Jump to content

Recommended Posts

Hello..

My niece's pc is severely infected with what I believe is the Vundo Trojan, along with a rootkit and some other stuff.. My brother and I both took stabs at deleting this infection with Malwarebytes, HJT, and CCleaner, and nothing has worked, the same .dll files keep reappearing so they're obviously embedded somewhere, and hidden very well in the system32 folder.. Lag isnt so much of an issues since the pc only has about half a gig of RAM, but the hijacked browser and other annoyances are getting to me. My niece said she downloaded a copy of HTMLpad 2009 2 days ago on the computer from a torrent site and thats when the computer decided to go bonkers... I've since uninstalled the program, but i see the install files still there (could be the source of the problem). So instead of ripping my hair out in trying to get rid of these backdoor exploits, and rootkit trojans, we're throwing in the towel and looking for additional help

I could not get a Panda Scan because of my browser being compromised by this, and it keeps getting redirected to another site for protectionrunscanner.com And even if i try to disable the pop-up panda's site is blocked and I keep getting a connection error for the site even thou my net is ok. So hopefully the Kaspersky Scan that i was able to get is an ok substitution until i can do a panda scan...

I ran MBAM/HJT and have posted the logs below as well

Any and all help is greatly appreciated.

Thanks!

HJT:

Logfile of random's system information tool 1.04 (written by random/random)

Run by Administrator at 2008-12-14 18:42:30

Microsoft Windows XP Professional Service Pack 3

System drive C: has 10 GB (27%) free of 36 GB

Total RAM: 510 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:42:33, on 12/14/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\iolo\common\lib\ioloServiceManager.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Administrator.exe

O2 - BHO: (no name) - {104bccc5-2e40-48f1-a94c-aee61e529351} - C:\WINDOWS\system32\gifepujo.dll (file missing)

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [kufafufumo] Rundll32.exe "C:\WINDOWS\system32\zigomobo.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [kufafufumo] Rundll32.exe "C:\WINDOWS\system32\zigomobo.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [kufafufumo] Rundll32.exe "C:\WINDOWS\system32\zigomobo.dll",s (User 'NETWORK SERVICE')

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849197859

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179849190859

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} - http://www-307.ibm.com/pc/support/IbmEgath.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\pegatijo.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 4255 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

C:\WINDOWS\tasks\hiyfhxtr.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{104bccc5-2e40-48f1-a94c-aee61e529351}]

C:\WINDOWS\system32\gifepujo.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

"kufafufumo"=C:\WINDOWS\system32\zigomobo.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

C:\Documents and Settings\Nora\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-12 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]

C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe [2004-08-06 442368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSetup]

C:\DOCUME~1\Nora\LOCALS~1\Temp\QuickCam_11.80.1065\setup.exe /skip_all_checks /p /start /restart /l:enu []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]

C:\WINDOWS\system32\ICO.EXE [2005-04-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-01-07 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-23 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-25 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-20 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

C:\PROGRA~1\LimeWire\LimeWire.exe [2008-08-21 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]

C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-10-11 22486]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nora^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]

C:\PROGRA~1\Logitech\QuickCam\eReg.exe [2008-02-13 493832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ioloDMV"=2

"CCALib8"=2

"iPod Service"=3

"Bonjour Service"=2

"Apple Mobile Device"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\WINDOWS\system32\pegatijo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-11-07 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=scecli

C:\WINDOWS\system32\pegatijo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\Program Files\AIM6\AIM6.EXE"="C:\Program Files\AIM6\AIM6.EXE:*:Enabled:AIM"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\MSN Messenger\MSNMSGR.EXE"="C:\Program Files\MSN Messenger\MSNMSGR.EXE:*:Enabled:Messenger"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"

"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"

"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\WINDOWS\EXPLORER.EXE"="C:\WINDOWS\EXPLORER.EXE:*:Enabled:Explorer"

"C:\WINDOWS\System32\logonui.exe"="C:\WINDOWS\System32\logonui.exe:*:Enabled:logonui"

