Winbluesoft Blues!

View previous topic View next topic Go down

Winbluesoft Blues!

Post by hms1018 on Wed Jun 17, 2009 12:16 am

I downloaded the mbam.exe installed it and nothing happens! I looked into my files and there is nothing in here with winbluesoft or any of it properties(blocker.dll). HELP1 Evil or enraged Evil or enraged Evil or enraged
I also tried hijackthis and still nothing!


Last edited by hms1018 on Wed Jun 17, 2009 12:50 am; edited 1 time in total (Reason for editing : add more details)

hms1018
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-06-17
OS OS : windows xp
Points Points : 27275
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Winbluesoft Blues!

Post by Belahzur on Wed Jun 17, 2009 12:25 pm

Are you able to post a Hijack This log? renamed Hijack This?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Winbluesoft Blues!

Post by hms1018 on Fri Jun 19, 2009 12:57 am

It won't let me do anything. Yesterday I was so lost because it would not even let me get online

hms1018
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-06-17
OS OS : windows xp
Points Points : 27275
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Winbluesoft Blues!

Post by Belahzur on Fri Jun 19, 2009 8:12 am


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Winbluesoft Blues!

Post by hms1018 on Mon Jun 22, 2009 7:13 am

GMER 1.0.15.14972 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-22 02:42:40
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 3:12:42.85 on Mon 06/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.2216 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\ecsxpv_5902_012208\wdm\STacSV.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uLocal Page = \blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {245B7ED9-1C7D-49D4-8B0A-583F4E07AF7E} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SSBkgdUpdate] c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe -Embedding -boot
mRun: [GroupManager] c:\program files\avg\groupmanager.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-424ub\WlanCU.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 0 (0x0)
mPolicies-explorer: Start_ShowMyComputer = 1 (0x1)
mPolicies-explorer: Start_ShowMyDocs = 1 (0x1)
mPolicies-explorer: Start_ShowMyMusic = 0 (0x0)
mPolicies-explorer: Start_ShowRun = 1 (0x1)
mPolicies-explorer: Start_ShowSearch = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\prio.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {832da05d-a0fd-4992-9921-f47ef7cc2e42} - No File
SEH: {506f066c-1f56-4e2b-bf7a-1e66b0240d79} - No File
SEH: {a77a09bd-3f78-45ca-9aba-5465c5d82beb} - No File
SEH: {53a9d795-c85e-4922-92ee-05ce3efa43a6} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\t2bngz55.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071500000347.dll
FF - HiddenExtension: XUL Cache: {A5BE9689-2ABA-47DF-A65C-93F2C8A3BB46} - c:\documents and settings\administrator\local settings\application data\{A5BE9689-2ABA-47DF-A65C-93F2C8A3BB46}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-15 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-15 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-15 108552]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-5-3 14336]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-15 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-15 298776]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-5-26 14976]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2009-4-6 264576]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2002-10-2 13532]
S2 STOPzilla Local Service;STOPzilla Local Service;c:\program files\stopzilla!\szntsvc.exe /service "stopzilla local service" --> c:\program files\stopzilla!\szntsvc.exe [?]

=============== Created Last 30 ================

2009-06-22 02:37 --d----- c:\windows\system32\xircom
2009-06-22 02:37 --d----- c:\windows\system32\wbem\snmp
2009-06-22 02:32 a-dshr-- C:\cmdcons
2009-06-22 02:31 161,792 a------- c:\windows\SWREG.exe
2009-06-22 02:31 155,136 a------- c:\windows\PEV.exe
2009-06-22 02:31 98,816 a------- c:\windows\sed.exe
2009-06-18 20:48 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-18 20:48 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-18 20:48 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 20:48 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-18 00:27 552 a------- c:\windows\system32\d3d8caps.dat
2009-06-16 20:34 --d----- c:\program files\Trend Micro
2009-06-16 19:53 --d----- c:\program files\NoAdware
2009-06-16 19:08 --d----- c:\program files\STOPzilla!
2009-06-15 21:20 --d-h--- C:\$AVG8.VAULT$
2009-06-15 21:08 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-15 21:08 --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-06-15 19:04 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-15 19:04 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-15 19:04 --d----- c:\windows\system32\drivers\Avg
2009-06-15 19:04 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-06-15 13:17 --d----- c:\program files\AVG
2009-06-11 01:12 58 a------- c:\windows\TUTORI~1.INI
2009-06-11 00:24 1,514 a------- c:\docume~1\admini~1\applic~1\SAS7_000.DAT
2009-06-10 14:23 0 a------- c:\windows\plclient.INI
2009-06-10 14:21 --d----- c:\program files\common files\Scansoft Shared
2009-06-10 14:21 --d----- c:\program files\Nuance
2009-06-10 14:13 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-06-10 14:13 --d----- c:\program files\MagicDisc
2009-06-10 13:41 --d----- c:\program files\MagicISO
2009-06-04 12:22 --d----- C:\cabs
2009-06-04 11:04 --d----- c:\program files\iPod
2009-06-04 11:04 --d----- c:\program files\iTunes
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-26 14:53 14,976 a------- c:\windows\system32\drivers\SBKUPNT.SYS
2009-05-26 14:53 13,312 a------- c:\windows\system32\DEVLOAD.EXE
2009-05-26 14:53 543 a------- c:\windows\SWISV3.INI
2009-05-26 14:53 344 a------- c:\windows\DYNASN.INF
2009-05-26 14:53 --d----- C:\SWISNIFE
2009-05-26 14:53 287 a------- c:\windows\SKNIFE.INI
2009-05-26 14:53 2,799 a------- c:\windows\SKLANG.INI
2009-05-26 14:53 306,688 a------- c:\windows\IsUninst.exe
2009-05-26 11:49 --d----- c:\windows\system32\NtmsData

==================== Find3M ====================

2009-05-18 13:54 737,280 a------- c:\windows\iun6002.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-03 15:42 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 17:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 17:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 17:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 17:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 44,544 -------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 16:06 73,216 a------- c:\windows\cadkasdeinst01e.exe
2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-07 21:18 86,327 ac------ c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-06 20:12 62,633 ac------ c:\windows\prio197uninstall.exe
2009-04-06 20:08 21,640 ac------ c:\windows\system32\emptyregdb.dat

============= FINISH: 3:12:49.89 ===============

hms1018
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-06-17
OS OS : windows xp
Points Points : 27275
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Winbluesoft Blues!

Post by Belahzur on Mon Jun 22, 2009 12:43 pm

Hello.
See if this will run.

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Please double-click GooredFix.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum