Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Got hit with vundo.....

[Fixed] Hijackthis! Logs - Got hit with vundo..... posted in the Security & Safety forums; SAS seems to have removed it but can someone check out my log just in case Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:30:23, on 20/05/2008 Platform: Windows ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
  #1  
Old 05-20-2008
D__'s Avatar
D__ D__ is offline
Moderator
My PC
 
Join Date: Oct 2007
Location: Isle Of Wight
Posts: 1,059
PC Experience: Some Experience
D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page
Default Got hit with vundo.....
SAS seems to have removed it but can someone check out my log just in case

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:30:23, on 20/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Philips\PSA2\skin\qvecplsk.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox3\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\qvecplsk.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: efcDWMeb - efcDWMeb.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 6046 bytes
  #2  
Old 05-20-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,088
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Got hit with vundo.....
It looks ok but lets just check a bit deeper...

We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix
When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 05-20-2008
D__'s Avatar
D__ D__ is offline
Moderator
My PC
 
Join Date: Oct 2007
Location: Isle Of Wight
Posts: 1,059
PC Experience: Some Experience
D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page
Default Re: Got hit with vundo.....
There are no recovery files for SP3

ComboFix 08-05-19.4 - Dave 2008-05-20 3:07:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1598 [GMT 1:00]
Running from: C:\Documents and Settings\Dave\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-20 00:51 . 2008-05-20 00:51 <DIR> d-------- C:\Program Files\uTorrent
2008-05-20 00:51 . 2008-05-20 03:01 <DIR> d-------- C:\Documents and Settings\Dave\Application Data\uTorrent
2008-05-19 23:55 . 2008-05-19 23:56 <DIR> d-------- C:\Program Files\Prey
2008-05-19 21:50 . 2008-05-19 21:50 <DIR> d-------- C:\Program Files\UltraMon
2008-05-19 21:50 . 2008-05-19 21:50 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft
2008-05-19 15:55 . 2008-05-20 02:27 <DIR> d-------- C:\Program Files\PROnetworks
2008-05-17 20:21 . 2008-05-17 20:21 <DIR> d-------- C:\Program Files\Defraggler
2008-05-17 18:38 . 2008-05-17 18:41 <DIR> d-------- C:\Program Files\Return to Castle Wolfenstein
2008-05-17 18:36 . 2008-05-17 18:41 635 --a------ C:\WINDOWS\Rtcw.INI
2008-05-16 15:56 . 2008-05-20 01:47 <DIR> d-------- C:\Program Files\Unlocker
2008-05-15 20:57 . 2008-05-20 03:03 <DIR> d-------- C:\Program Files\Mozilla Firefox3
2008-05-15 13:41 . 2008-05-15 13:41 <DIR> d-------- C:\Program Files\Fox
2008-05-15 13:39 . 2008-05-19 00:30 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-05-15 13:39 . 2008-05-19 00:30 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-05-15 13:39 . 2008-05-19 00:30 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-05-14 21:34 . 2008-05-14 21:34 <DIR> d-------- C:\Program Files\RocketDock
2008-05-14 18:20 . 2005-05-03 14:00 3,379,200 --a------ C:\logonui_black.exe
2008-05-14 15:03 . 2008-05-14 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-05-14 15:02 . 2008-05-14 15:02 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-05-14 15:02 . 2008-05-14 15:03 <DIR> d-------- C:\Program Files\Granny In Paradise
2008-05-12 14:27 . 2008-05-12 14:27 <DIR> d-------- C:\Program Files\Eidos Interactive
2008-05-12 00:31 . 2008-05-12 00:31 <DIR> d-------- C:\Program Files\Eidos
2008-05-12 00:29 . 2008-05-13 16:17 <DIR> d-------- C:\Program Files\Lucasarts
2008-05-11 20:36 . 2008-05-11 21:28 <DIR> d-------- C:\Program Files\Total Gameplay
2008-05-11 20:36 . 2008-05-11 20:36 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-05-11 20:28 . 2008-05-11 20:29 <DIR> d-------- C:\Program Files\BMW M3 Challenge
2008-05-11 18:46 . 2008-05-11 19:50 <DIR> d-------- C:\Program Files\Electronic Arts
2008-05-10 21:20 . 2008-05-10 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-05-10 19:49 . 2008-05-10 19:49 <DIR> dr------- C:\Documents and Settings\Dave\Application Data\Brother
2008-05-10 17:01 . 2008-05-10 17:01 <DIR> d-------- C:\Program Files\OpenAL
2008-05-10 17:01 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmpA6.tmp
2008-05-10 17:01 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmpA5.tmp
2008-05-10 16:56 . 2008-05-12 19:42 <DIR> d-------- C:\Program Files\Codemasters
2008-05-10 12:42 . 2008-05-19 20:13 419 --a------ C:\WINDOWS\BRWMARK.INI
2008-05-10 12:42 . 2008-05-19 20:13 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-05-06 21:27 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-06 20:57 . 2008-05-06 20:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-06 20:57 . 2008-05-06 21:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-06 19:55 . 2008-05-06 19:55 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-04 19:38 . 2008-04-14 05:42 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-05-04 16:22 . 2008-05-04 16:22 <DIR> d-------- C:\Program Files\VS Revo Group
2008-05-03 21:34 . 2008-05-03 21:34 171,136 -rahs---- C:\grldr
2008-05-03 20:27 . 2008-05-03 20:27 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-03 20:24 . 2008-05-03 20:24 <DIR> d-------- C:\Program Files\Microsoft Games
2008-05-03 16:14 . 2008-05-20 02:05 <DIR> d-------- C:\Documents and Settings\Dave\Application Data\LimeWire
2008-05-02 00:40 . 2008-05-02 00:40 <DIR> d-------- C:\Sandbox
2008-05-02 00:39 . 2008-05-02 00:39 <DIR> d-------- C:\Program Files\Sandboxie
2008-05-02 00:39 . 2008-05-16 15:33 1,590 --a------ C:\WINDOWS\Sandboxie.ini
