WiredWX Hobby Weather ToolsLog in

 


i cant get rid of winbluesoft

4 posters

descriptioni cant get rid of winbluesoft - Page 2 EmptyRe: i cant get rid of winbluesoft

more_horiz
Just some left overs:

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\9z0715pyf.dll

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"=-


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
i cant get rid of winbluesoft - Page 2 Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

descriptioni cant get rid of winbluesoft - Page 2 EmptyRe: i cant get rid of winbluesoft

more_horiz
ComboFix 09-07-09.08 - Compaq_Owner 07/10/2009 12:44.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.333 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo-Fix12.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CfScripts.txt

FILE ::
"c:\windows\system32\9z0715pyf.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\9z0715pyf.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-10 15:29 . 2009-07-10 15:54 -------- d-s---w- C:\Combo-Fix
2009-07-09 22:10 . 2009-07-09 22:11 -------- d-----w- c:\documents and settings\Compaq_Owner\.SunDownloadManager
2009-07-09 02:42 . 2009-07-10 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-07-09 02:42 . 2009-07-09 02:42 -------- d-----w- c:\program files\Common Files\iS3
2009-07-08 18:58 . 2009-07-09 21:27 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\GetRightToGo
2009-07-08 18:09 . 2009-07-09 21:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-25 17:38 . 2009-06-25 17:38 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Petroglyph
2009-06-19 20:51 . 2004-08-04 11:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-12 16:59 . 2009-06-30 21:28 -------- d-----w- c:\program files\LucasArts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 03:59 . 2005-01-29 11:04 -------- d-----w- c:\program files\Java
2009-07-08 14:41 . 2008-12-22 05:08 34 ----a-w- c:\documents and settings\Compaq_Owner\jagex_runescape_preferences.dat
2009-07-07 17:13 . 2005-01-29 11:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-05 23:00 . 2009-03-03 02:58 -------- d-----w- c:\program files\Norton Security Scan
2009-06-30 21:28 . 2005-01-29 11:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 04:13 . 2009-06-02 23:00 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-13 03:00 . 2009-03-03 17:56 -------- d-----w- c:\program files\Bonjour
2009-06-12 17:06 . 2006-02-21 01:56 -------- d-----w- c:\program files\Davidson
2009-06-03 03:20 . 2009-06-03 03:20 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\PC Updater
2009-06-02 22:56 . 2009-06-02 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-02 22:54 . 2009-06-02 22:54 10134 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-02 22:54 . 2009-06-02 22:54 -------- d-----w- c:\program files\Microsoft WSE
2009-05-28 19:16 . 2009-05-28 19:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-05-28 19:15 . 2009-05-28 19:15 294912 ----a-r- c:\windows\system32\SZBase5.dll
2009-05-28 19:14 . 2009-05-28 19:14 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-05-18 21:25 . 2009-05-08 01:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks
2009-05-12 19:13 . 2009-05-12 19:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-05-08 01:18 . 2009-05-08 01:18 34062 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks\ie_bin\Uninst.exe
2009-04-30 17:02 . 2005-12-28 05:55 46832 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 00:33 . 2009-04-30 00:33 3584 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-07-10_15.41.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-10 16:53 . 2009-07-10 16:53 16384 c:\windows\Temp\Perflib_Perfdata_770.dat
+ 2009-07-10 16:53 . 2009-07-10 16:53 16384 c:\windows\Temp\Perflib_Perfdata_434.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-03-23 126976]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-01-29 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"YBrowser"="c:\program files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 126976]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MskDetct.exe" [2005-03-23 1111040]
"SIE2004"="c:\program files\Winferno\SIEPIE\SIEPulse.exe" [2004-07-06 44032]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=


--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-07-06 c:\windows\Tasks\Norton Security Scan for Compaq_Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 22:20]

2009-07-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-01-29 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydial/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydial/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
Trusted Zone: jcpsurvey.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 12:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-10 12:51
ComboFix-quarantined-files.txt 2009-07-10 17:50
ComboFix2.txt 2009-07-10 16:57

Pre-Run: 60,154,654,720 bytes free
Post-Run: 60,154,974,208 bytes free

150 --- E O F --- 2008-09-12 08:01

descriptioni cant get rid of winbluesoft - Page 2 EmptyRe: i cant get rid of winbluesoft

more_horiz
Hello.
How is the machine running now?

descriptioni cant get rid of winbluesoft - Page 2 EmptyRe: i cant get rid of winbluesoft

more_horiz
its running fine now thanks for all the help

descriptioni cant get rid of winbluesoft - Page 2 Emptywinblusoft removal

more_horiz
my friend is facing the whole winbluesoft problem. but with his computer it wont even start up past the log in screen. if we do the whole process listed above in safe mode will it still work?

descriptioni cant get rid of winbluesoft - Page 2 EmptyRe: i cant get rid of winbluesoft

more_horiz
Hello kmosk789, please refrain from posting in other members topics and start your own.

descriptioni cant get rid of winbluesoft - Page 2 EmptyRe: i cant get rid of winbluesoft

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum