Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis Log, check please?


  • This topic is locked This topic is locked
28 replies to this topic

#1 chubbyc

chubbyc

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 19 November 2010 - 09:05 PM

Computer is slow, sometimes delays with a black screen, and most importantly - every now and then the screen sort of fades its colors/contrast to more neon-esque brightness, then fades back after less than a minute. Weird? This computer is brand-freakin' new! Windows 7. Anyway, here's my hijackthis logfile. Thanks for the help!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:54:25 PM, on 11/19/2010
Platform: Windows 7 (WinNT
MSIE: Internet Explorer v8.00
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Intel® Sample Collector (SampleCollector) - Sony of America Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15577 bytes

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:40 AM

Posted 29 November 2010 - 03:20 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 chubbyc

chubbyc
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 03 December 2010 - 03:58 PM

Okay, here is the DDS txt and Attach zip as requested. My computer keeps getting slower with more lag, I don't know what's going on. Videos keep getting slower, my typing lags almost every time Iam typing something (even now). Thanks for the help.

By the way, in previous virus scans I found the following -

Hijack.shell
some general trojans Trogan.Dropper.gen

They've been "cleaned" now

Attached Files



#4 chubbyc

chubbyc
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 10 December 2010 - 11:53 PM

Here is the GMER log

Note - before scanning, the only items that were available for checking were Services, Registry and Files. Everything else - Devices, Modules, Processes etc was grayed out.

Attached Files



#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:40 AM

Posted 12 December 2010 - 01:52 PM

Hello and my apologies for the delay.

First of all, it is possible this is not malware related but a hardware problem (although, since you mentioned the computer is new, the chance of that seems small).

However, lets first rule out malware.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.Link 1
Link 2
Link 3
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:40 AM

Posted 17 December 2010 - 08:01 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 chubbyc

chubbyc
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 20 December 2010 - 11:33 PM

Hi, I'm sorry I didn't get a notification of a response. Here is the MBR log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: INSYDE
System Manufacturer: Sony Corporation
System Product Name: VPCY2190X
Logical Drives Mask: 0x00000004

