WinBlueSoft has me good!

View previous topic View next topic Go down

Re: WinBlueSoft has me good!

Post by Brittman on Wed Jun 03, 2009 10:03 pm

Heres the log:

ComboFix 09-06-03.02 - HP_Owner 06/03/2009 22:39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.154 [GMT -3:00]
Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\LimeWire
c:\program files\LimeWire\#1.m3u
c:\program files\LimeWire\blah.m3u
c:\program files\LimeWire\cory.m3u
c:\program files\LimeWire\donotremove.htm
c:\program files\LimeWire\GenericWindowsUtils.dll
c:\program files\LimeWire\hashes
c:\program files\LimeWire\hs_err_pid1732.log
c:\program files\LimeWire\hs_err_pid1788.log
c:\program files\LimeWire\hs_err_pid2464.log
c:\program files\LimeWire\i18n.jar
c:\program files\LimeWire\jl011.jar
c:\program files\LimeWire\LimeWire20.dll
c:\program files\LimeWire\log4j.properties
c:\program files\LimeWire\logicrypto.jar
c:\program files\LimeWire\matt.m3u
c:\program files\LimeWire\MessagesBundle.properties
c:\program files\LimeWire\MessagesBundles.jar
c:\program files\LimeWire\mp3sp14.jar
c:\program files\LimeWire\tasha.m3u
c:\program files\LimeWire\unpackedJars.tmp
c:\program files\LimeWire\update.ver
c:\program files\LimeWire\vorbis.jar
c:\program files\LimeWire\WindowsFirewall.dll
c:\program files\LimeWire\xerces.jar
c:\program files\LimeWire\xml-apis.jar
c:\program files\LimeWire\xml.war
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
c:\program files\WinBlueSoft Software
c:\program files\WinBlueSoft Software\WinBlueSoft\data.bin
c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-03 04:52 . 2009-06-03 04:52 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2098-01-01 04:00 . 2008-01-05 00:49 9096 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\LUTPReg.dll
2098-01-01 04:00 . 2007-08-25 03:51 9584 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\IV20.dll
2098-01-01 04:00 . 2007-08-22 21:45 9048 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\FWLUReg.dll
2009-06-04 01:13 . 2007-06-01 14:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-04 00:08 . 2009-01-21 22:44 -------- d-----w- c:\program files\Lx_cats
2009-06-03 21:26 . 2005-08-30 20:48 -------- d-----w- c:\program files\Java
2009-06-03 20:35 . 2007-06-29 16:40 -------- d-----w- c:\program files\Burger Rush
2009-06-03 03:07 . 2009-02-01 18:52 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\uTorrent
2009-05-26 19:46 . 2005-08-30 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-18 11:28 . 2008-09-30 20:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-19 10:19 . 2007-09-07 13:06 -------- d-----w- c:\program files\Ricochet Xtreme
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
2006-05-22 22:52 . 2006-05-22 22:53 774144 -c--a-w- c:\program files\RngInterstitial.dll
2008-04-09 21:51 . 2008-02-05 00:14 88 --sh--r- c:\windows\system32\1837B5E298.sys
2008-04-09 21:52 . 2008-02-05 00:14 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-25 714608]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Net Assistant.lnk - c:\program files\Aliant\Net Assistant\bin\matcli.exe [2007-5-4 212992]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/25/2007 2:07 AM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/28/2009 10:24 PM 101936]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 5:55 PM 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-06-01 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {61A54BB0-F380-446F-8727-9AEA23711471} - [You must be registered and logged in to see this link.]
DPF: {65E8E2DC-186A-4AAC-9E56-FDC683055A9E} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-03 22:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-04 22:46
ComboFix-quarantined-files.txt 2009-06-04 01:46
ComboFix2.txt 2009-06-03 22:36

Pre-Run: 64,395,100,160 bytes free
Post-Run: 64,372,649,984 bytes free

162 --- E O F --- 2009-05-13 06:04

Brittman
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27475
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft has me good!

Post by Brittman on Wed Jun 03, 2009 10:07 pm

Thanks for all the help so far! U been Awesome

Brittman
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27475
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft has me good!

Post by Origin on Wed Jun 03, 2009 11:34 pm

Now open a new notepad file.
Input this into the notepad file:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.




Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft has me good!

Post by Brittman on Wed Jun 03, 2009 11:58 pm

Thanks a ton! Here is the latest Combofix log:

ComboFix 09-06-03.04 - HP_Owner 06/04/2009 0:47.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.323 [GMT -3:00]
Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-03 04:52 . 2009-06-03 04:52 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2098-01-01 04:00 . 2008-01-05 00:49 9096 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\LUTPReg.dll
2098-01-01 04:00 . 2007-08-25 03:51 9584 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\IV20.dll
2098-01-01 04:00 . 2007-08-22 21:45 9048 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\FWLUReg.dll
2009-06-04 01:57 . 2009-01-21 22:44 -------- d-----w- c:\program files\Lx_cats
2009-06-04 01:56 . 2007-06-01 14:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-03 21:26 . 2005-08-30 20:48 -------- d-----w- c:\program files\Java
2009-06-03 20:35 . 2007-06-29 16:40 -------- d-----w- c:\program files\Burger Rush
2009-06-03 03:07 . 2009-02-01 18:52 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\uTorrent
2009-05-26 19:46 . 2005-08-30 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-18 11:28 . 2008-09-30 20:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-19 10:19 . 2007-09-07 13:06 -------- d-----w- c:\program files\Ricochet Xtreme
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
2006-05-22 22:52 . 2006-05-22 22:53 774144 -c--a-w- c:\program files\RngInterstitial.dll
2008-04-09 21:51 . 2008-02-05 00:14 88 --sh--r- c:\windows\system32\1837B5E298.sys
2008-04-09 21:52 . 2008-02-05 00:14 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-25 714608]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Net Assistant.lnk - c:\program files\Aliant\Net Assistant\bin\matcli.exe [2007-5-4 212992]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/25/2007 2:07 AM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/28/2009 10:24 PM 101936]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 5:55 PM 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-06-01 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {61A54BB0-F380-446F-8727-9AEA23711471} - [You must be registered and logged in to see this link.]
DPF: {65E8E2DC-186A-4AAC-9E56-FDC683055A9E} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-04 00:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-04 0:54
ComboFix-quarantined-files.txt 2009-06-04 03:54
ComboFix2.txt 2009-06-04 01:46
ComboFix3.txt 2009-06-03 22:36

Pre-Run: 64,336,015,360 bytes free
Post-Run: 64,362,426,368 bytes free

122 --- E O F --- 2009-05-13 06:04

Brittman
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27475
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft has me good!

Post by Origin on Thu Jun 04, 2009 12:02 am

Hello can you post the malwarebytes log as well please.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft has me good!

Post by Brittman on Thu Jun 04, 2009 12:13 am

Here it is, i just got done rebooting.

Malwarebytes' Anti-Malware 1.37
Database version: 2227
Windows 5.1.2600 Service Pack 3

6/4/2009 1:06:35 AM
mbam-log-2009-06-04 (01-06-35).txt

Scan type: Quick Scan
Objects scanned: 88916
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 68

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinBlueSoft (Rogue.WinBlue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinBlueSoft (Rogue.WinBlue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Registry Backups (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\spywarebot\Log\log_2006_07_23_12_35_48.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2006_07_23_12_35_49.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2006_07_23_13_11_46.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2006_07_25_00_01_36.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2006_07_25_04_08_44.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2006_07_25_12_16_26.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2006_08_08_10_42_51.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2006_08_09_05_42_24.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2006_08_10_16_17_03.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_04_30_16_29_21.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_05_01_17_15_28.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_05_04_17_47_23.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_05_04_19_55_17.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_05_04_20_35_02.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_05_05_08_06_07.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_05_05_11_20_25.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_05_06_13_02_34.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_05_09_07_59_48.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_05_13_09_23_35.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_05_23_03_32_24.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_05_31_20_30_38.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_06_01_11_10_41.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_06_01_11_38_16.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_06_01_11_44_36.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_06_01_12_16_26.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_06_01_14_26_22.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_06_01_23_57_56.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_06_09_02_17_08.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_06_13_03_10_05.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_07_04_11_41_55.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_07_11_03_12_13.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_07_29_20_36_52.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_07_29_20_44_36.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_08_04_15_41_35.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_08_05_00_39_39.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_08_09_11_14_54.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_08_16_03_12_04.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_08_19_17_56_36.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_09_15_19_58_59.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_09_19_19_04_36.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_10_11_03_10_27.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_10_24_10_47_14.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_10_25_18_52_03.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_10_29_23_08_26.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_02_20_44_42.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_02_21_10_42.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_02_21_39_28.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_04_04_35_38.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_04_04_37_09.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_06_23_43_55.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_06_23_52_06.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_13_11_02_32.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_14_03_09_18.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_16_09_42_16.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_16_19_35_14.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_16_19_52_15.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_16_20_26_34.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_17_10_52_37.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_21_19_30_01.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_11_28_16_13_39.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_12_06_10_11_56.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Log\log_2007_12_12_03_12_37.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Settings\CustomScan.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Settings\IgnoreList.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Settings\ScanInfo.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Settings\ScanResults.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Settings\SelectedFolders.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\program files\spywarebot\Settings\Settings.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.

Brittman
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27475
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft has me good!

Post by Origin on Thu Jun 04, 2009 12:19 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft has me good!

Post by Brittman on Thu Jun 04, 2009 7:25 am

Seems to be running better then before then before. Thank you very much, your help is greatly appreciated! Dont know what i would of done with out it!

Brittman
Novice
Novice

Posts Posts : 23
Joined Joined : 2009-06-03
OS OS : xp
Points Points : 27475
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum