c:\windows\system32\755z5teal599.dll
c:\windows\system32\7569spywarz14999.cpl
c:\windows\system32\7594a59warz1979.dll
c:\windows\system32\75c95zr1455.cpl
c:\windows\system32\75d9s5ars9482z.bin
c:\windows\system32\767fbac9dooz155.bin
c:\windows\system32\76z9steal3059.bin
c:\windows\system32\7746do9n5oader1z85.bin
c:\windows\system32\7767down9oazer2958.dll
c:\windows\system32\77a9spzrse525.cpl
c:\windows\system32\77e95p9ware2080z.bin
c:\windows\system32\7853tz9j257.dll
c:\windows\system32\7855d5wnloader9068z.bin
c:\windows\system32\7899tro97z85.cpl
c:\windows\system32\78z0th9eat15279.bin
c:\windows\system32\793zirusbd5.ocx
c:\windows\system32\795cthiefz7009.bin
c:\windows\system32\7965thiz995.bin
c:\windows\system32\79985par9z1506.dll
c:\windows\system32\79d6sparse2z5.dll
c:\windows\system32\79dbtzief1757.cpl
c:\windows\system32\79v9rusz5.bin
c:\windows\system32\7a79zackdoor2875.bin
c:\windows\system32\7ad3dow5lo9dez559.bin
c:\windows\system32\7b12d5znloader3192.bin
c:\windows\system32\7b2ezhr5at9494.ocx
c:\windows\system32\7b51zir9066.ocx
c:\windows\system32\7c4bac59ooz89.cpl
c:\windows\system32\7c69pazs52174.cpl
c:\windows\system32\7d16back5zor4079.ocx
c:\windows\system32\7d5zspyw5r9572.ocx
c:\windows\system32\7e735ir187z9.cpl
c:\windows\system32\7eb45ddware9058z.ocx
c:\windows\system32\7za9steal1952.cpl
c:\windows\system32\7zc9a5dware2713.cpl
c:\windows\system32\8185v9rus1zc.bin
c:\windows\system32\835viruz359.bin
c:\windows\system32\8787sp5mbot419z.bin
c:\windows\system32\892zspy595.dll
c:\windows\system32\89zspa59e1434.exe
c:\windows\system32\90014hackt5olz5e.bin
c:\windows\system32\90335irus7z7.cpl
c:\windows\system32\9057t9oj44z.exe
c:\windows\system32\90967tzoj285.dll
c:\windows\system32\91078wzr51a2.cpl
c:\windows\system32\91458not-a-viruszd0.dll
c:\windows\system32\9153troj5z9.bin
c:\windows\system32\91565wozm4b8.cpl
c:\windows\system32\92159wozm515.ocx
c:\windows\system32\92296t5oj46dz.exe
c:\windows\system32\9257ha9ktzol218.cpl
c:\windows\system32\925wormz135.cpl
c:\windows\system32\92dztea51010.exe
c:\windows\system32\92f3spars52z19.cpl
c:\windows\system32\92z5spa9bot500.dll
c:\windows\system32\93470spy795z.bin
c:\windows\system32\9358addwaze2533.ocx
c:\windows\system32\93b5backdzor1594.dll
c:\windows\system32\93z15troj112.exe
c:\windows\system32\93z59spy7f4.cpl
c:\windows\system32\94135irusza.dll