"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.bat - edit -

.cmd - edit -

.inf - open -

.ini - open -

.js - edit -

.js - open - NOTEPAD.EXE %1

.reg - edit -

.reg - open - NOTEPAD.EXE %1

.scr - open - NOTEPAD.EXE %1

.txt - open -

.vbs - edit -

.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-12-14 18:01:11 ----D---- C:\Program Files\Panda Security

2008-12-14 13:50:35 ----HD---- C:\WINDOWS\$NtUninstallKB956803$

2008-12-14 13:30:50 ----D---- C:\Program Files\CCleaner

2008-12-14 13:16:04 ----A---- C:\WINDOWS\system32\Incinerator.dll

2008-12-14 13:15:58 ----A---- C:\WINDOWS\system32\smrgdf.exe

2008-12-14 13:15:58 ----A---- C:\WINDOWS\system32\iolobtdfg.exe

2008-12-14 13:15:52 ----D---- C:\Program Files\iolo

2008-12-14 13:13:16 ----D---- C:\Documents and Settings\Administrator\Application Data\iolo

2008-12-13 19:48:48 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe

2008-12-13 19:44:54 ----D---- C:\Documents and Settings\Administrator\Application Data\Logitech

2008-12-13 19:23:00 ----A---- C:\rapport2.txt

2008-12-13 19:18:12 ----A---- C:\WINDOWS\system32\tmp.txt

2008-12-13 19:17:57 ----A---- C:\rapport.txt

2008-12-13 19:17:31 ----A---- C:\WINDOWS\system32\WS2Fix.exe

2008-12-13 19:17:31 ----A---- C:\WINDOWS\system32\VCCLSID.exe

2008-12-13 19:17:31 ----A---- C:\WINDOWS\system32\VACFix.exe

2008-12-13 19:17:31 ----A---- C:\WINDOWS\system32\swxcacls.exe

2008-12-13 19:17:31 ----A---- C:\WINDOWS\system32\swsc.exe

2008-12-13 19:17:31 ----A---- C:\WINDOWS\system32\swreg.exe

2008-12-13 19:17:31 ----A---- C:\WINDOWS\system32\SrchSTS.exe

2008-12-13 19:17:31 ----A---- C:\WINDOWS\system32\Process.exe

2008-12-13 19:17:31 ----A---- C:\WINDOWS\system32\o4Patch.exe

2008-12-13 19:17:31 ----A---- C:\WINDOWS\system32\IEDFix.exe

2008-12-13 19:17:31 ----A---- C:\WINDOWS\system32\IEDFix.C.exe

2008-12-13 19:17:31 ----A---- C:\WINDOWS\system32\dumphive.exe

2008-12-13 19:17:31 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe

2008-12-13 19:17:31 ----A---- C:\WINDOWS\system32\404Fix.exe

2008-12-13 19:16:04 ----D---- C:\WINDOWS\CSC

2008-12-13 18:50:56 ----SHD---- C:\FOUND.005

2008-12-13 16:27:14 ----D---- C:\Documents and Settings\Administrator\Application Data\Windows Search

2008-12-13 16:12:09 ----D---- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org

2008-12-13 15:59:13 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2008-12-13 15:50:39 ----A---- C:\gqstsqym.exe

2008-12-13 15:48:51 ----A---- C:\WINDOWS\system32\geBrOhFy.dll

2008-12-13 15:48:19 ----A---- C:\WINDOWS\system32\nokye.exe

2008-12-13 08:28:47 ----HD---- C:\WINDOWS\$NtUninstallWdf01005$

2008-12-13 08:27:29 ----A---- C:\WINDOWS\system32\BtCoreIf.dll

2008-12-13 08:27:24 ----A---- C:\WINDOWS\system32\KemXML.dll

2008-12-13 08:27:24 ----A---- C:\WINDOWS\system32\KemWnd.dll

2008-12-13 08:27:24 ----A---- C:\WINDOWS\system32\KemUtil.dll

2008-12-13 08:27:24 ----A---- C:\WINDOWS\system32\kemutb.dll

2008-12-12 04:03:30 ----HD---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-12 04:00:43 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-12 04:00:38 ----HD---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-12 04:00:25 ----HD---- C:\WINDOWS\$NtUninstallKB956802$

