Jump to content

Possible Vundo and Win32.Fraudload infections


Recommended Posts

I had a few major problems earlier in the week (credit card info stolen) and at first thought it was from a website I recently bought stuff from as they had a security problem a couple months ago, but I decided to run a scan a couple days ago and got results for both vundo and win32.fraudload. After running spybot S&D it said it could not delete them and it would run again on startup, but upon doing so all results came up clean. The believe I have gotten rid of the Vundo virus, but after reading some symptoms of win32.fraudload I believe it may still be around. Malwarebytes keep blocking a setupd.exe from C:\programfiles\update, a folder that doesn't exist on my computer (I have all hidden folders shown as well) I am also getting occasional re-directs from google search.

The main problem I am having is that all scans with any virus/malware/spyware program I run are coming up 100% clean, but it's obvious that something is still here.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4359

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

7/27/2010 1:27:28 PM

mbam-log-2010-07-27 (13-27-28).txt

Scan type: Full scan (C:\|)

Objects scanned: 356876

Time elapsed: 46 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSX64

Run by PuNK45S at 14:31:41.08 on Tue 07/27/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6142.4258 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\SysWOW64\CSHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\runservice.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\RocketFish\RF5.1\Volume Panel\VolPanlu.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\PuNK45S\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank

mStart Page = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files

(x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files

(x86)\spybot - search & destroy\SDHelper.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [RegistryMechanic] c:\program files (x86)\registry mechanic\RMTray.exe /H

mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [VolPanel] "c:\program files (x86)\rocketfish\rf5.1\volume panel\VolPanlu.exe" /r

mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware

\mbamgui.exe" /starttray

mRun: [sSDMonitor] c:\program files (x86)\common files\pc tools\smonitor\SSDMonitor.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program

files\logitech\setpoint\SetPoint.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:

\program files (x86)\spybot - search & destroy\SDHelper.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files

(x86)\microsoft office\office12\GrooveShellExtensions.dll

TB-X64: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [Cm108Sound] c:\windows\syswow64\rundll32.exe c:\windows

\syswow64\cm108.dll,CMICtrlWnd

mRun-x64: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"

mRun-x64: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software

\LGDCore.exe" /SHOWHIDE

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s

================= FIREFOX ===================

FF - ProfilePath - c:\users\punk45s\appdata\roaming\mozilla\firefox\profiles\1l08jirk.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/\r

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npArtistScope42.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npArtistScopeDRM11.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeploytk.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npnul32.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPOFF12.DLL

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\nppdf32.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\nppl3260.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npqtplugin.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npqtplugin2.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npqtplugin3.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npqtplugin4.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npqtplugin5.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npqtplugin6.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npqtplugin7.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\nprjplug.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\nprpjplug.dll

FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

FF - HiddenExtension: XULRunner: {D43385B6-C296-4F39-8DD5-803ECD874439} - c:\windows

\system32\config\systemprofile\appdata\local\{D43385B6-C296-4F39-8DD5-803ECD874439}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-26 121936]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-6-29 128752]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-26 20048]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-26 61008]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010

-7-26 40384]

R2 CSHelper;CopySafe Helper Service;c:\windows\syswow64\CSHelper.exe [2009-11-19 266240]

R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2010-7-5 2560]

R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe

[2010-7-23 304464]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files

(x86)\common files\pc tools\smonitor\StartManSvc.exe [2010-7-26 632792]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe

[2010-7-26 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe

[2010-7-26 40384]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-17 24664]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-7-20 347680]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows

\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows

\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia

corporation\3d vision\nvscpapisvr.exe --> c:\program files (x86)\nvidia corporation\3d vision

\nvSCPAPISvr.exe [?]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted

[2009-7-13 27136]

S3 SynUSB64;SynUSB64;c:\windows\system32\drivers\synUSB64.sys [2010-5-15 29432]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19

50688]

S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [2009-11-4

1307648]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe

[2010-4-28 1255736]

S4 AODService;AODService;c:\program files (x86)\amd\overdrive\AODAssist.exe [2010-2-22 136544]

S4 Boonty Games;Boonty Games;"c:\program files (x86)\common files\boonty shared\service

\boonty.exe" --> c:\program files (x86)\common files\boonty shared\service\Boonty.exe [?]