c:\windows\system32\942downlz5der1017.dll
c:\windows\system32\94458troj606z.exe
c:\windows\system32\94b1sparsez605.ocx
c:\windows\system32\9532spa5se1z73.cpl
c:\windows\system32\95402vizus557.cpl
c:\windows\system32\9542thie5200z.exe
c:\windows\system32\9556zspy288.dll
c:\windows\system32\955spyz4e.ocx
c:\windows\system32\95761hzcktool1bd.bin
c:\windows\system32\957bsteaz1557.dll
c:\windows\system32\959zw5rm185.dll
c:\windows\system32\95c7a5dware255z.bin
c:\windows\system32\95z50trojb2.exe
c:\windows\system32\9607addwarez51.ocx
c:\windows\system32\96424hacktool758z.bin
c:\windows\system32\96dfstea53169z.exe
c:\windows\system32\9788v5ruz279.bin
c:\windows\system32\9811st5al9z9.dll
c:\windows\system32\98599spz6b5.dll
c:\windows\system32\9873virzs5e25.cpl
c:\windows\system32\98855roj954z.ocx
c:\windows\system32\98d95hzef1023.cpl
c:\windows\system32\98ddvi53z66.cpl
c:\windows\system32\990zsp5rse2577.exe
c:\windows\system32\99696not-a-v5rzs7f0.bin
c:\windows\system32\9969zworm459.bin
c:\windows\system32\997do5nlozder2932.dll
c:\windows\system32\99bcvzr1505.bin
c:\windows\system32\9a9stea5138z.cpl
c:\windows\system32\9aesparse352z.bin
c:\windows\system32\9c05addwarez86.dll
c:\windows\system32\9c3fspz5se1405.ocx
c:\windows\system32\9c52addwaze337.ocx
c:\windows\system32\9df8stezl965.dll
c:\windows\system32\9ez0vir573.bin
c:\windows\system32\9fev5r210z9.dll
c:\windows\system32\9z365ormb5.exe
c:\windows\system32\9z596worm5ab.cpl
c:\windows\system32\9z5cthreat19924.bin
c:\windows\system32\9z75ddware927.bin
c:\windows\system32\9z87troj598.ocx
c:\windows\system32\b62zhief9905.ocx
c:\windows\system32\bz6down5oader1779.dll
c:\windows\system32\c0bdownlo5de92712z.dll
c:\windows\system32\c31backzoor9157.cpl
c:\windows\system32\c54sparse11z39.exe
c:\windows\system32\ce5spywarz559.exe
c:\windows\system32\d1adownload5z21699.dll
c:\windows\system32\d3dspa5s91585z.dll
c:\windows\system32\d6ddzwn5oader1942.ocx
c:\windows\system32\db95parse1993z.exe
c:\windows\system32\dc5t9izf1498.cpl
c:\windows\system32\dc6threat1465z9.bin
c:\windows\system32\de9zi52871.ocx
c:\windows\system32\df9threa52980z.exe
c:\windows\system32\dz5vir956.exe
c:\windows\system32\e38zhre9t15440.exe
c:\windows\system32\ezhi952179.ocx
c:\windows\system32\f06ba5kdozr2949.cpl
c:\windows\system32\f43viz559.exe
c:\windows\system32\f5bviz149.dll
c:\windows\system32\setup2.exe

