Steelhead99
Posts: 52 +0
Windows 7 and I browse with Firefox
IE pops up on its own (always with links to Blinx.com in search bar)
Here are logs ...
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8165
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
11/15/2011 3:35:52 AM
mbam-log-2011-11-15 (03-35-52).txt
Scan type: Quick scan
Objects scanned: 171668
Time elapsed: 4 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\programdata\googleservicemanager.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
c:\Users\Author01\AppData\Local\Adobe\adobeupdate\Adobeup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
c:\Users\Author01\AppData\Local\Audible\audibleupdate\audibleup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleServiceManager (Trojan.SHarpro.PGen) -> Value: GoogleServiceManager -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Intel Update (Trojan.SHarpro.PGen) -> Value: Intel Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FreeTime Update (Trojan.SHarpro.PGen) -> Value: FreeTime Update -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Author01\AppData\Local\Temp\thpm8881151323199586574.tmp (Trojan.Exploit.Drop.THPM) -> Quarantined and deleted successfully.
c:\programdata\googleservicemanager.dll (Trojan.SHarpro.PGen) -> Quarantined and deleted successfully.
c:\Users\Author01\AppData\Local\Adobe\adobeupdate\Adobeup.dll (Trojan.SHarpro.PGen) -> Quarantined and deleted successfully.
c:\Users\Author01\AppData\Local\Audible\audibleupdate\audibleup.dll (Trojan.SHarpro.PGen) -> Quarantined and deleted successfully.
GMER Log
Said nothing found & was empty
No DDS log found
ATTACHLog
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/17/2011 7:57:36 PM
System Uptime: 11/15/2011 3:39:52 AM (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz | N/A | 2000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 369.034 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: pcouffin device ...
Device ID: ROOT\PCOUFFIN\0000
Manufacturer:
Name: pcouffin device ...
PNP Device ID: ROOT\PCOUFFIN\0000
Service:
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\7&243320B0&0&1
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\7&243320B0&0&1
Service:
.
==== System Restore Points ===================
.
RP31: 10/25/2011 7:39:35 AM - Windows Update
RP32: 10/28/2011 9:28:40 PM - Windows Update
RP33: 10/31/2011 10:48:46 PM - Windows Update
RP34: 11/4/2011 1:11:38 PM - Windows Update
RP35: 11/7/2011 9:23:20 PM - Windows Update
RP36: 11/8/2011 3:17:33 PM - Installed iSpy
RP37: 11/12/2011 2:20:33 AM - Windows Update
RP38: 11/15/2011 4:47:02 AM - Removed iSpy
RP39: 11/15/2011 4:48:05 AM - Removed iSpy
.
==== Installed Programs ======================
.
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X MUI
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
Audacity 1.3.13 (Unicode)
AudibleManager
Bing Bar
BufferChm
Copy
Coupon Printer for Windows
D3DX10
Destinations
DeviceDiscovery
DJ_AIO_06_F4500_SW_MIN
Dragon NaturallySpeaking 10
Dropbox
DVDFab 6.0.7.0 (18/09/2009)
F4500
Facebook Video Calling 1.0.0.8953
FormatFactory 2.70
Free NaturalReader
Google Talk Plugin
GPBaseService2
HP Photo Creations
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
KateVoice
Malwarebytes' Anti-Malware version 1.51.2.1300
ManyCam 2.5.74 (remove only)
MarketResearch
Mesh Runtime
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Media Video 9 VCM
Mozilla Firefox 6.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
NaturalReader9
Oasis2Service 1.0
OOBE
OpenOffice.org 3.3
OverDrive Media Console
PaulVoice
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation 3
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skype™ 5.6
SmartWebPrinting
SolutionCenter
SSLx86
Status
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO Messenger
VAIO Quick Web Access
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VCCx86
VESx86
VIx86
VWSTx86
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/15/2011 4:04:28 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
11/15/2011 3:45:47 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
11/15/2011 3:40:32 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/13/2011 6:31:09 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
11/13/2011 10:27:04 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JSTRANGES that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4F89A0A7-8023-4E5B-A549-B9565F48266A}. The master browser is stopping or an election is being forced.
