annarie
Solid State Member
- Messages
- 17
- Location
- S. California
Re: Win32/VMalum.FXWU Virus Combo Fix Pt.4
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: att.com\www
Trusted Zone: edeclectic.com\www
Trusted Zone: musicmatch.com\online
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
FF - ProfilePath - c:\documents and settings\Ann Huntoon Gessen\Application Data\Mozilla\Firefox\Profiles\mkod4zf1.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-31 15:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1381341160-4190608193-2972498879-1005\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Param2"=""
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b
[HKEY_USERS\S-1-5-21-1381341160-4190608193-2972498879-1005\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\DesktopAppInstall\oemDesktop3]
"Name"="oemDesktop3"
"DisplayName"="QuickTime Player"
"Param1"="\\EXTRAS\\DESKTOP\\QuickTimePlayer\\QuickTimeInstaller.exe"
"Param2"=""
"Type"="createprocess"
"Order"=dword:00000000
"State"=dword:0000000b
[HKEY_USERS\S-1-5-21-1381341160-4190608193-2972498879-1005\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\DesktopAppInstall\oemDesktop4]
"Name"="oemDesktop4"
"DisplayName"="NotepadSync"
"Param1"="\\EXTRAS\\DESKTOP\\NotePadSync\\NotePadSync.exe"
"Param2"=""
"Type"="createprocess"
"Order"=dword:00000001
"State"=dword:0000000b
[HKEY_USERS\S-1-5-21-1381341160-4190608193-2972498879-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,a7,48,e4,cb,56,fe,49,87,58,9d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,a7,48,e4,cb,56,fe,49,87,58,9d,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4E801B1F-2C34-C71B-55752B4DE71FAE4A}\{6707E13D-DFA5-4083-2A160A7F601D7F5F}\{38345692-AD4C-2D4A-1F4885FC450939AB}*]
"RTPQMSV6Q4TS2B3CLDVTIWDONA1"=hex:01,00,01,00,00,00,00,00,33,75,09,81,20,da,b1,
5d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A8A45CF7-6BE6-B2C1-72491EAB2E9A6B2B}\{B617CAED-A840-2A11-665EBDF0B9E06934}\{20694653-0A9D-BD70-6F24016076B199C3}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,03,37,78,
5d,dd,5d,4c,1a,76,0d,27,21,17,e4,2c,91,24,a7,67,d7,da,76,96,05,3c,ef,fc,f2,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1460)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
- - - - - - - > 'lsass.exe'(1716)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
Completion time: 2009-08-31 16:01
ComboFix-quarantined-files.txt 2009-08-31 23:01
ComboFix2.txt 2009-08-30 02:06
Pre-Run: 74,993,639,424 bytes free
Post-Run: 74,947,837,952 bytes free
580 --- E O F --- 2009-08-30 10:00
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: att.com\www
Trusted Zone: edeclectic.com\www
Trusted Zone: musicmatch.com\online
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
FF - ProfilePath - c:\documents and settings\Ann Huntoon Gessen\Application Data\Mozilla\Firefox\Profiles\mkod4zf1.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-31 15:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1381341160-4190608193-2972498879-1005\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Param2"=""
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b
[HKEY_USERS\S-1-5-21-1381341160-4190608193-2972498879-1005\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\DesktopAppInstall\oemDesktop3]
"Name"="oemDesktop3"
"DisplayName"="QuickTime Player"
"Param1"="\\EXTRAS\\DESKTOP\\QuickTimePlayer\\QuickTimeInstaller.exe"
"Param2"=""
"Type"="createprocess"
"Order"=dword:00000000
"State"=dword:0000000b
[HKEY_USERS\S-1-5-21-1381341160-4190608193-2972498879-1005\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\DesktopAppInstall\oemDesktop4]
"Name"="oemDesktop4"
"DisplayName"="NotepadSync"
"Param1"="\\EXTRAS\\DESKTOP\\NotePadSync\\NotePadSync.exe"
"Param2"=""
"Type"="createprocess"
"Order"=dword:00000001
"State"=dword:0000000b
[HKEY_USERS\S-1-5-21-1381341160-4190608193-2972498879-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,a7,48,e4,cb,56,fe,49,87,58,9d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,a7,48,e4,cb,56,fe,49,87,58,9d,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4E801B1F-2C34-C71B-55752B4DE71FAE4A}\{6707E13D-DFA5-4083-2A160A7F601D7F5F}\{38345692-AD4C-2D4A-1F4885FC450939AB}*]
"RTPQMSV6Q4TS2B3CLDVTIWDONA1"=hex:01,00,01,00,00,00,00,00,33,75,09,81,20,da,b1,
5d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A8A45CF7-6BE6-B2C1-72491EAB2E9A6B2B}\{B617CAED-A840-2A11-665EBDF0B9E06934}\{20694653-0A9D-BD70-6F24016076B199C3}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,03,37,78,
5d,dd,5d,4c,1a,76,0d,27,21,17,e4,2c,91,24,a7,67,d7,da,76,96,05,3c,ef,fc,f2,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1460)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
- - - - - - - > 'lsass.exe'(1716)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
Completion time: 2009-08-31 16:01
ComboFix-quarantined-files.txt 2009-08-31 23:01
ComboFix2.txt 2009-08-30 02:06
Pre-Run: 74,993,639,424 bytes free
Post-Run: 74,947,837,952 bytes free
580 --- E O F --- 2009-08-30 10:00
