BleepingComputer.com: DDS Log - Im infected with the "winbluesoft"...

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

DDS Log - Im infected with the "winbluesoft"... Please help..... :-(

#1 User is offline   jason_sanseverino 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 09-June 09

Posted 09 June 2009 - 07:11 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Jason at 19:54:00.10 on Tue 06/09/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2160 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
C:\WINDOWS\system32\setup2.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\trlrm\RMHSvc.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
D:\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = www.google.com
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
BHO: Trlokom IE Toolbar: {c5af4d9b-0b55-4bac-9486-218ea2c6bc3e} - c:\program files\spywall\TrlIETool.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Trlokom IE Toolbar: {c5af4d9b-0b55-4bac-9486-218ea2c6bc3e} - c:\program files\spywall\TrlIETool.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [PlaxoUpdate] c:\program files\plaxo\3.19.0.16\PlaxoHelper_en.exe -a
uRun: [PlaxoSysTray] c:\program files\plaxo\3.19.0.16\PlaxoSysTray.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_0_0 -reboot 1
uRun: [setup2.exe] c:\windows\system32\setup2.exe
mRun: [GoToMyPC] c:\program files\citrix\gotomypc\g2svc.exe -logon
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [WinBlueSoft] c:\program files\winbluesoft software\winbluesoft\WinBlueSoft.exe -min
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter3.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: topproducer8i.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
TCP: NameServer = 85.255.112.204,85.255.112.90
TCP: {1B0B1DEF-A168-45CB-AD29-9C26BC4B00BF} = 85.255.112.204,85.255.112.90
TCP: {3EB97B9F-7007-4C67-B904-DC733D78BCF9} = 85.255.112.204,85.255.112.90
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-9 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-9 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-7 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-7 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-7 108552]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2002-7-19 6656]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R1 trlkprot;Trlokom Application scan driver;c:\windows\system32\drivers\trlkprot.sys [2009-6-9 186880]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-7 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-9 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-9 1096584]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [2008-1-8 472644]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe" --> c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [?]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-1-8 1122304]
S4 SessionLauncher;SessionLauncher;c:\docume~1\jason\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\jason\locals~1\temp\dx9\SessionLauncher.exe [?]

=============== Created Last 30 ================

2009-06-09 19:43 10,514 a------- c:\windows\system32\21524not-a-vizus559.exe
2009-06-09 19:41 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 19:41 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-09 19:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 19:36 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-09 19:36 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-09 19:36 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-09 19:36 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-09 19:36 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-09 19:36 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-09 19:36 <DIR> --d----- c:\docume~1\jason\applic~1\PC Tools
2009-06-09 19:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-06-09 19:23 335 a------- C:\spyhunter.fix
2009-06-09 19:22 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-09 19:12 <DIR> --d----- c:\program files\Lavasoft
2009-06-09 17:47 186,880 a------- c:\windows\system32\drivers\trlkprot.sys
2009-06-09 17:47 <DIR> --d----- c:\windows\trlrm
2009-06-09 17:47 36 ----hr-- c:\windows\sued.dat
2009-06-09 17:47 <DIR> --d----- c:\program files\SpyWall
2009-06-09 17:36 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-09 17:27 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-08 22:12 5,880 a------- c:\windows\544b9hrzat4985.exe
2009-06-08 08:50 4,247 a------- c:\windows\4f775i925z7.ocx
2009-06-07 16:04 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-07 15:27 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-07 15:27 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-07 15:27 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-07 15:27 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-07 15:27 <DIR> --d----- c:\docume~1\jason\applic~1\AVGTOOLBAR
2009-06-07 15:26 <DIR> --d----- c:\program files\AVG
2009-06-07 15:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-06-07 02:08 15,796 a------- c:\windows\system32\1dz2threat913795.ocx
2009-06-06 23:21 8,826 a------- c:\windows\system32\970not-a-virz5779.bin
2009-06-06 18:57 11,700 a------- c:\windows\system32\50b9zp9rse2455.ocx
2009-06-06 13:12 <DIR> --d----- c:\program files\VideoTools
2009-06-05 06:38 13,654 a------- c:\windows\system32\8956vi9us2c4z.bin
2009-06-04 17:34 8,447 a------- c:\windows\1fz5threa545599.bin
2009-06-03 21:14 4,722 a------- c:\windows\system32\5122s59alz24.dll
2009-06-03 16:09 14,953 a------- c:\windows\95575worz11c.bin
2009-06-02 02:27 17,707 a------- c:\windows\system32\59f9stezl3078.bin
2009-06-01 20:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-06-01 17:06 7,769 a------- c:\windows\system32\5z34add5are2489.bin
2009-05-28 19:35 49,024 a------- c:\windows\system32\drivers\mstape.sys
2009-05-28 19:35 49,024 a------- c:\windows\system32\dllcache\mstape.sys
2009-05-28 19:35 13,696 a------- c:\windows\system32\drivers\avcstrm.sys
2009-05-28 19:35 13,696 a------- c:\windows\system32\dllcache\avcstrm.sys
2009-05-28 19:33 <DIR> --d----- c:\docume~1\jason\applic~1\ZoomBrowser EX
2009-05-28 19:25 <DIR> --d----- c:\program files\Canon
2009-05-28 19:24 <DIR> --d----- c:\program files\common files\Canon
2009-05-28 18:20 9,049 a------- c:\windows\system32\576b9pyw5rz1236.ocx
2009-05-28 01:04 13,611 a------- c:\windows\257z4no9-a-5irus512.ocx
2009-05-27 21:38 9,799 a------- c:\windows\system32\77a3szywa951200.dll
2009-05-25 20:56 13,846 a------- c:\windows\4067backdoo9549z.bin
2009-05-25 09:28 3,123 a------- c:\windows\system32\95053zorm65a.cpl
2009-05-25 08:50 <DIR> --d----- c:\program files\Conduit
2009-05-25 08:50 <DIR> --d----- c:\program files\myBabylon_English
2009-05-25 08:50 <DIR> --d----- c:\program files\Babylon
2009-05-25 08:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Babylon
2009-05-25 08:50 <DIR> --d----- c:\docume~1\jason\applic~1\Babylon
2009-05-22 17:30 12,877 a------- c:\windows\system32\231855roz779.bin
2009-05-20 22:05 237,568 a------- c:\windows\system32\rmc_rtspdl.dll
2009-05-20 22:05 156,672 a------- c:\windows\system32\rmc_fixasf.exe
2009-05-20 22:05 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2009-05-20 22:04 <DIR> --d----- c:\windows\Replay Media Catcher
2009-05-20 22:04 <DIR> --d----- c:\program files\Replay Media Catcher
2009-05-19 20:19 12,992 a------- c:\windows\system32\16095arse290z.exe
2009-05-19 11:16 16,026 a------- c:\windows\system32\9459zorm3b7.dll
2009-05-18 14:33 5,272 a------- c:\windows\system32\5z30thief55379.exe
2009-05-16 04:09 17,541 a------- c:\windows\system32\z597w5rm4619.exe
2009-05-14 21:51 <DIR> --d----- c:\docume~1\jason\applic~1\Blackberry Desktop
2009-05-14 21:17 <DIR> --d----- c:\docume~1\jason\applic~1\Research In Motion
2009-05-14 20:38 <DIR> --d----- c:\program files\common files\Research In Motion
2009-05-14 20:38 <DIR> --d----- c:\program files\Research In Motion
2009-05-12 19:35 14,344 a------- c:\windows\system32\13z49s5ambot339.cpl
2009-05-12 18:46 7,256 a------- c:\windows\system32\3975steal315z.dll
2009-05-12 14:17 7,647 a------- c:\windows\system32\15976hacktoolz49.dll
2009-05-12 01:44 5,159 a------- c:\windows\system32\3f7ethreaz16095.cpl
2009-05-11 20:35 11,928 a------- c:\windows\system32\5719thze53909.cpl
2009-05-11 02:05 17,053 a------- c:\windows\194355roz146.ocx
2009-05-11 01:38 10,096 a------- c:\windows\system32\6f0za5dware2925.bin