11/10/2011 10:05:17 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {10DA4F3C-CC99-4190-BE4D-58330754E882} and APPID {7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
IE pops up on its own (always with links to Blinx.com in search bar)
Here are logs ...
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8165
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
11/15/2011 3:35:52 AM
mbam-log-2011-11-15 (03-35-52).txt
Scan type: Quick scan
Objects scanned: 171668
Time elapsed: 4 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\programdata\googleservicemanager.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
c:\Users\Author01\AppData\Local\Adobe\adobeupdate\Adobeup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
c:\Users\Author01\AppData\Local\Audible\audibleupdate\audibleup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleServiceManager (Trojan.SHarpro.PGen) -> Value: GoogleServiceManager -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Intel Update (Trojan.SHarpro.PGen) -> Value: Intel Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FreeTime Update (Trojan.SHarpro.PGen) -> Value: FreeTime Update -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Author01\AppData\Local\Temp\thpm8881151323199586574.tmp (Trojan.Exploit.Drop.THPM) -> Quarantined and deleted successfully.
c:\programdata\googleservicemanager.dll (Trojan.SHarpro.PGen) -> Quarantined and deleted successfully.
c:\Users\Author01\AppData\Local\Adobe\adobeupdate\Adobeup.dll (Trojan.SHarpro.PGen) -> Quarantined and deleted successfully.
c:\Users\Author01\AppData\Local\Audible\audibleupdate\audibleup.dll (Trojan.SHarpro.PGen) -> Quarantined and deleted successfully.
GMER Log
Said nothing found & was empty
No DDS log found
ATTACHLog
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/17/2011 7:57:36 PM
System Uptime: 11/15/2011 3:39:52 AM (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz | N/A | 2000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 369.034 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: pcouffin device ...
Device ID: ROOT\PCOUFFIN\0000
Manufacturer:
Name: pcouffin device ...
PNP Device ID: ROOT\PCOUFFIN\0000
Service:
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\7&243320B0&0&1
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\7&243320B0&0&1
Service:
.
==== System Restore Points ===================
.
RP31: 10/25/2011 7:39:35 AM - Windows Update
RP32: 10/28/2011 9:28:40 PM - Windows Update
RP33: 10/31/2011 10:48:46 PM - Windows Update
RP34: 11/4/2011 1:11:38 PM - Windows Update
RP35: 11/7/2011 9:23:20 PM - Windows Update
RP36: 11/8/2011 3:17:33 PM - Installed iSpy
RP37: 11/12/2011 2:20:33 AM - Windows Update
RP38: 11/15/2011 4:47:02 AM - Removed iSpy
RP39: 11/15/2011 4:48:05 AM - Removed iSpy
.
==== Installed Programs ======================
.
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X MUI
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
Audacity 1.3.13 (Unicode)
AudibleManager
Bing Bar
BufferChm
Copy
Coupon Printer for Windows
D3DX10
Destinations
DeviceDiscovery
DJ_AIO_06_F4500_SW_MIN
Dragon NaturallySpeaking 10
Dropbox
DVDFab 6.0.7.0 (18/09/2009)
F4500
Facebook Video Calling 1.0.0.8953
FormatFactory 2.70
Free NaturalReader
Google Talk Plugin
GPBaseService2
HP Photo Creations
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
KateVoice
Malwarebytes' Anti-Malware version 1.51.2.1300
ManyCam 2.5.74 (remove only)
MarketResearch
Mesh Runtime
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Media Video 9 VCM
Mozilla Firefox 6.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
NaturalReader9
Oasis2Service 1.0
OOBE
OpenOffice.org 3.3
OverDrive Media Console
PaulVoice
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation 3
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skype™ 5.6
SmartWebPrinting
SolutionCenter
SSLx86
Status
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO Messenger
VAIO Quick Web Access
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VCCx86
VESx86
VIx86
VWSTx86
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/15/2011 4:04:28 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
11/15/2011 3:45:47 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
11/15/2011 3:40:32 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/13/2011 6:31:09 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
11/13/2011 10:27:04 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JSTRANGES that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4F89A0A7-8023-4E5B-A549-B9565F48266A}. The master browser is stopping or an election is being forced.
11/10/2011 10:05:17 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {10DA4F3C-CC99-4190-BE4D-58330754E882} and APPID {7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================