Re: win blue soft HELP30th May 2009, 11:42 pm

c:\windows\system32\z014sparse10985.exe
c:\windows\system32\z019s5y3a.bin
c:\windows\system32\z040s9y59f5.exe
c:\windows\system32\z0429vir9s515.bin
c:\windows\system32\z110addw9r569.exe
c:\windows\system32\z15vir4249.ocx
c:\windows\system32\z189not-a-v9r5s2c5.dll
c:\windows\system32\z1e9backdoo52695.exe
c:\windows\system32\z2743spamb5t7139.ocx
c:\windows\system32\z280download5r9257.exe
c:\windows\system32\z2d9s5yware9040.ocx
c:\windows\system32\z2fbbackdoor5694.exe
c:\windows\system32\z3093t9oj63e5.ocx
c:\windows\system32\z30965orm97a.cpl
c:\windows\system32\z3125t9oj6bb.ocx
c:\windows\system32\z32espy5ar92872.dll
c:\windows\system32\z3881not5a9virus18.bin
c:\windows\system32\z4185parse11119.bin
c:\windows\system32\z4625s5ambot194.cpl
c:\windows\system32\z4800ha5kto9l215.dll
c:\windows\system32\z50not-a-vi9us3ef.ocx
c:\windows\system32\z515vir3950.ocx
c:\windows\system32\z55b9hre5t4339.bin
c:\windows\system32\z574worm9db.ocx
c:\windows\system32\z589steal4359.cpl
c:\windows\system32\z58abackdoor93.cpl
c:\windows\system32\z5932hacktool5c1.dll
c:\windows\system32\z5983worm1c05.cpl
c:\windows\system32\z5985wo9m5cc.ocx
c:\windows\system32\z599downloa5er2523.dll
c:\windows\system32\z5d2thief915.dll
c:\windows\system32\z5fespywar530559.cpl
c:\windows\system32\z6099h5cktool233.ocx
c:\windows\system32\z61b9p5ware587.exe
c:\windows\system32\z651backdoor958.bin
c:\windows\system32\z665worm4859.exe
c:\windows\system32\z7528troj19.ocx
c:\windows\system32\z828hackt9ol5a3.exe
c:\windows\system32\z8f7spyw5r92514.cpl
c:\windows\system32\z933downloader502.exe
c:\windows\system32\z94addwa5e1948.bin
c:\windows\system32\z952spyware2924.cpl
c:\windows\system32\z95vir5s940.exe
c:\windows\system32\z971s5a9se2506.cpl
c:\windows\system32\z984spywa5e819.cpl
c:\windows\system32\za08spywar95015.dll
c:\windows\system32\zb2fspy5are23969.bin
c:\windows\system32\zd6adown5oade9564.cpl
c:\windows\system32\zd95spyware2462.exe
c:\windows\system32\ze05steal1394.bin
c:\windows\system32\ze0cb9ckdoor3514.bin
c:\windows\system32\ze83backdo951107.dll
c:\windows\system32\zef8s5ywa9e234.dll
c:\windows\z0586tr5j39c.cpl
c:\windows\z1573hackt9ol424.bin
c:\windows\z157th5ea929316.bin
c:\windows\z15es9arse1178.ocx
c:\windows\z1792worm4c95.exe
c:\windows\z1a959dware1862.cpl
c:\windows\z2684worm59d.dll
c:\windows\z2714s9ambo5526.ocx
c:\windows\z2aaspa9se2652.ocx
c:\windows\z30379orm65.ocx
c:\windows\z3656troj549.ocx
c:\windows\z3895viru592f.cpl
c:\windows\z4b5ad9w5re2086.exe
c:\windows\z4d3thie95862.dll
c:\windows\z523thie932535.bin
c:\windows\z5272no5-a-9irus2bf.cpl
c:\windows\z5498troj7cb.ocx
c:\windows\z5558tro9786.cpl
c:\windows\z5632troj593.cpl
c:\windows\z56sp9rse633.ocx
c:\windows\z5727tro9483.cpl
c:\windows\z57325irus109.exe
c:\windows\z58wor9c65.cpl
c:\windows\z5c2s5ar9e1235.exe
c:\windows\z5d4s9yware1152.cpl
c:\windows\z612ad9wa5e2605.bin
c:\windows\z6364vi5us629.exe
c:\windows\z6956virus610.cpl
c:\windows\z761v5rus294.cpl
c:\windows\z7839viru94d5.ocx
c:\windows\z870v9r3532.cpl
c:\windows\z88cdow5loader793.dll
c:\windows\z8baspars95168.dll
c:\windows\z9084n5t-a-virus202.bin
c:\windows\z9105not-a-v9ru57ef.ocx
c:\windows\z915threat15899.bin
c:\windows\z91765pambot4e7.dll
c:\windows\z936thief2504.ocx
c:\windows\z94395pambot5a0.exe
c:\windows\z96hac9tool565.cpl
c:\windows\z987t95je7.exe
c:\windows\z996worm58.ocx
c:\windows\z9a5dow5loader2906.cpl
c:\windows\z9c6s5arse1191.cpl
c:\windows\z9c8th5ef2031.bin
c:\windows\z9c9steal5987.cpl
c:\windows\zb15spars93215.ocx
c:\windows\zb2athre5t9940.ocx
c:\windows\zb5f9ownloader2538.ocx
c:\windows\zb94vir5519.ocx
c:\windows\zc5fthief1998.exe
c:\windows\zcbcv9r2553.ocx
c:\windows\zd809hre5t24152.dll
c:\windows\ze259pyware2453.bin
c:\windows\zf45vir9766.exe
c:\windows\zf9d5ddware2831.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( 2009-04-28 ÖÁ 2009-05-30 µÄÐÂµÄµµ°¸ )))))))))))))))))))))))))))))))
.

