Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:JS/BlacoleRef


  • This topic is locked This topic is locked
1 reply to this topic

#1 jumanji81

jumanji81

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 07 January 2012 - 03:54 PM

Hi,

Microsoft security essentials recently alerted me of the following: Trojan:JS/BlacoleRef.T - I tried to remove but I think it is still there and causing problems.

Here is the DDS report:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by JEZ at 23:03:59 on 2012-01-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4009.2036 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\JEZ\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\notepad.exe
C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nmd.msn.com
uDefault_Page_URL = hxxp://nmd.msn.com
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\JEZ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C50B204A-645F-43B4-B0E3-4E4621D82BD4} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JEZ\AppData\Roaming\Mozilla\Firefox\Profiles\ijgoc6n3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\JEZ\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 ioatdma;Intel® QuickData Technology device;C:\windows\system32\Drivers\ioatdma.sys --> C:\windows\system32\Drivers\ioatdma.sys [?]
R0 xfiltx64;VIA SATA IDE Hot-plug Driver;C:\windows\system32\drivers\xfiltx64.sys --> C:\windows\system32\drivers\xfiltx64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-1 13336]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AmUStor;AM USB Stroage Driver;C:\windows\system32\drivers\AmUStor.SYS --> C:\windows\system32\drivers\AmUStor.SYS [?]
S3 dc21x4vm;dc21x4vm;C:\windows\system32\DRIVERS\dc21x4vm.sys --> C:\windows\system32\DRIVERS\dc21x4vm.sys [?]
S3 EUCR;EUCR;C:\windows\system32\drivers\EUCR6SK.SYS --> C:\windows\system32\drivers\EUCR6SK.SYS [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 hidshim;Service for HID-KMDF Shim layer;C:\windows\system32\drivers\hidshim.sys --> C:\windows\system32\drivers\hidshim.sys [?]
S3 IFCoEMP;IFCoEMP;C:\windows\system32\drivers\ifM60x64.sys --> C:\windows\system32\drivers\ifM60x64.sys [?]
S3 IFCoEVB;IFCoEVB;C:\windows\system32\drivers\ifP60X64.sys --> C:\windows\system32\drivers\ifP60X64.sys [?]
S3 Impcd;Impcd;C:\windows\system32\drivers\Impcd.sys --> C:\windows\system32\drivers\Impcd.sys [?]
S3 ioatdma1;ioatdma1;C:\windows\system32\Drivers\qd162x64.sys --> C:\windows\system32\Drivers\qd162x64.sys [?]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\windows\system32\Drivers\qd262x64.sys --> C:\windows\system32\Drivers\qd262x64.sys [?]
S3 itecir;ITECIR Infrared Receiver;C:\windows\system32\drivers\itecir.sys --> C:\windows\system32\drivers\itecir.sys [?]
S3 johci;JMicron 1394 Filter Driver;C:\windows\system32\drivers\johci.sys --> C:\windows\system32\drivers\johci.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
S3 mv91cons;mv91cons;C:\windows\system32\drivers\mv91cons.sys --> C:\windows\system32\drivers\mv91cons.sys [?]