S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program

files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-7-22 79360]

=============== Created Last 30 ================

2010-07-26 22:49:37 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-07-26 22:49:20 38848 ----a-w- c:\windows\avastSS.scr

2010-07-26 22:49:19 165032 ----a-w- c:\windows\syswow64\aswBoot.exe

2010-07-26 22:31:30 65536 --sha-w- c:\users\punk45s\NTUSER.DAT{e4cb705f-98ee-

11df-8fa2-00241dd9efb8}.TM.blf

2010-07-26 22:31:30 524288 --sha-w- c:\users\punk45s\NTUSER.DAT{e4cb705f-98ee-

11df-8fa2-00241dd9efb8}.TMContainer00000000000000000002.regtrans-ms

2010-07-26 22:31:30 524288 --sha-w- c:\users\punk45s\NTUSER.DAT{e4cb705f-98ee-

11df-8fa2-00241dd9efb8}.TMContainer00000000000000000001.regtrans-ms

2010-07-26 22:29:35 0 d-----w- c:\users\punk45s\appdata\roaming\Registry

Mechanic

2010-07-26 22:29:31 0 --sha-w- c:\users\punk45s\S-1-5-21-1525205411-

2872682000-3389362796-1001.rrr.LOG2

2010-07-26 22:29:31 0 --sha-w- c:\users\punk45s\S-1-5-21-1525205411-

2872682000-3389362796-1001.rrr.LOG1

2010-07-26 22:26:14 0 d---a-w- c:\programdata\TEMP

2010-07-26 22:25:55 880640 ----a-w- c:\windows\syswow64\UniBox10.ocx

2010-07-26 22:25:55 506368 ----a-w- c:\windows\syswow64\msxml.dll

2010-07-26 22:25:55 212992 ----a-w- c:\windows\syswow64\UniBoxVB12.ocx

2010-07-26 22:25:55 1101824 ----a-w- c:\windows\syswow64\UniBox210.ocx

2010-07-26 22:25:54 0 d-----w- c:\program files (x86)\common files\PC Tools

2010-07-26 20:10:29 0 ----a-w- c:\windows\syswow64\config.nt

2010-07-26 20:09:59 0 d-----w- c:\programdata\Alwil Software

2010-07-26 20:09:59 0 d-----w- c:\program files\Alwil Software

2010-07-26 08:22:27 0 d-----w- c:\program files (x86)\Softwin

2010-07-26 08:18:53 0 d-----w- c:\program files (x86)\Panda Security

2010-07-26 08:16:17 0 d-----w- c:\users\punk45s\appdata\roaming

\SUPERAntiSpyware.com

2010-07-26 08:16:17 0 d-----w- c:\programdata\SUPERAntiSpyware.com

2010-07-26 08:16:11 0 d-----w- c:\programdata\!SASCORE

2010-07-26 08:16:09 0 d-----w- c:\program files\SUPERAntiSpyware

2010-07-26 07:53:24 0 d-----w- c:\users\punk45s\appdata\roaming\QuickScan

2010-07-22 23:08:14 2902495 ------w- c:\windows\syswow64\Sens_oal.dll

2010-07-22 23:08:14 1940480 ------w- c:\windows\system32\Sens_oal.dll

2010-07-22 23:08:01 0 d-----w- c:\programdata\Creative

2010-07-22 23:07:29 0 d-----w- c:\program files (x86)\common files\Creative

Labs Shared

2010-07-22 23:07:13 0 d-----w- c:\program files\Creative

2010-07-22 23:07:10 0 d-----w- c:\program files (x86)\Creative

2010-07-22 23:07:07 0 d-----w- c:\program files (x86)\RocketFish

2010-07-21 07:36:15 1251872 ----a-w- c:\windows\RtlExUpd.dll

2010-07-21 06:32:07 0 d-----w- c:\windows\syswow64\RTCOM

2010-07-21 06:24:12 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2010-07-21 06:24:12 347680 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2010-07-21 06:16:43 0 d-----w- c:\programdata\DriverScanner