2009-05-28 23:51 . 2009-05-28 23:51 -------- d-----w c:\documents and settings\LocalService\Application Data\Talkback
2009-05-28 23:50 . 2009-05-28 23:50 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-05-28 23:46 . 2009-05-28 23:46 102400 ----a-w c:\windows\system32\blocker.dll
2009-05-28 23:45 . 2009-05-28 23:45 -------- d-----w c:\program files\MoviesPlay
2009-05-03 08:00 . 2009-05-03 08:00 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( ÔÚÈý¸öÔÂÄÚ±»ÐÞ¸ÄµÄµµ°¸ ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 23:16 . 2009-02-27 07:02 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-30 23:14 . 2009-02-27 07:02 -------- d-----w c:\program files\PC Tools Internet Security
2009-05-28 05:39 . 2008-12-27 04:37 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-17 10:42 . 2006-07-08 04:40 -------- d-----w c:\documents and settings\user\Application Data\AdobeUM
2009-04-17 02:13 . 2008-05-07 08:01 -------- d-----w c:\documents and settings\user\Application Data\LimeWire
2009-04-15 21:53 . 2009-03-13 07:45 -------- d-----w c:\program files\3 MobileBroadband
2009-04-05 22:06 . 2008-05-07 07:54 -------- d-----w c:\program files\LimeWire
2009-03-15 08:21 . 2006-07-05 10:47 83008 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-12 23:06 . 2009-02-27 07:02 157568 ----a-w c:\windows\PCTBDRes.dll
2009-03-12 23:06 . 2009-02-27 07:02 1587072 ----a-w c:\windows\PCTBDCore.dll
2009-03-12 05:33 . 2009-02-27 07:02 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 01:21 . 2009-02-27 07:02 921 ----a-w c:\windows\UDB.zip
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-05-01 11:42 . 2006-07-03 05:13 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-05-01 11:42 . 2006-07-03 05:13 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-05-01 11:42 . 2009-03-02 09:40 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-05-01 11:42 . 2009-03-02 09:40 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-05-01 11:42 . 2006-07-03 05:13 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

Re: win blue soft HELP30th May 2009, 11:43 pm

((((((((((((((((((((((((((((((((((((( ÖØÒªµÇÈëµã ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*×¢Òâ* ¿Õ°×ÓëºÏ·¨È±Ê¡µÇÂ¼½«²»»á±»ÏÔÊ¾
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-25 23:32 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"iIWiper"="c:\program files\iISystem Wiper\SystemWiper.exe" [2005-09-11 258048]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]
"Lingoes"="c:\program files\Lingoes\Translator2\Lingoes.exe" [2008-12-29 2473984]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Double Desktop Switcher"="c:\program files\Double Desktop Switcher\DoubleDesktop.exe" [2002-11-22 1266688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-14 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"USB Keyboard"="c:\program files\USB Keyboard Driver\kb_2k.exe" [2004-03-30 155648]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-27 136600]
"Desktop Service Centre"="c:\program files\OptusNet DSL Internet\DSC.exe" [2005-11-30 2919831]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-30 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"ISTray"="c:\program files\PC Tools Internet Security\pctsTray.exe" [2008-12-08 1173416]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-14 1519616]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2001-12-23 4608]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\user\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-9-16 155648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-4 113664]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-5-15 1528880]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsy58.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Cisco Systems\\VPN Client\\cvpnd.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [4/07/2006 9:12 PM 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [4/07/2006 9:12 PM 5248]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [27/02/2009 5:02 PM 130424]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [27/02/2009 5:02 PM 51520]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [27/02/2009 5:02 PM 38208]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [27/02/2009 5:02 PM 159600]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Browser Defender\BDTUpdateService.exe [27/02/2009 5:02 PM 108416]
R2 ClickView Home Service;ClickView Home Service;c:\program files\ClickView\ClickView Library\ClickViewHomeService.exe [8/05/2008 4:23 PM 262144]
R2 ClickView Library Server;ClickView Library Server;c:\program files\ClickView\ClickView Library\ClickViewServerService.exe [30/04/2008 5:07 PM 249856]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [15/03/2009 6:16 PM 55152]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [27/02/2009 5:02 PM 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Internet Security\pctsAuxs.exe [27/02/2009 5:02 PM 348752]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [27/02/2009 5:02 PM 95656]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [27/02/2009 5:02 PM 64424]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [27/02/2009 5:02 PM 33088]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service [?]
S0 Winsy58;Winsy58;c:\windows\system32\Drivers\Winsy58.sys --> c:\windows\system32\Drivers\Winsy58.sys [?]
S2 D4ACF08D;D4ACF08D;c:\windows\system32\D641528B.EXE -k --> c:\windows\system32\D641528B.EXE -k [?]
S3 cusbohcn;cusbohcn;\??\c:\docume~1\user\LOCALS~1\Temp\cusbohcn.sys --> c:\docume~1\user\LOCALS~1\Temp\cusbohcn.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 5:08 PM 533360]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\YH-820.sys [4/07/2006 8:41 PM 7552]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 7:01 AM 2799808]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
¡

¼Æ»

ÈÎÎñ¡¯ ÎÄ¼þ¼Ð ÀïµÄÄÚÈÝ

2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 02:34]

2006-10-05 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21152009576.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 10:38]

2009-05-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-08 09:40]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-setup2.exe - c:\windows\system32\setup2.exe
SafeBoot-procexp90.Sys