S3 mv91xx;mv91xx;C:\windows\system32\drivers\mv91xx.sys --> C:\windows\system32\drivers\mv91xx.sys [?]
S3 nvamacpi;nvamacpi;C:\windows\system32\drivers\NVAMACPI.sys --> C:\windows\system32\drivers\NVAMACPI.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 vcrdrx64;VIA MSP Card Reader Host Controller;C:\windows\system32\drivers\vcrdrx64.sys --> C:\windows\system32\drivers\vcrdrx64.sys [?]
S3 videX64;videX64;C:\windows\system32\drivers\videX64.sys --> C:\windows\system32\drivers\videX64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wbondir;Winbond CIR Transceiver;C:\windows\system32\drivers\wbondir.sys --> C:\windows\system32\drivers\wbondir.sys [?]
S3 winbondcir;Winbond IR Transceiver;C:\windows\system32\drivers\winbondcir.sys --> C:\windows\system32\drivers\winbondcir.sys [?]
S3 winbondhidcir;Winbond HID CIR Receiver;C:\windows\system32\drivers\winbondhidcir.sys --> C:\windows\system32\drivers\winbondhidcir.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-05 22:38:13 -------- d-----w- C:\Users\JEZ\AppData\Local\{3597AAFC-B915-482D-B4C3-54258017F14B}
2012-01-05 22:38:03 -------- d-----w- C:\Users\JEZ\AppData\Local\{B3D1F725-6DDB-418A-A0B9-E77D7201A0F3}
2012-01-05 22:33:28 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64BEC090-07A9-43EF-87FE-098A0EF16C36}\offreg.dll
2012-01-05 22:33:26 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{64BEC090-07A9-43EF-87FE-098A0EF16C36}\mpengine.dll
2012-01-04 20:00:23 -------- d-----w- C:\Users\JEZ\AppData\Local\{FA09404C-411C-47D2-99C3-8174567DE93F}
2012-01-04 20:00:12 -------- d-----w- C:\Users\JEZ\AppData\Local\{F924BE2B-29D9-4200-8CAF-D17D6AAD6989}
2012-01-03 18:45:34 -------- d-----w- C:\Users\JEZ\AppData\Local\{931086E3-D6FE-42BD-A273-F874ECD25117}
2012-01-03 18:45:24 -------- d-----w- C:\Users\JEZ\AppData\Local\{62688939-3710-4ED5-98C9-2A1AEA5C5984}
2012-01-02 13:55:16 -------- d-----w- C:\Users\JEZ\AppData\Local\{06EEDDEC-BB35-4A31-82AF-B5ABEF127646}
2012-01-02 13:55:06 -------- d-----w- C:\Users\JEZ\AppData\Local\{3975F66B-4431-4CEF-BB6F-48AF7AB023BD}
2012-01-01 13:49:02 -------- d-----w- C:\Users\JEZ\AppData\Local\{09C8B0BE-66E6-4731-A668-D276732A687F}
2012-01-01 13:48:52 -------- d-----w- C:\Users\JEZ\AppData\Local\{EFAEEA87-027C-49E2-ADC3-CFC510D48C5A}
2012-01-01 01:03:29 -------- d-----w- C:\Users\JEZ\AppData\Local\{D4E39340-497D-4AC4-8278-CFF5E1908058}
2012-01-01 01:03:19 -------- d-----w- C:\Users\JEZ\AppData\Local\{A21D805A-16DC-454D-A566-9D6DDA2D5CCC}
2011-12-31 12:25:38 -------- d-----w- C:\Users\JEZ\AppData\Local\{29EFEDB9-5220-42E2-A3F5-330D7D07EFB0}
2011-12-30 11:57:00 -------- d-----w- C:\Users\JEZ\AppData\Local\{D7E7C854-ED86-497D-BFD3-8A16BB4A52AA}
2011-12-30 11:56:50 -------- d-----w- C:\Users\JEZ\AppData\Local\{7D7B6721-05F3-4892-84EB-3FCED415213D}
2011-12-29 21:14:15 -------- d-----w- C:\Users\JEZ\AppData\Local\{3B4F9A7F-8C67-43B9-81A0-3D94DB3224AB}
2011-12-29 21:14:05 -------- d-----w- C:\Users\JEZ\AppData\Local\{A371C8F2-620F-4780-86EA-0293FDB63821}
2011-12-28 21:12:22 -------- d-----w- C:\Users\JEZ\AppData\Local\{24C01338-1EC3-4439-952B-8A3B795ED32F}