Kernel Drivers (total 189):
0x02C05000 \SystemRoot\system32\ntoskrnl.exe
0x031E2000 \SystemRoot\system32\hal.dll
0x00BB4000 \SystemRoot\system32\kdcom.dll
0x00CBA000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CFE000 \SystemRoot\system32\PSHED.dll
0x00D12000 \SystemRoot\system32\CLFS.SYS
0x00EB6000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F76000 \SystemRoot\system32\drivers\ACPI.sys
0x00FCD000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FD6000 \SystemRoot\system32\drivers\msisadrv.sys
0x00D70000 \SystemRoot\system32\drivers\pci.sys
0x00FE0000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00DA3000 \SystemRoot\System32\drivers\partmgr.sys
0x00FED000 \SystemRoot\system32\drivers\compbatt.sys
0x00DB8000 \SystemRoot\system32\drivers\BATTC.SYS
0x00DC4000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x01015000 \SystemRoot\system32\drivers\iaStor.sys
0x0121D000 \SystemRoot\system32\drivers\atapi.sys
0x01226000 \SystemRoot\system32\drivers\ataport.SYS
0x01250000 \SystemRoot\system32\drivers\amdxata.sys
0x0125B000 \SystemRoot\system32\drivers\fltmgr.sys
0x012A7000 \SystemRoot\system32\drivers\fileinfo.sys
0x012BB000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x012D0000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01421000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012DC000 \SystemRoot\System32\Drivers\msrpc.sys
0x015C4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0133A000 \SystemRoot\System32\Drivers\cng.sys
0x015DE000 \SystemRoot\System32\drivers\pcw.sys
0x015EF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01645000 \SystemRoot\system32\drivers\ndis.sys
0x01737000 \SystemRoot\system32\drivers\NETIO.SYS
0x01797000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x013AD000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A35000 \SystemRoot\system32\drivers\volsnap.sys
0x01A81000 \SystemRoot\System32\Drivers\spldr.sys
0x01A89000 \SystemRoot\System32\drivers\rdyboost.sys
0x01AC3000 \SystemRoot\System32\Drivers\mup.sys
0x01AD5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01ADE000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B18000 \SystemRoot\system32\drivers\disk.sys
0x01B2E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x042CA000 \SystemRoot\System32\Drivers\Null.SYS
0x042D3000 \SystemRoot\System32\Drivers\Beep.SYS
0x042DA000 \SystemRoot\System32\drivers\vga.sys
0x042E8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0430D000 \SystemRoot\System32\drivers\watchdog.sys
0x0431D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04326000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0432F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04338000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04343000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04354000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04372000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04000000 \SystemRoot\system32\drivers\afd.sys
0x0437F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x043C4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x043CD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0408A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x040A0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01B6C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01B87000 \SystemRoot\system32\drivers\termdd.sys
0x01B9B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x043F3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01BEC000 \SystemRoot\system32\drivers\mssmbios.sys
0x01A00000 \SystemRoot\System32\drivers\discache.sys
0x01A0F000 \SystemRoot\System32\Drivers\dfsc.sys
0x017C2000 \SystemRoot\system32\drivers\blbdrive.sys
0x017D3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A25000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02E17000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02F0B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x02F51000 \SystemRoot\system32\drivers\HECIx64.sys
0x02F62000 \SystemRoot\system32\drivers\usbehci.sys
0x02F73000 \SystemRoot\system32\drivers\USBPORT.SYS
0x02FC9000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0444D000 \SystemRoot\system32\DRIVERS\athrx.sys
0x045D1000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x045DE000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x04400000 \SystemRoot\system32\drivers\rimssne64.sys
0x01600000 \SystemRoot\system32\drivers\1394ohci.sys
0x04420000 \SystemRoot\system32\drivers\risdsne64.sys
0x02E00000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x04439000 \SystemRoot\system32\drivers\CmBatt.sys
0x04A00000 \SystemRoot\system32\drivers\i8042prt.sys
0x0443E000 \SystemRoot\system32\drivers\kbdclass.sys
0x058F3000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05945000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05947000 \SystemRoot\system32\drivers\mouclass.sys
0x05956000 \SystemRoot\system32\drivers\SFEP.sys
0x05959000 \SystemRoot\system32\drivers\Impcd.sys
0x05980000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05996000 \SystemRoot\system32\drivers\wmiacpi.sys
0x0599F000 \SystemRoot\system32\drivers\CompositeBus.sys
0x059AF000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x059C5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x059E9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05800000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0582F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0584A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0586B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05885000 \SystemRoot\system32\drivers\swenum.sys
0x05887000 \SystemRoot\system32\drivers\ks.sys
0x058CA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05A36000 \SystemRoot\system32\drivers\usbhub.sys
0x05A90000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x066F9000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06922000 \SystemRoot\system32\drivers\portcls.sys
0x0695F000 \SystemRoot\system32\drivers\drmk.sys
0x06981000 \SystemRoot\system32\drivers\ksthunk.sys
0x06987000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x069CE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06600000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0662E000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x06638000 \SystemRoot\System32\Drivers\crashdmp.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x06646000 \SystemRoot\System32\drivers\Dxapi.sys
0x040AF000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x06652000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06665000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00460000 \SystemRoot\System32\TSDDD.dll
0x007A0000 \SystemRoot\System32\cdd.dll
0x06673000 \SystemRoot\system32\drivers\luafv.sys
0x06696000 \SystemRoot\system32\drivers\WudfPf.sys
0x066B7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05AA5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x066CC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x066DF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05AF8000 \SystemRoot\system32\drivers\HTTP.sys
0x05BC0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05BDE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05A00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02AAB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02AF8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02B1B000 \SystemRoot\system32\drivers\peauth.sys
0x02BC1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02BCC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02A00000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02A12000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04828000 \SystemRoot\System32\DRIVERS\srv.sys
0x0493F000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x008F0000 \SystemRoot\System32\ATMFD.DLL
0x04951000 \SystemRoot\System32\Drivers\fastfat.SYS
0x048F1000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
0x77400000 \Windows\System32\ntdll.dll
0x47C80000 \Windows\System32\smss.exe
0xFF720000 \Windows\System32\apisetschema.dll
0xFF7F0000 \Windows\System32\autochk.exe
0xFF700000 \Windows\System32\nsi.dll
0x775D0000 \Windows\System32\psapi.dll
0xFF690000 \Windows\System32\gdi32.dll
0x775C0000 \Windows\System32\normaliz.dll
0xFF670000 \Windows\System32\imagehlp.dll
0xFF540000 \Windows\System32\rpcrt4.dll
0xFF4A0000 \Windows\System32\msvcrt.dll
0xFF480000 \Windows\System32\sechost.dll
0xFF3E0000 \Windows\System32\clbcatq.dll
0xFF3B0000 \Windows\System32\imm32.dll
0xFF360000 \Windows\System32\ws2_32.dll
0xFE5D0000 \Windows\System32\shell32.dll
0xFE5C0000 \Windows\System32\lpk.dll
0xFE4F0000 \Windows\System32\usp10.dll
0xFE3C0000 \Windows\System32\wininet.dll
0xFE320000 \Windows\System32\comdlg32.dll
0xFE0C0000 \Windows\System32\iertutil.dll
0xFE040000 \Windows\System32\difxapi.dll
0xFDF30000 \Windows\System32\msctf.dll
0xFDD20000 \Windows\System32\ole32.dll
0xFDBA0000 \Windows\System32\urlmon.dll
0xFDB20000 \Windows\System32\shlwapi.dll
0x772E0000 \Windows\System32\kernel32.dll
0xFD940000 \Windows\System32\setupapi.dll
0xFD860000 \Windows\System32\oleaut32.dll
0xFD810000 \Windows\System32\Wldap32.dll
0xFD730000 \Windows\System32\advapi32.dll
0x771E0000 \Windows\System32\user32.dll
0xFD690000 \Windows\System32\comctl32.dll
0xFD670000 \Windows\System32\devobj.dll
0xFD630000 \Windows\System32\cfgmgr32.dll
0xFD5F0000 \Windows\System32\wintrust.dll
0xFD480000 \Windows\System32\crypt32.dll
0xFD410000 \Windows\System32\KernelBase.dll
0xFD400000 \Windows\System32\msasn1.dll
0x76A30000 \Windows\SysWOW64\normaliz.dll