.
------- ¶øÍâµÄÉ¨Ãè -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\08cebujr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 09:15
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

É¨Ãè±»Òþ²ØµÄ½ø³Ì ¡£¡£¡£

É¨Ãè±»Òþ²ØµÄÆô¶¯×é ¡£¡£¡£

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Double Desktop Switcher = c:\program files\Double Desktop Switcher\DoubleDesktop.exe??p??\???l???E????M????K?\???$??G??$??O??M????K?8??j ??p??????E?8???F?x??p??p??????h???E????????????????$??G??$??
É¨Ãè±»Òþ²ØµÄÎÄ¼þ ¡£¡£¡£

É¨ÃèÍê³É
±»Òþ²ØµÄµµ°¸: 0

**************************************************************************
.
--------------------- ÔËÐÐ½ø³ÌÏÂµÄ¶¯Ì¬Á´½Ó¿â ---------------------

- - - - - - - > 'winlogon.exe'(1276)
c:\program files\PC Tools Internet Security\TFEngine\TFNI.dll

- - - - - - - > 'lsass.exe'(1332)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\PC Tools Internet Security\TFEngine\TFWAH.dll

- - - - - - - > 'explorer.exe'(4664)
c:\program files\PC Tools Internet Security\TFEngine\TFWAH.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\program files\Lingoes\Translator2\opentext2.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\MSVCR71.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ ÆäËûÔËÐÐ½ø³Ì ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools Internet Security\pctsSvc.exe
c:\windows\system32\conime.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\Double Desktop Switcher\DDE.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Tools Internet Security\TFEngine\TFService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Íê³ÉÊ±¼ä: 2009-05-30 9:21 - µçÄÔÒÑÖØÐÂÆô¶¯
ComboFix-quarantined-files.txt 2009-05-30 23:20

Pre-Run: 60,431,450,112 bytes free
Post-Run: 61,533,822,976 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

1684 --- E O F --- 2009-05-27 11:59

Re: win blue soft HELP30th May 2009, 11:50 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Ask Toolbar
Limewire

Now open a new notepad file.
Input this into the notepad file:

Driver::
Winsy58
D4ACF08D
cusbohcn

File::
c:\windows\system32\blocker.dll

Folder::
c:\program files\LimeWire
c:\program files\AskBarDis

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsy58.sys]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
win blue soft HELP Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Re: win blue soft HELP31st May 2009, 12:01 am

yes i have unintalled limewire and ask toolbar and dragged the txt onto combofix, it is now running.

Re: win blue soft HELP31st May 2009, 12:17 am

ComboFix 09-05-29.01 - user 5/2009 Sun 10:02.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.1023.365 [GMT 10:00]
Ö´ÐÐÎ»ÖÃ: c:\documents and settings\user\Desktop\Fix-Combo.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: Internet Security Anti-Virus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Internet Security Firewall *disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}

FILE ::
"c:\windows\system32\blocker.dll"
.

((((((((((((((((((((((((((((((((((((((( ±»É¾³ýµÄµµ°¸ )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\user\LOCALS~1\Temp\{0E9D8BD9-F856-44F1-B21E-77ED2F483EB5}\_extra\objects\cmdline.dll
c:\documents and settings\user\Local Settings\Temp\{0E9D8BD9-F856-44F1-B21E-77ED2F483EB5}\_extra\objects\cmdline.dll
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid3656.log
c:\windows\system32\blocker.dll

.
((((((((((((((((((((((((((((((((((((((( Çý¶¯/·þÎñ )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CUSBOHCN
-------\Legacy_D4ACF08D
-------\Service_cusbohcn
-------\Service_D4ACF08D
-------\Service_Winsy58

((((((((((((((((((((((((( 2009-04-28 ÖÁ 2009-05-31 µÄÐÂµÄµµ°¸ )))))))))))))))))))))))))))))))
.