2011-12-28 21:12:10 -------- d-----w- C:\Users\JEZ\AppData\Local\{BE049017-A0C3-421E-A993-EA64E26E75B8}
2011-12-28 19:17:26 -------- d-----w- C:\Users\JEZ\AppData\Local\{38C0B08B-2A50-45A3-86BE-51EACF98D8BE}
2011-12-28 12:40:48 -------- d-----w- C:\Users\JEZ\AppData\Local\{3A0C79F1-DEE6-4AA6-A391-B9600FDB06DF}
2011-12-26 11:55:13 -------- d-----w- C:\Users\JEZ\AppData\Local\{2930F6A4-E811-4F0C-9197-DBDA6E5AC35C}
2011-12-26 11:55:03 -------- d-----w- C:\Users\JEZ\AppData\Local\{63651A93-B563-4E6A-864C-02AA39652F55}
2011-12-25 21:32:24 -------- d-----w- C:\Users\JEZ\AppData\Local\{96F424C3-D1CC-46CE-8E23-948382908F93}
2011-12-25 21:32:14 -------- d-----w- C:\Users\JEZ\AppData\Local\{66910462-0FC7-4508-93F8-31566AE23E21}
2011-12-24 13:50:32 -------- d-----w- C:\Users\JEZ\AppData\Local\{EA41A69E-5DF8-4A02-A047-318A97C40CE8}
2011-12-24 13:50:22 -------- d-----w- C:\Users\JEZ\AppData\Local\{588381AF-FB46-435C-9504-A05B41ADCCC1}
2011-12-23 11:06:43 -------- d-----w- C:\Users\JEZ\AppData\Local\{572F3FE8-5DD9-493A-A95C-7C47CA28C36C}
2011-12-23 11:06:33 -------- d-----w- C:\Users\JEZ\AppData\Local\{2A3EAD09-045C-437A-B911-9CBC61A10C3C}
2011-12-22 23:06:09 -------- d-----w- C:\Users\JEZ\AppData\Local\{D1A57B5E-F3B9-4207-A448-33CA722E7B7F}
2011-12-22 23:06:00 -------- d-----w- C:\Users\JEZ\AppData\Local\{5F414DFC-448F-4BF9-812B-74B2766DA0DF}
2011-12-22 10:27:25 -------- d-----w- C:\Users\JEZ\AppData\Local\{8A2876FF-20F4-4E1C-8393-EF74B00F9673}
2011-12-22 10:27:15 -------- d-----w- C:\Users\JEZ\AppData\Local\{3C4AC7FC-B1F9-486F-A749-7CCAFAC5B7B1}
2011-12-20 18:22:39 -------- d-----w- C:\Users\JEZ\AppData\Local\{243C6DF9-FE60-4ACE-8D95-55FF84D3290E}
2011-12-20 18:22:28 -------- d-----w- C:\Users\JEZ\AppData\Local\{33F537DC-2262-4E33-B11A-FF2B17C1B257}
2011-12-19 21:58:05 -------- d-----w- C:\Users\JEZ\AppData\Local\{E2B8FB82-95EA-443F-96A9-EAEE16FECA8F}
2011-12-19 21:57:55 -------- d-----w- C:\Users\JEZ\AppData\Local\{40162461-79BF-427D-9547-7FFBB416E05F}
2011-12-18 21:37:41 -------- d-----w- C:\Users\JEZ\AppData\Local\{4125149B-537E-4CD2-8F1A-F8D86C8938DD}
2011-12-18 14:30:37 -------- d-----w- C:\Users\JEZ\AppData\Local\{EDF7E1AF-BED4-4344-8AFA-271137388AE6}
2011-12-18 11:39:35 -------- d-----w- C:\Users\JEZ\AppData\Local\{F76BF960-A144-43EE-931C-BBB0E42828D6}
2011-12-17 12:08:22 -------- d-----w- C:\Users\JEZ\AppData\Local\{D72952C1-1987-4228-8716-67F4D76C07B4}
2011-12-17 12:08:12 -------- d-----w- C:\Users\JEZ\AppData\Local\{0EDF5DD8-8062-428A-A318-98BBB0446AB4}
2011-12-16 18:15:30 -------- d-----w- C:\Users\JEZ\AppData\Local\{07530D7E-250E-45FB-86C7-3CF2CA7880F6}
2011-12-16 18:15:20 -------- d-----w- C:\Users\JEZ\AppData\Local\{8FE4A4CF-9293-488E-B47D-F1F4FE2004D5}
2011-12-15 21:05:54 -------- d-----w- C:\Users\JEZ\AppData\Local\{483AB780-79A8-4B69-8445-29978ACABC41}
2011-12-15 21:05:44 -------- d-----w- C:\Users\JEZ\AppData\Local\{604CFE26-F661-49E0-AFC5-500825D168A3}
2011-12-14 18:44:32 -------- d-----w- C:\Users\JEZ\AppData\Local\{FDCA399E-D30B-4AA4-8834-9E7B6CF1EBD0}