Processes (total 88):
0 System Idle Process
4 System
308 C:\Windows\System32\smss.exe
484 csrss.exe
544 C:\Windows\System32\wininit.exe
576 csrss.exe
608 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
736 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\svchost.exe
868 C:\Windows\System32\winlogon.exe
888 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
488 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\spoolsv.exe
1372 C:\Windows\System32\svchost.exe
1492 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1552 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
1596 C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
1808 C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
1832 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1852 C:\Windows\System32\svchost.exe
1880 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
1964 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
2016 C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
1140 C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
1688 dllhost.exe
2056 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
2564 C:\Windows\System32\taskhost.exe
2764 C:\Windows\System32\dwm.exe
2800 C:\Windows\explorer.exe
2868 C:\Windows\System32\taskeng.exe
2984 C:\Program Files\Sony\VAIO Care\VCSpt.exe
3004 C:\Windows\System32\taskeng.exe
3024 C:\Windows\System32\svchost.exe
2340 C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
2320 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
2760 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
2948 WmiPrvSE.exe
3104 C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
3352 C:\Windows\System32\igfxtray.exe
3364 C:\Windows\System32\hkcmd.exe
3380 C:\Windows\System32\igfxpers.exe
3440 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3556 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3632 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3716 C:\Windows\SysWOW64\rundll32.exe
3808 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
3824 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3852 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3936 C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
3944 C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
2952 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3316 C:\Windows\System32\SearchIndexer.exe
2900 C:\Program Files\Sony\VAIO Care\VCsystray.exe
4176 C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
4272 C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
4296 C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
4804 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
5108 C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
3400 C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe
2300 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
4620 C:\Windows\System32\vds.exe
1176 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
4020 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
4800 C:\Windows\System32\svchost.exe
1788 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
4892 C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
3000 C:\Windows\System32\taskhost.exe
4056 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
1344 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
8548 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
9564 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
9720 unsecapp.exe
8032 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
8852 C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
7164 C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
10724 C:\Users\Carolyn\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
10716 C:\Windows\System32\SearchProtocolHost.exe
10740 C:\Windows\System32\SearchFilterHost.exe
10552 C:\Windows\System32\audiodg.exe
9680 dllhost.exe
9232 dllhost.exe
10168 C:\Users\Carolyn\Downloads\MBRCheck.exe
10820 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`28e00000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM321HI, Rev: 2AJ100P5

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:40 AM

Posted 21 December 2010 - 04:07 PM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 chubbyc

chubbyc
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 21 December 2010 - 07:44 PM

When I download this it tells me it's a corrupt file download and I need to get a fresh copy, then I downloaded it from another source and it won't open. What should I do?

#10 chubbyc

chubbyc
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 21 December 2010 - 07:48 PM

Tried to open another version, it had a popup that said, ALERT!! ...this package has been compromised, you may have the virus "Viru" ??

Great...

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:40 AM

Posted 22 December 2010 - 06:46 AM

That would be bad news, but lets see if we can confirm it.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  • Push the Posted Image button.
  • Push Posted Image

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 chubbyc

chubbyc
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 23 December 2010 - 04:08 PM

C:\Users\Carolyn\AppData\Local\Temp\plugtmp-4\plugin-lib.pdf PDF/Exploit.Pidief.PEP trojan cleaned by deleting - quarantined

Infected with 1 item (above)

What next?

