Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS Log - Im infected with the "winbluesoft"...


  • This topic is locked This topic is locked
2 replies to this topic

#1 jason_sanseverino

jason_sanseverino

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 09 June 2009 - 07:11 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Jason at 19:54:00.10 on Tue 06/09/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2160 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
C:\WINDOWS\system32\setup2.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\trlrm\RMHSvc.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
D:\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = www.google.com
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
BHO: Trlokom IE Toolbar: {c5af4d9b-0b55-4bac-9486-218ea2c6bc3e} - c:\program files\spywall\TrlIETool.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Trlokom IE Toolbar: {c5af4d9b-0b55-4bac-9486-218ea2c6bc3e} - c:\program files\spywall\TrlIETool.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [PlaxoUpdate] c:\program files\plaxo\3.19.0.16\PlaxoHelper_en.exe -a
uRun: [PlaxoSysTray] c:\program files\plaxo\3.19.0.16\PlaxoSysTray.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_0_0 -reboot 1
uRun: [setup2.exe] c:\windows\system32\setup2.exe
mRun: [GoToMyPC] c:\program files\citrix\gotomypc\g2svc.exe -logon
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [WinBlueSoft] c:\program files\winbluesoft software\winbluesoft\WinBlueSoft.exe -min
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter3.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: topproducer8i.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
TCP: NameServer = 85.255.112.204,85.255.112.90
TCP: {1B0B1DEF-A168-45CB-AD29-9C26BC4B00BF} = 85.255.112.204,85.255.112.90
TCP: {3EB97B9F-7007-4C67-B904-DC733D78BCF9} = 85.255.112.204,85.255.112.90
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-9 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-9 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-7 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-7 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-7 108552]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2002-7-19 6656]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R1 trlkprot;Trlokom Application scan driver;c:\windows\system32\drivers\trlkprot.sys [2009-6-9 186880]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-7 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-9 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-9 1096584]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [2008-1-8 472644]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe" --> c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [?]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-1-8 1122304]
S4 SessionLauncher;SessionLauncher;c:\docume~1\jason\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\jason\locals~1\temp\dx9\SessionLauncher.exe [?]