2008-12-02 23:45:10 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-12-02 23:05:58 ----D---- C:\Program Files\Messenger Plus! Live

2008-11-28 17:56:11 ----D---- C:\Program Files\iPod

2008-11-28 17:55:58 ----D---- C:\Program Files\iTunes

2008-11-28 17:55:58 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-28 17:54:39 ----D---- C:\Program Files\Bonjour

2008-11-28 17:53:08 ----D---- C:\Program Files\QuickTime

2008-11-26 07:32:34 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint

2008-11-26 07:32:31 ----D---- C:\Program Files\Viewpoint

2008-11-26 07:32:31 ----D---- C:\Documents and Settings\All Users\Application Data\acccore

2008-11-25 10:13:19 ----D---- C:\Program Files\Common Files\xing shared

2008-11-25 10:13:12 ----A---- C:\WINDOWS\system32\rmoc3260.dll

2008-11-25 10:13:03 ----A---- C:\WINDOWS\system32\pndx5032.dll

2008-11-25 10:13:03 ----A---- C:\WINDOWS\system32\pndx5016.dll

2008-11-25 10:13:02 ----D---- C:\Program Files\Real

2008-11-25 10:13:02 ----A---- C:\WINDOWS\system32\pncrt.dll

2008-11-25 10:12:59 ----D---- C:\Program Files\Common Files\Real

2008-11-25 08:23:42 ----D---- C:\Program Files\Creative

2008-11-25 08:23:42 ----A---- C:\WINDOWS\system32\eax.dll

2008-11-25 08:13:05 ----D---- C:\Program Files\Eidos Interactive

2008-11-24 20:28:12 ----D---- C:\Program Files\Common Files\Download Manager

2008-11-23 10:44:23 ----A---- C:\WINDOWS\system32\javaws.exe

2008-11-23 10:44:23 ----A---- C:\WINDOWS\system32\javaw.exe

2008-11-23 10:44:23 ----A---- C:\WINDOWS\system32\java.exe

2008-11-23 10:44:23 ----A---- C:\WINDOWS\system32\deploytk.dll

2008-11-22 11:34:14 ----D---- C:\Program Files\JRE

2008-11-22 11:34:07 ----D---- C:\Program Files\OpenOffice.org 3

2008-11-16 13:21:24 ----HD---- C:\Program Files\InstallShield Installation Information

2008-11-16 12:43:23 ----D---- C:\Program Files\ICQ6

2008-11-16 11:27:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of files/folders modified in the last 1 months======

2008-12-14 18:31:50 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-13 19:44:24 ----A---- C:\WINDOWS\OEWABLog.txt

2008-12-13 19:17:04 ----A---- C:\WINDOWS\ntbtlog.txt

2008-12-13 18:44:26 ----RASH---- C:\BOOT.INI

2008-12-13 18:44:26 ----A---- C:\WINDOWS\win.ini

2008-12-13 18:44:26 ----A---- C:\WINDOWS\system.ini

2008-12-13 08:28:56 ----A---- C:\WINDOWS\imsins.BAK

2008-11-26 12:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe

2008-11-24 20:30:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]

R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2008-09-26 10384]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]

R3 E100B;Intel

Link to post
Share on other sites

Please close this thread. I managed to resolve my issue and removed Vundo and other traces of malware from my system, myself.

Malwarebytes' Anti-Malware 1.31

Database version: 1456

Windows 5.1.2600 Service Pack 3

12/15/2008 3:40:32 PM

mbam-log-2008-12-15 (15-40-32).txt

Scan type: Quick Scan

Objects scanned: 58821

Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.