2009-05-28 23:51 . 2009-05-28 23:51 -------- d-----w c:\documents and settings\LocalService\Application Data\Talkback
2009-05-28 23:50 . 2009-05-28 23:50 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-05-28 23:45 . 2009-05-28 23:45 -------- d-----w c:\program files\MoviesPlay
2009-05-03 08:00 . 2009-05-03 08:00 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( ÔÚÈý¸öÔÂÄÚ±»ÐÞ¸ÄµÄµµ°¸ ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 00:11 . 2009-02-27 07:02 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-30 23:14 . 2009-02-27 07:02 -------- d-----w c:\program files\PC Tools Internet Security
2009-05-28 05:39 . 2008-12-27 04:37 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-17 10:42 . 2006-07-08 04:40 -------- d-----w c:\documents and settings\user\Application Data\AdobeUM
2009-04-17 02:13 . 2008-05-07 08:01 -------- d-----w c:\documents and settings\user\Application Data\LimeWire
2009-04-15 21:53 . 2009-03-13 07:45 -------- d-----w c:\program files\3 MobileBroadband
2009-03-15 08:21 . 2006-07-05 10:47 83008 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-12 23:06 . 2009-02-27 07:02 157568 ----a-w c:\windows\PCTBDRes.dll
2009-03-12 23:06 . 2009-02-27 07:02 1587072 ----a-w c:\windows\PCTBDCore.dll
2009-03-12 05:33 . 2009-02-27 07:02 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 01:21 . 2009-02-27 07:02 921 ----a-w c:\windows\UDB.zip
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-05-01 11:42 . 2006-07-03 05:13 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-05-01 11:42 . 2006-07-03 05:13 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-05-01 11:42 . 2009-03-02 09:40 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-05-01 11:42 . 2009-03-02 09:40 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-05-01 11:42 . 2006-07-03 05:13 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-30_23.15.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-31 00:09 . 2009-05-31 00:09 16384 c:\windows\Temp\Perflib_Perfdata_3f8.dat
.
((((((((((((((((((((((((((((((((((((( ÖØÒªµÇÈëµã ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*×¢Òâ* ¿Õ°×ÓëºÏ·¨È±Ê¡µÇÂ¼½«²»»á±»ÏÔÊ¾
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"iIWiper"="c:\program files\iISystem Wiper\SystemWiper.exe" [2005-09-11 258048]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]
"Lingoes"="c:\program files\Lingoes\Translator2\Lingoes.exe" [2008-12-29 2473984]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Double Desktop Switcher"="c:\program files\Double Desktop Switcher\DoubleDesktop.exe" [2002-11-22 1266688]

Re: win blue soft HELP31st May 2009, 12:18 am

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-14 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"USB Keyboard"="c:\program files\USB Keyboard Driver\kb_2k.exe" [2004-03-30 155648]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-27 136600]
"Desktop Service Centre"="c:\program files\OptusNet DSL Internet\DSC.exe" [2005-11-30 2919831]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-30 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"ISTray"="c:\program files\PC Tools Internet Security\pctsTray.exe" [2008-12-08 1173416]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-14 1519616]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2001-12-23 4608]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\user\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-9-16 155648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-4 113664]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-5-15 1528880]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Cisco Systems\\VPN Client\\cvpnd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [4/07/2006 9:12 PM 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [4/07/2006 9:12 PM 5248]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [27/02/2009 5:02 PM 130424]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [27/02/2009 5:02 PM 51520]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [27/02/2009 5:02 PM 38208]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [27/02/2009 5:02 PM 159600]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Browser Defender\BDTUpdateService.exe [27/02/2009 5:02 PM 108416]
R2 ClickView Home Service;ClickView Home Service;c:\program files\ClickView\ClickView Library\ClickViewHomeService.exe [8/05/2008 4:23 PM 262144]
R2 ClickView Library Server;ClickView Library Server;c:\program files\ClickView\ClickView Library\ClickViewServerService.exe [30/04/2008 5:07 PM 249856]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [15/03/2009 6:16 PM 55152]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [27/02/2009 5:02 PM 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Internet Security\pctsAuxs.exe [27/02/2009 5:02 PM 348752]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [27/02/2009 5:02 PM 95656]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [27/02/2009 5:02 PM 64424]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [27/02/2009 5:02 PM 33088]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 5:08 PM 533360]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\YH-820.sys [4/07/2006 8:41 PM 7552]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 7:01 AM 2799808]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
¡

¼Æ»

ÈÎÎñ¡¯ ÎÄ¼þ¼Ð ÀïµÄÄÚÈÝ

2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 02:34]

2006-10-05 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21152009576.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 10:38]

2009-05-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-08 09:40]
.
.
------- ¶øÍâµÄÉ¨Ãè -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\08cebujr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 10:10
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

É¨Ãè±»Òþ²ØµÄ½ø³Ì ¡£¡£¡£

É¨Ãè±»Òþ²ØµÄÆô¶¯×é ¡£¡£¡£

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Double Desktop Switcher = c:\program files\Double Desktop Switcher\DoubleDesktop.exe??p??\???l???E????M????K?\???$??G??$??O??M????K?8??j ?p??????E?8???F?x??p??p??????h???E????????????????$??G??$??
É¨Ãè±»Òþ²ØµÄÎÄ¼þ ¡£¡£¡£

É¨ÃèÍê³É
±»Òþ²ØµÄµµ°¸: 0

**************************************************************************
.
--------------------- ÔËÐÐ½ø³ÌÏÂµÄ¶¯Ì¬Á´½Ó¿â ---------------------

- - - - - - - > 'winlogon.exe'(1276)
c:\program files\PC Tools Internet Security\TFEngine\TFNI.dll

- - - - - - - > 'lsass.exe'(1332)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\PC Tools Internet Security\TFEngine\TFWAH.dll

- - - - - - - > 'explorer.exe'(2116)
c:\program files\PC Tools Internet Security\TFEngine\TFWAH.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\MSVCR71.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ ÆäËûÔËÐÐ½ø³Ì ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools Internet Security\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\conime.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Tools Internet Security\TFEngine\TFService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\Double Desktop Switcher\DDE.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Íê³ÉÊ±¼ä: 2009-05-31 10:15 - µçÄÔÒÑÖØÐÂÆô¶¯
ComboFix-quarantined-files.txt 2009-05-31 00:15
ComboFix2.txt 2009-05-30 23:21

Pre-Run: 61,857,320,960 bytes free
Post-Run: 61,706,838,016 bytes free

240 --- E O F --- 2009-05-27 11:59

Re: win blue soft HELP31st May 2009, 12:24 am

Hello.
Combofix found some malware that keeps coming back, I've seen someone else with it and I think I know the cause, so to do that, we need to get an uninstall list.

Open HijackThis.
When Hijack This opens, click "Open the Misc Tools section"
Then select "Open Uninstall Manager"
Click on "Save List..." (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Re: win blue soft HELP31st May 2009, 12:29 am

??2??¡è¨¨¡¥3???¡ã?
3D World Atlas
3DVIA Player 4.1
Adobe Acrobat 6.0 Standard
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 6.0.1
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Bonjour
Brother MFL-Pro Suite
Browser Defender 2.0.6.6
Choice Guard
ClickView Library Server
ClickView Player
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Double Desktop Switcher
DVD Decrypter (Remove Only)
EndNote 9 Volume License Edition
Eyewitness Encyclopedia of Science 2.0
Eyewitness History of the World 2.1
Free YouTube Download 2.2
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Graphmatica
High Definition Audio Driver Package - KB888111
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
iISystem Wiper 2.4.1
ImageTool
InterActual Player
IrfanView (remove only)
ISI ResearchSoft - Export Helper
iTunes
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
Keyboard driver
K-Lite Mega Codec Pack 1.52
Lingoes 2.5.3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Speech API 4.0
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
MoviesPlay
Mozilla Firefox (2.0.0.20)
MSDN Library for Visual Studio 2005
MSDN Library for Visual Studio 2005
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Multimedia Keyboard Driver
Nero Suite
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
OpenOffice.org 2.0
OptusNet DSL
PaperPort Image Printer
PC Connectivity Solution
PC Tools Internet Security 2009
Pivot Stickfigure Animator
PowerDVD
QuickTime
ReadPlease 2003/ReadPlease PLUS 2003
Realtek High Definition Audio Driver
Samsung Music Studio
ScanSoft PaperPort 11
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB925674)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937060)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Shockwave
Siemens Subscriber Networks SpeedStream DSL
Smart Menus (Windows Live Toolbar)
SoftK56 Data Fax Voice Speakerphone CARP
Sony Picture Utility
TheSage
TI Connect 1.6
Uninstall 1.0.0.1
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Videora iPod Converter 4.01
VPN Client
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
Yahoo!7 Toolbar
ZipCentral 4.01

Re: win blue soft HELP31st May 2009, 12:35 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7

OptusNet DSL <== this is the problem.

Before uninstalling it, I need to know if you use dial-up, or ethernet DSL. Either way, this software is only for USB ethernet connectio

Re: win blue soft HELP31st May 2009, 12:38 am

i use dsl, cable. but optusnet is my internet connection program. are you asking me to uninstall it?

Re: win blue soft HELP31st May 2009, 12:44 am

btw i have uninstalled the java programs

Re: win blue soft HELP31st May 2009, 12:46 am

also i have a usb internet connection as well.