=============== Created Last 30 ================

2009-06-09 19:43 10,514 a------- c:\windows\system32\21524not-a-vizus559.exe
2009-06-09 19:41 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 19:41 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-09 19:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 19:36 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-09 19:36 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-09 19:36 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-09 19:36 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-09 19:36 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-09 19:36 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-09 19:36 <DIR> --d----- c:\docume~1\jason\applic~1\PC Tools
2009-06-09 19:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-06-09 19:23 335 a------- C:\spyhunter.fix
2009-06-09 19:22 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-09 19:12 <DIR> --d----- c:\program files\Lavasoft
2009-06-09 17:47 186,880 a------- c:\windows\system32\drivers\trlkprot.sys
2009-06-09 17:47 <DIR> --d----- c:\windows\trlrm
2009-06-09 17:47 36 ----hr-- c:\windows\sued.dat
2009-06-09 17:47 <DIR> --d----- c:\program files\SpyWall
2009-06-09 17:36 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-09 17:27 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-08 22:12 5,880 a------- c:\windows\544b9hrzat4985.exe
2009-06-08 08:50 4,247 a------- c:\windows\4f775i925z7.ocx
2009-06-07 16:04 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-07 15:27 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-07 15:27 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-07 15:27 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-07 15:27 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-07 15:27 <DIR> --d----- c:\docume~1\jason\applic~1\AVGTOOLBAR
2009-06-07 15:26 <DIR> --d----- c:\program files\AVG
2009-06-07 15:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-06-07 02:08 15,796 a------- c:\windows\system32\1dz2threat913795.ocx
2009-06-06 23:21 8,826 a------- c:\windows\system32\970not-a-virz5779.bin
2009-06-06 18:57 11,700 a------- c:\windows\system32\50b9zp9rse2455.ocx
2009-06-06 13:12 <DIR> --d----- c:\program files\VideoTools
2009-06-05 06:38 13,654 a------- c:\windows\system32\8956vi9us2c4z.bin
2009-06-04 17:34 8,447 a------- c:\windows\1fz5threa545599.bin
2009-06-03 21:14 4,722 a------- c:\windows\system32\5122s59alz24.dll
2009-06-03 16:09 14,953 a------- c:\windows\95575worz11c.bin
2009-06-02 02:27 17,707 a------- c:\windows\system32\59f9stezl3078.bin
2009-06-01 20:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-06-01 17:06 7,769 a------- c:\windows\system32\5z34add5are2489.bin
2009-05-28 19:35 49,024 a------- c:\windows\system32\drivers\mstape.sys
2009-05-28 19:35 49,024 a------- c:\windows\system32\dllcache\mstape.sys
2009-05-28 19:35 13,696 a------- c:\windows\system32\drivers\avcstrm.sys
2009-05-28 19:35 13,696 a------- c:\windows\system32\dllcache\avcstrm.sys
2009-05-28 19:33 <DIR> --d----- c:\docume~1\jason\applic~1\ZoomBrowser EX
2009-05-28 19:25 <DIR> --d----- c:\program files\Canon
2009-05-28 19:24 <DIR> --d----- c:\program files\common files\Canon
2009-05-28 18:20 9,049 a------- c:\windows\system32\576b9pyw5rz1236.ocx
2009-05-28 01:04 13,611 a------- c:\windows\257z4no9-a-5irus512.ocx
2009-05-27 21:38 9,799 a------- c:\windows\system32\77a3szywa951200.dll
2009-05-25 20:56 13,846 a------- c:\windows\4067backdoo9549z.bin
2009-05-25 09:28 3,123 a------- c:\windows\system32\95053zorm65a.cpl
2009-05-25 08:50 <DIR> --d----- c:\program files\Conduit
2009-05-25 08:50 <DIR> --d----- c:\program files\myBabylon_English
2009-05-25 08:50 <DIR> --d----- c:\program files\Babylon
2009-05-25 08:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Babylon
2009-05-25 08:50 <DIR> --d----- c:\docume~1\jason\applic~1\Babylon
2009-05-22 17:30 12,877 a------- c:\windows\system32\231855roz779.bin
2009-05-20 22:05 237,568 a------- c:\windows\system32\rmc_rtspdl.dll
2009-05-20 22:05 156,672 a------- c:\windows\system32\rmc_fixasf.exe
2009-05-20 22:05 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2009-05-20 22:04 <DIR> --d----- c:\windows\Replay Media Catcher
2009-05-20 22:04 <DIR> --d----- c:\program files\Replay Media Catcher
2009-05-19 20:19 12,992 a------- c:\windows\system32\16095arse290z.exe
2009-05-19 11:16 16,026 a------- c:\windows\system32\9459zorm3b7.dll
2009-05-18 14:33 5,272 a------- c:\windows\system32\5z30thief55379.exe
2009-05-16 04:09 17,541 a------- c:\windows\system32\z597w5rm4619.exe
2009-05-14 21:51 <DIR> --d----- c:\docume~1\jason\applic~1\Blackberry Desktop
2009-05-14 21:17 <DIR> --d----- c:\docume~1\jason\applic~1\Research In Motion
2009-05-14 20:38 <DIR> --d----- c:\program files\common files\Research In Motion
2009-05-14 20:38 <DIR> --d----- c:\program files\Research In Motion
2009-05-12 19:35 14,344 a------- c:\windows\system32\13z49s5ambot339.cpl
2009-05-12 18:46 7,256 a------- c:\windows\system32\3975steal315z.dll
2009-05-12 14:17 7,647 a------- c:\windows\system32\15976hacktoolz49.dll
2009-05-12 01:44 5,159 a------- c:\windows\system32\3f7ethreaz16095.cpl
2009-05-11 20:35 11,928 a------- c:\windows\system32\5719thze53909.cpl
2009-05-11 02:05 17,053 a------- c:\windows\194355roz146.ocx
2009-05-11 01:38 10,096 a------- c:\windows\system32\6f0za5dware2925.bin