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:40 AM

Posted 23 December 2010 - 04:55 PM

Try to reboot in safe mode with networking and download combofix from there. See if it runs now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 chubbyc

chubbyc
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 23 December 2010 - 11:24 PM

ComboFix 10-12-23.03 - Carolyn 12/23/2010 19:50:43.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3766.2132 [GMT -8:00]
Running from: c:\users\Carolyn\Downloads\ComboFix.exe
Command switches used :: log
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://ddnidownloads2.net
.
((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-24 03:56 . 2010-12-24 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-23 09:38 . 2010-12-23 09:38 -------- d-----w- c:\program files (x86)\ESET
2010-12-15 04:52 . 2010-12-15 04:52 -------- d-----w- c:\users\Carolyn\AppData\Roaming\com.AccuWeather.sony.6AF67E59E785A9A644FCA43BED05A7731922EF40.1
2010-11-27 00:02 . 2010-11-27 00:02 -------- dc----w- c:\windows\system32\DRVSTORE
2010-11-27 00:02 . 2010-09-23 07:46 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-27 00:01 . 2010-11-27 00:01 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-26 23:54 . 2010-11-26 23:54 -------- d-----w- c:\users\Carolyn\AppData\Local\Sunbelt Software
2010-11-26 23:53 . 2010-11-26 23:53 -------- dc-h--w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-26 23:53 . 2010-11-27 00:01 -------- d-----w- c:\programdata\Lavasoft
2010-11-26 23:53 . 2010-11-26 23:53 -------- d-----w- c:\program files (x86)\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 02:09 . 2010-10-23 05:23 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2010-10-23 05:23 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-20 01:50 . 2010-11-20 01:50 388096 ----a-r- c:\users\Carolyn\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-19 08:22 . 2010-10-19 08:22 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2010-10-19 08:22 . 2010-10-19 08:22 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2010-10-19 08:22 . 2010-10-19 08:22 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2010-10-19 08:22 . 2010-10-19 08:22 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2010-10-19 08:22 . 2010-10-19 08:22 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2010-10-19 08:22 . 2010-10-19 08:22 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2010-10-19 08:11 . 2010-10-19 08:11 411368 ----a-w- c:\windows\SysWow64\deploytk.dll
2010-10-19 08:10 . 2010-10-19 08:10 455680 ----a-w- c:\windows\system32\deploytk.dll
2010-10-18 16:41 . 2010-10-23 02:51 8006480 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8FB0195-33B1-45A1-8410-CB7637A9223A}\mpengine.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-24_03.38.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2010-12-24 03:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2010-12-24 03:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2010-12-24 03:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-24 03:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-24 03:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-24 03:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-21 19:09 . 2010-12-24 03:44 30842 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2010-12-24 03:44 32896 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-19 07:34 . 2010-12-24 03:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-19 07:34 . 2010-12-24 03:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-19 07:34 . 2010-12-24 03:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-19 07:34 . 2010-12-24 03:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-24 03:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-24 03:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-22 18:43 . 2010-12-24 03:44 5712 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-838787620-1844875870-1395159838-1004_UserData.bin
- 2010-12-24 03:26 . 2010-12-24 03:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-24 03:42 . 2010-12-24 03:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-24 03:42 . 2010-12-24 03:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-24 03:26 . 2010-12-24 03:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2010-12-24 03:31 680672 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2010-12-24 03:46 680672 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2010-12-24 03:46 127624 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2010-12-24 03:31 127624 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2010-12-24 03:22 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2010-12-24 03:43 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-23 136176]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-12 14940040]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-22 640440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-01-20 82944]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-22 597792]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-11-27 1375992]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-18 6402560]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-18 188928]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-04-09 334888]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-09 39464]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 51445112]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-12-23 168448]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-20 115568]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 69152]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-25 46080]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-04-09 93184]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-04-09 77312]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-04-12 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-04-09 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-19 75304]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-12-17 12032]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 302448]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-01-22 1203568]


--- Other Services/Drivers In Memory ---

*Deregistered* - Lavasoft Kernexplorer
.
Contents of the 'Scheduled Tasks' folder

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 08:07]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 08:07]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-838787620-1844875870-1395159838-1004Core.job
- c:\users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 00:50]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-838787620-1844875870-1395159838-1004UA.job
- c:\users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 00:50]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-09 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-09 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-09 411672]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-17 10060320]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Carolyn\AppData\Roaming\Mozilla\Firefox\Profiles\se17zkjg.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-23 20:00:08
ComboFix-quarantined-files.txt 2010-12-24 04:00
ComboFix2.txt 2010-12-24 03:40

Pre-Run: 262,638,645,248 bytes free
Post-Run: 262,350,262,272 bytes free

- - End Of File - - A56F74DA808A63F2DE0C71F2162A738E

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:40 AM

Posted 24 December 2010 - 12:30 PM

Luckily no Virut there. How are things running now?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users