2011-12-14 18:44:22 -------- d-----w- C:\Users\JEZ\AppData\Local\{0D288DB2-E0C4-4C0E-87C8-CFB1ACE70F91}
2011-12-14 18:39:22 43520 ----a-w- C:\windows\System32\csrsrv.dll
2011-12-14 18:39:20 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-12-14 18:39:19 723456 ----a-w- C:\windows\System32\EncDec.dll
2011-12-14 18:39:18 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2011-12-14 18:39:17 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-12-14 18:39:17 2048 ----a-w- C:\windows\System32\tzres.dll
2011-12-12 19:10:54 -------- d-----w- C:\Users\JEZ\AppData\Local\{A4CCABE7-0132-45FB-9EFA-38D5AFB033D3}
2011-12-12 19:10:44 -------- d-----w- C:\Users\JEZ\AppData\Local\{DFB7EBBE-B97D-4B47-AD8F-C5EFA00F8CD5}
2011-12-11 11:25:16 -------- d-----w- C:\Users\JEZ\AppData\Local\{4E4F6826-52A4-4AED-BEFF-DB47E13AB8B1}
2011-12-11 11:25:06 -------- d-----w- C:\Users\JEZ\AppData\Local\{AB33095E-51D3-4E5A-A210-B26CE4EF4B81}
2011-12-10 12:46:22 -------- d-----w- C:\Users\JEZ\AppData\Local\{88BF0908-C8B2-493D-87E5-9B0D20CC56F4}
2011-12-10 12:46:12 -------- d-----w- C:\Users\JEZ\AppData\Local\{4E35C0DE-D644-44E9-825A-6CF69016E11C}
2011-12-09 12:31:35 -------- d-----w- C:\Users\JEZ\.swt
2011-12-09 12:31:34 -------- d-----w- C:\Users\JEZ\AppData\Roaming\Azureus
2011-12-09 12:31:03 -------- d-----w- C:\Program Files (x86)\Vuze
2011-12-09 09:58:10 -------- d-----w- C:\Users\JEZ\AppData\Local\{7DB564BD-0B2B-4F5C-9C7B-29F5055BFE64}
2011-12-09 09:58:00 -------- d-----w- C:\Users\JEZ\AppData\Local\{C694AC67-C510-4A8F-980D-DDC6E63AE9B6}
2011-12-08 12:55:30 -------- d-----w- C:\Users\JEZ\AppData\Local\{7A674F81-778C-4219-AB04-64A51D77EBA4}
2011-12-08 12:55:20 -------- d-----w- C:\Users\JEZ\AppData\Local\{D804C3AF-C9BB-4943-8A20-52F4DB94BB8A}
2011-12-07 21:32:59 -------- d-----w- C:\Users\JEZ\AppData\Local\{A0458F79-F796-40C0-B4B2-5A1E634CECD2}
2011-12-07 21:32:49 -------- d-----w- C:\Users\JEZ\AppData\Local\{B7862B9E-8CED-4DDD-B2F1-9890CCA17922}
2011-12-07 09:32:26 -------- d-----w- C:\Users\JEZ\AppData\Local\{248B5719-9FB9-43F8-8431-67711D3A39AC}
2011-12-07 09:32:16 -------- d-----w- C:\Users\JEZ\AppData\Local\{1303A657-64D4-46DE-9725-20C8EC7A7BA0}
.
==================== Find3M ====================
.
2011-12-10 15:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-11-05 06:47:27 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 23:04:22.73 ===============

BC AdBot (Login to Remove)

 


#2 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:55 PM

Posted 07 January 2012 - 04:21 PM

Hi jumanji81 and welcome at Bleeping Computer!

I noticed you've already started a topic about this problem at malwareremoval.com: http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=58796. Please wait until you'll receive help there.

I'm closing this topic, because two different sites can give conflicting advice, which makes it harder for our helpers to provide quality help. :thumbup2:

unite_blue.png

Please post the final results, good or bad. We like to know!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users