Re: win blue soft HELP31st May 2009, 12:50 am

Ah, then keep it.

Re: win blue soft HELP31st May 2009, 12:57 am

um, so way do i do? are we done. my computer works better now, but the desktop background is still : WARNING, your system is infected."

Re: win blue soft HELP31st May 2009, 1:02 am

Keep OptusNet DSL. Just uninstall the old Java, and then follow my instructions below to install the newest version.

Updating Java:

Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
Select the first option where it says "This release is Windows 7 support-ready and includes support for Internet Explorer 8...".
Click the "Download" button to the right.
In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
[
Repeat as many times as necessary to remove each Java versions.
Then from your desktop double-click on jre-6u14-windows-i586-p.exe that you downloaded to install the newest version.

Re: win blue soft HELP31st May 2009, 1:09 am

i have done so. Thanks again. What do i need to do next?

Re: win blue soft HELP31st May 2009, 1:20 am

Nothing, that should do it.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

win blue soft HELP CF_Cleanup

This will also reset your restore points.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

Re: win blue soft HELP31st May 2009, 1:27 am

THANKS SO MUCH MATE

win blue soft HELP

descriptionwin blue soft HELP29th May 2009, 12:40 am

descriptionRe: win blue soft HELP29th May 2009, 1:19 am

descriptionRe: win blue soft HELP29th May 2009, 1:20 am

descriptionRe: win blue soft HELP29th May 2009, 3:03 am

descriptionRe: win blue soft HELP29th May 2009, 11:39 am

descriptionRe: win blue soft HELP29th May 2009, 12:40 pm

descriptionRe: win blue soft HELP29th May 2009, 12:41 pm

descriptionRe: win blue soft HELP29th May 2009, 12:43 pm

descriptionRe: win blue soft HELP29th May 2009, 7:33 pm

descriptionRe: win blue soft HELP30th May 2009, 9:42 am

descriptionRe: win blue soft HELP30th May 2009, 12:45 pm

descriptionRe: win blue soft HELP30th May 2009, 12:51 pm

descriptionRe: win blue soft HELP30th May 2009, 1:08 pm

descriptionRe: win blue soft HELP30th May 2009, 1:24 pm

descriptionRe: win blue soft HELP30th May 2009, 1:53 pm

descriptionRe: win blue soft HELP30th May 2009, 10:52 pm

descriptionRe: win blue soft HELP30th May 2009, 10:56 pm

descriptionRe: win blue soft HELP30th May 2009, 11:03 pm

descriptionRe: win blue soft HELP30th May 2009, 11:21 pm

descriptionRe: win blue soft HELP30th May 2009, 11:24 pm

descriptionRe: win blue soft HELP30th May 2009, 11:25 pm

descriptionRe: win blue soft HELP30th May 2009, 11:32 pm

descriptionRe: win blue soft HELP30th May 2009, 11:35 pm

descriptionRe: win blue soft HELP30th May 2009, 11:39 pm

descriptionRe: win blue soft HELP30th May 2009, 11:40 pm

descriptionRe: win blue soft HELP30th May 2009, 11:41 pm

descriptionRe: win blue soft HELP30th May 2009, 11:42 pm

descriptionRe: win blue soft HELP30th May 2009, 11:43 pm

descriptionRe: win blue soft HELP30th May 2009, 11:50 pm

descriptionRe: win blue soft HELP31st May 2009, 12:01 am

descriptionRe: win blue soft HELP31st May 2009, 12:17 am

descriptionRe: win blue soft HELP31st May 2009, 12:18 am

descriptionRe: win blue soft HELP31st May 2009, 12:24 am

descriptionRe: win blue soft HELP31st May 2009, 12:29 am

descriptionRe: win blue soft HELP31st May 2009, 12:35 am

descriptionRe: win blue soft HELP31st May 2009, 12:38 am

descriptionRe: win blue soft HELP31st May 2009, 12:44 am

descriptionRe: win blue soft HELP31st May 2009, 12:46 am

descriptionRe: win blue soft HELP31st May 2009, 12:50 am

descriptionRe: win blue soft HELP31st May 2009, 12:57 am

descriptionRe: win blue soft HELP31st May 2009, 1:02 am

descriptionRe: win blue soft HELP31st May 2009, 1:09 am

descriptionRe: win blue soft HELP31st May 2009, 1:20 am

descriptionRe: win blue soft HELP31st May 2009, 1:27 am

descriptionRe: win blue soft HELP