==================== Find3M ====================

2009-06-07 15:01 1,262,080 a------- c:\windows\system32\setup2.exe
2009-05-09 23:26 14,666 a------- c:\windows\system32\6e99d5wnloaderz200.bin
2009-05-08 10:36 9,655 a------- c:\windows\system32\18232ziru5349.dll
2009-05-07 20:22 12,777 a------- c:\windows\588559z-a-virus564.bin
2009-05-07 16:21 12,265 a------- c:\windows\25f9v9r104z.dll
2009-05-07 00:57 11,434 a------- c:\windows\109bzp9war5301.exe
2009-05-05 11:27 11,792 a------- c:\windows\6zfevi918545.bin
2009-05-05 04:22 8,445 a------- c:\windows\15z12viru953.exe
2009-05-03 06:51 5,712 a------- c:\windows\system32\9986haz9t5ol605.dll
2009-04-28 16:48 4,710 a------- c:\windows\6693sparse625z.dll
2009-04-25 19:13 9,950 a------- c:\windows\3589ha9kzool570.dll
2009-04-25 19:06 9,274 a------- c:\windows\529at9iez2594.exe
2009-04-24 20:23 7,681 a------- c:\windows\system32\5d4ebackd9oz24945.exe
2009-04-21 05:28 13,518 a------- c:\windows\4040threatz549.exe
2009-04-19 11:42 4,148 a------- c:\windows\system32\91765not-a-vzrus35e.dll
2009-04-19 07:25 11,662 a------- c:\windows\system32\8984vzrus935.exe
2009-04-17 14:05 14,785 a------- c:\windows\2983zpamb5t365.bin
2009-04-16 14:56 15,641 a------- c:\windows\5115tro91z4.exe
2009-04-14 07:43 8,872 a------- c:\windows\2b55steal94z6.dll
2009-04-12 02:25 7,051 a------- c:\windows\za5ethie92792.exe
2009-04-10 16:40 5,392 a------- c:\windows\system32\7519szea961.bin
2009-04-10 10:24 18,050 a------- c:\windows\310965acktool37z.dll
2009-04-08 05:02 13,797 a------- c:\windows\system32\299475pambotzeb.exe
2009-04-07 09:18 7,809 a------- c:\windows\5591spz4b9.bin
2009-04-04 18:15 8,931 a------- c:\windows\system32\3249zhackto5l1b8.dll
2009-04-04 14:48 724,992 a------- c:\windows\iun6002.exe
2009-04-03 10:29 10,996 a------- c:\windows\12520hacktozl191.dll
2009-04-02 12:25 15,508 a------- c:\windows\8z48spy3559.dll
2009-03-26 00:35 15,626 a------- c:\windows\37eethreat9905z.bin
2009-03-24 23:01 6,176 a------- c:\windows\1185zparse39745.dll
2009-03-22 13:54 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-21 02:30 6,388 a------- c:\windows\system32\87z8tr5972f.exe
2009-03-19 12:59 10,279 a------- c:\windows\system32\5425vi9zs194.dll
2009-03-17 19:18 18,105 a------- c:\windows\system32\977zwor956.dll
2009-03-17 06:50 15,165 a------- c:\windows\2451spar9e21z7.dll
2009-03-16 03:12 12,439 a------- c:\windows\1559ztroj71e.bin
2009-03-12 00:11 18,030 a------- c:\windows\1z76dow9loader5180.dll
2008-05-30 14:37 1,694,728 -------- c:\documents and settings\jason\dsetup32.dll
2008-05-30 14:35 97,288 -------- c:\documents and settings\jason\DSETUP.dll
2008-05-30 14:34 528,392 -------- c:\documents and settings\jason\DXSETUP.exe
2007-07-18 20:53 256 -------- c:\documents and settings\jason\pool.bin
2005-05-07 08:44 0 ----h--- c:\documents and settings\jason\hpothb07.dat
2005-05-07 08:43 164 ----h--- c:\documents and settings\all users\hpothb07.dat
2004-12-16 20:07 185 ----h--- c:\docume~1\alluse~1\applic~1\hpothb07.dat
2005-05-13 17:12 217,073 ---shr-- c:\windows\meta4.exe
2005-10-24 11:13 66,560 ---shr-- c:\windows\MOTA113.exe
2008-08-14 14:06 49,152 ---sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 19:56:47.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:14 AM

Posted 18 June 2009 - 03:58 PM

Hello jason_sanseverino,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 8
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_03
    Java 2 Runtime Environment, SE v1.4.2_05
    Java™ 6 Update 2
    Java™ SE Runtime Environment 6 Update 1
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
******************

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.


******************


Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Edited by SifuMike, 18 June 2009 - 04:00 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:14 AM

Posted 25 June 2009 - 11:53 PM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users