2010-07-21 06:16:28 0 dc-h--w- c:\programdata\{66E2F539-12B6-4870-A500-

7689CDE75C5E}

2010-07-15 17:11:47 0 d-----w- c:\users\punk45s\appdata\roaming\BitDefender

2010-07-14 20:12:49 144384 ----a-w- c:\windows\system32\cdd.dll

2010-07-11 05:37:24 0 d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta

1

2010-07-06 03:17:55 126976 ----a-w- c:\windows\lcmmfu.cpl

2010-07-06 03:17:54 1177 --sha-w- c:\windows\syswow64\mmf.sys

2010-07-06 03:17:53 48640 ----a-w- c:\windows\mmfs.dll

2010-07-06 03:17:53 2560 ----a-w- c:\windows\Runservice.exe

2010-07-06 03:16:41 0 d-----w- c:\program files (x86)\Wolverine Studios

2010-06-30 02:05:55 21840 ----a-w- c:\windows\syswow64\SIntfNT.dll

2010-06-30 02:05:55 17212 ----a-w- c:\windows\syswow64\SIntf32.dll

2010-06-30 02:05:55 12067 ----a-w- c:\windows\syswow64\SIntf16.dll

2010-06-30 01:45:47 40173 ----a-w- c:\windows\DIIUnin.dat

2010-06-30 01:45:46 94208 ----a-w- c:\windows\DIIUnin.exe

2010-06-30 01:45:46 2829 ----a-w- c:\windows\DIIUnin.pif

2010-06-30 01:30:10 0 d-----w- c:\program files (x86)\Diablo II

2010-06-29 06:15:02 0 d-----w- c:\program files\iTunes

2010-06-29 06:15:02 0 d-----w- c:\program files\iPod

2010-06-29 06:13:38 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-07-22 23:08:14 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2010-07-22 23:08:14 444952 ----a-w- c:\windows\syswow64\wrap_oal.dll

2010-07-22 23:08:14 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2010-07-22 23:08:14 109080 ----a-w- c:\windows\syswow64\OpenAL32.dll

2010-06-19 19:47:32 348160 ----a-w- c:\windows\syswow64\msvcr71.dll

2010-06-19 19:47:32 1700352 ----a-w- c:\windows\syswow64\gdiplus.dll

2010-06-19 19:47:32 1060864 ----a-w- c:\windows\syswow64\mfc71.dll

2010-06-13 07:42:18 88144 ----a-w- c:\windows\system32\drivers\bdfndisf6.sys.upd

2010-06-13 01:38:27 188704 ----a-w- c:\windows\syswow64\PnkBstrB.exe

2010-06-12 18:01:50 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-05-18 23:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 23:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-18 23:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll

2010-05-18 23:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe

2010-05-15 18:43:40 2892 ----a-w- c:\windows\syswow64\audcon.sys

2010-05-12 18:21:16 270208 ------w- c:\windows\system32\MpSigStub.exe

2010-05-09 09:46:00 961024 ----a-w- c:\windows\system32\CPFilters.dll

2010-05-09 09:45:57 552960 ----a-w- c:\windows\system32\msdri.dll

2010-05-09 09:14:55 641536 ----a-w- c:\windows\syswow64\CPFilters.dll

2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll

2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll

2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys

2010-04-30 09:27:46 1958944 ----a-w- c:\windows\system32\RtPgEx64.dll

2010-04-30 09:27:40 332320 ----a-w- c:\windows\system32\RtlCPAPI64.dll

2010-04-30 09:27:34 2602016 ----a-w- c:\windows\system32\RtkAPO64.dll

2010-04-30 09:27:34 149536 ----a-w- c:\windows\system32\RtkCfg64.dll

2010-04-30 09:27:28 70176 ----a-w- c:\windows\system32\RCoInst64.dll

2010-04-30 09:27:28 476192 ----a-w- c:\windows\system32\RtkApi64.dll

2010-04-30 09:27:28 1210912 ----a-w- c:\windows\system32\RTCOM64.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2010-03-31 10:19:45 245760 --sha-w- c:\windows\serviceprofiles\networkservice

\appdata\roaming\microsoft\windows\ietldcache\index.dat

2010-04-15 04:09:04 245760 --sha-w- c:\windows\system32\config\systemprofile

\appdata\roaming\microsoft\windows\ietldcache\index.dat

2010-01-15 19:01:35 16384 --sha-w- c:\windows\temp\cookies\index.dat

2010-01-15 19:01:35 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat

2010-01-15 19:01:35 16384 --sha-w- c:\windows\temp\temporary internet files

\content.ie5\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-

mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-

app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 14:32:07.53 ===============

The GMER Rootkit scan was empty.

Link to post
Share on other sites

and here is the hijackthis log as well.

Logfile of HijackThis v1.99.1

Scan saved at 3:21:02 PM, on 7/27/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\RocketFish\RF5.1\Volume Panel\VolPanlu.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

K:\Backup\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\RocketFish\RF5.1\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\SysWOW64\CSHelper.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Link to post
Share on other sites

Unfortunately within about 2 hours of posting this my computer froze up and refused to start up again. It kept making it to the login screen, but nothing would show up. Tried to do a clean install of windows and it would freeze at the screen where the setup would open.

Eventually had to take the drive out and format it from my laptop, even after this I had problems getting windows installed again. So whatever happened must have messed something up really bad.

Link to post
Share on other sites

  • 2 weeks later...
  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.