==================== Find3M ====================

2009-06-07 15:01 1,262,080 a------- c:\windows\system32\setup2.exe
2009-05-09 23:26 14,666 a------- c:\windows\system32\6e99d5wnloaderz200.bin
2009-05-08 10:36 9,655 a------- c:\windows\system32\18232ziru5349.dll
2009-05-07 20:22 12,777 a------- c:\windows\588559z-a-virus564.bin
2009-05-07 16:21 12,265 a------- c:\windows\25f9v9r104z.dll
2009-05-07 00:57 11,434 a------- c:\windows\109bzp9war5301.exe
2009-05-05 11:27 11,792 a------- c:\windows\6zfevi918545.bin
2009-05-05 04:22 8,445 a------- c:\windows\15z12viru953.exe
2009-05-03 06:51 5,712 a------- c:\windows\system32\9986haz9t5ol605.dll
2009-04-28 16:48 4,710 a------- c:\windows\6693sparse625z.dll
2009-04-25 19:13 9,950 a------- c:\windows\3589ha9kzool570.dll
2009-04-25 19:06 9,274 a------- c:\windows\529at9iez2594.exe
2009-04-24 20:23 7,681 a------- c:\windows\system32\5d4ebackd9oz24945.exe
2009-04-21 05:28 13,518 a------- c:\windows\4040threatz549.exe
2009-04-19 11:42 4,148 a------- c:\windows\system32\91765not-a-vzrus35e.dll
2009-04-19 07:25 11,662 a------- c:\windows\system32\8984vzrus935.exe
2009-04-17 14:05 14,785 a------- c:\windows\2983zpamb5t365.bin
2009-04-16 14:56 15,641 a------- c:\windows\5115tro91z4.exe
2009-04-14 07:43 8,872 a------- c:\windows\2b55steal94z6.dll
2009-04-12 02:25 7,051 a------- c:\windows\za5ethie92792.exe
2009-04-10 16:40 5,392 a------- c:\windows\system32\7519szea961.bin
2009-04-10 10:24 18,050 a------- c:\windows\310965acktool37z.dll
2009-04-08 05:02 13,797 a------- c:\windows\system32\299475pambotzeb.exe
2009-04-07 09:18 7,809 a------- c:\windows\5591spz4b9.bin
2009-04-04 18:15 8,931 a------- c:\windows\system32\3249zhackto5l1b8.dll
2009-04-04 14:48 724,992 a------- c:\windows\iun6002.exe
2009-04-03 10:29 10,996 a------- c:\windows\12520hacktozl191.dll
2009-04-02 12:25 15,508 a------- c:\windows\8z48spy3559.dll
2009-03-26 00:35 15,626 a------- c:\windows\37eethreat9905z.bin
2009-03-24 23:01 6,176 a------- c:\windows\1185zparse39745.dll
2009-03-22 13:54 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-21 02:30 6,388 a------- c:\windows\system32\87z8tr5972f.exe
2009-03-19 12:59 10,279 a------- c:\windows\system32\5425vi9zs194.dll
2009-03-17 19:18 18,105 a------- c:\windows\system32\977zwor956.dll
2009-03-17 06:50 15,165 a------- c:\windows\2451spar9e21z7.dll
2009-03-16 03:12 12,439 a------- c:\windows\1559ztroj71e.bin
2009-03-12 00:11 18,030 a------- c:\windows\1z76dow9loader5180.dll
2008-05-30 14:37 1,694,728 -------- c:\documents and settings\jason\dsetup32.dll
2008-05-30 14:35 97,288 -------- c:\documents and settings\jason\DSETUP.dll
2008-05-30 14:34 528,392 -------- c:\documents and settings\jason\DXSETUP.exe
2007-07-18 20:53 256 -------- c:\documents and settings\jason\pool.bin
2005-05-07 08:44 0 ----h--- c:\documents and settings\jason\hpothb07.dat
2005-05-07 08:43 164 ----h--- c:\documents and settings\all users\hpothb07.dat
2004-12-16 20:07 185 ----h--- c:\docume~1\alluse~1\applic~1\hpothb07.dat
2005-05-13 17:12 217,073 ---shr-- c:\windows\meta4.exe
2005-10-24 11:13 66,560 ---shr-- c:\windows\MOTA113.exe
2008-08-14 14:06 49,152 ---sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 19:56:47.76 ===============

Attached File(s)


#2 User is offline   SifuMike 

  • malware expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 15,385
  • Joined: 08-January 05
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA

Posted 18 June 2009 - 03:58 PM

Hello jason_sanseverino,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 8
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_03
    Java 2 Runtime Environment, SE v1.4.2_05
    Java™ 6 Update 2
    Java™ SE Runtime Environment 6 Update 1
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
******************

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.


******************


Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

This post has been edited by SifuMike: 18 June 2009 - 04:00 PM

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!


Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 User is offline   SifuMike 

  • malware expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 15,385
  • Joined: 08-January 05
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA

Posted 25 June 2009 - 11:53 PM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!


Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users