2008-05-01 18:37 . 2008-05-01 18:37 <DIR> d-------- C:\Program Files\DVDFab HD Decrypter 4
2008-04-30 13:32 . 2008-04-30 13:32 <DIR> d-------- C:\Program Files\Lavalys
2008-04-25 20:26 . 2008-04-25 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-04-25 19:52 . 2008-04-25 20:11 <DIR> d-------- C:\Program Files\nLite
2008-04-25 00:05 . 2008-04-14 05:42 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-04-25 00:05 . 2008-04-14 05:41 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2008-04-25 00:05 . 2008-04-14 05:41 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2008-04-25 00:05 . 2008-04-14 05:41 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-04-25 00:05 . 2008-04-13 22:57 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-25 00:00 . 2008-04-25 00:00 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-24 23:46 . 2008-04-24 23:46 <DIR> d-------- C:\WINDOWS\EHome
2008-04-24 21:45 . 2008-04-24 21:47 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-24 20:44 . 2008-05-06 15:50 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-24 20:44 . 2008-04-24 20:44 <DIR> d-------- C:\Program Files\AVG
2008-04-24 20:44 . 2008-04-24 20:44 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-24 20:44 . 2008-04-24 20:44 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-24 20:44 . 2008-04-24 20:44 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-24 20:19 . 2008-04-24 20:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-24 20:11 . 2008-04-24 20:11 <DIR> d-------- C:\Program Files\CleanUp!
2008-04-23 14:55 . 2008-04-23 14:55 <DIR> d-------- C:\ATI
2008-04-23 14:45 . 2008-04-23 14:45 <DIR> d-------- C:\Program Files\Driver Cleaner Pro
2008-04-22 21:11 . 2008-04-22 21:11 3,072,054 --a------ C:\WINDOWS\Diamond_1280.bmp
2008-04-22 21:10 . 2008-04-22 21:10 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-04-22 19:54 . 2008-04-22 19:54 <DIR> d-------- C:\Documents and Settings\Dave\Application Data\Logitech
2008-04-22 19:54 . 2008-04-22 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-04-22 19:52 . 2008-04-22 19:52 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2008-04-22 19:52 . 2008-04-22 19:52 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2008-04-22 19:51 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-04-22 19:50 . 2008-04-22 19:50 <DIR> d-------- C:\Program Files\Logitech
2008-04-22 19:50 . 2008-04-22 19:51 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-04-22 19:50 . 2008-04-22 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-22 19:50 . 2008-01-09 12:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-04-22 19:50 . 2008-01-09 12:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-04-22 19:50 . 2008-01-09 12:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-04-22 19:50 . 2008-01-09 12:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2008-04-21 19:07 . 2008-04-21 19:12 98 --a------ C:\WINDOWS\WirelessFTP.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-19 22:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 00:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 20:20 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-10 16:01 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-05-10 16:01 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-05-06 20:31 --------- d-----w C:\Documents and Settings\Dave\Application Data\ATI
2008-05-06 20:28 --------- d-----w C:\Program Files\ATI Technologies
2008-05-06 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-04 18:38 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-25 19:47 --------- d-----w C:\Program Files\Ubisoft
2008-04-25 19:26 --------- d-----w C:\Documents and Settings\Dave\Application Data\Ahead
2008-04-24 20:04 --------- d-----w C:\Documents and Settings\Dave\Application Data\SiteAdvisor
2008-04-19 18:13 --------- d-----w C:\Documents and Settings\Dave\Application Data\Gearbox Software
2008-04-18 19:46 --------- d-----w C:\Program Files\NovaTech Network
2008-04-17 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-04-16 10:57 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-04-15 11:57 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-14 15:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-14 04:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 04:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 04:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 04:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 04:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 04:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 04:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 04:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 04:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 04:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 04:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 04:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 04:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 01:30 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 00:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 23:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 23:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 23:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 23:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 23:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 23:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 23:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 23:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 23:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 23:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 23:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 23:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 23:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 23:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 23:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 23:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 23:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 23:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 23:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 23:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 23:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 23:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 23:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 23:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 23:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 23:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 23:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 23:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 23:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 23:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 23:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 23:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 23:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 23:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 23:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 23:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 23:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 23:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 23:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 23:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 23:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 23:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 23:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 23:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 23:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 23:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 23:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 23:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 23:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 23:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 23:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 23:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 23:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 23:21 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 23:16 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 23:16 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 23:16 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 23:16 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 23:16 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 23:16 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 23:16 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 23:16 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 23:16 18,944 ----a-w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 23:16 17,024 ----a-w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 23:16 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 23:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 23:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27 304640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"QveCtl2Tray"="C:\Program Files\Philips\PSA2\skin\qvecplsk.exe" [2002-11-04 14:05 569344]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2008-03-29 18:37 79224]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/22/2008 7:50:56 PM 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\logonui_black.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDWMeb]
efcDWMeb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\id Software\\Quake 4\\Quake4Ded.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Codemasters\\GRID Demo\\GRID.exe"=
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 18:31]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-24 20:44]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-03-29 18:35]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-24 20:44]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [2005-09-05 11:21]
R3 PSC60x;Philips PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\pscaudio.sys [2002-08-27 16:33]
R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;C:\WINDOWS\system32\DRIVERS\QsndEnum.sy s [2002-07-18 14:47]
R3 QSoftAud;Philips Sound Agent 2 (WDM);C:\WINDOWS\system32\drivers\QSoftAud.sys [2002-10-28 11:17]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-04-27 14:22]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\ DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe []
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
S3 DNINDIS5NINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-08-15 07:27]

*Newly Created Service* - CATCHME
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 03:08:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


folder error: C:\DOCUME~1\Dave\LOCALS~1\Temp\

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-05-20 3:10:16
ComboFix-quarantined-files.txt 2008-05-20 02:10:14

Pre-Run: 68,661,997,568 bytes free
Post-Run: 68,700,573,696 bytes free

279 --- E O F --- 2008-05-16 14:35:32
  #4  
Old 05-20-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,088
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Got hit with vundo.....
You can use SP2 Recovery Console without any problem..As for the log its fine.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 05-20-2008
D__'s Avatar
D__ D__ is offline
Moderator
My PC
 
Join Date: Oct 2007
Location: Isle Of Wight
Posts: 1,059
PC Experience: Some Experience
D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page D__ - See this Members User comments on their Profile page
Default Re: Got hit with vundo.....
Ok cool, thank you



Reply
Satellite TV on your PC - over 3000 Channels! Click Here!

Bookmarks

« Please Help | My Logs Need Looking »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 10:16 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top