PDA

View Full Version : win32 fraudload edt



Infected25
2011-06-05, 07:11
Heres Log
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Vistor at 0:10:40 on 2011-06-05
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2814.1953 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\DOCUME~1\Vistor\LOCALS~1\Temp\Ddx.exe
C:\Program Files\AIM\aim.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BHO Class: {dd92de22-ed91-4560-b788-dee2b26612e6} - c:\program files\devicevm\browser configuration utility\IEHelper.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [YDZ1QVAGOJ] c:\docume~1\vistor\locals~1\temp\Ddx.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\vistor\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\vistor\startm~1\programs\startup\styler.lnk - c:\documents and settings\vistor\application data\microsoft\installer\{e9ecf354-2422-4fdb-9abf-d8adac0ef941}\_585b207a.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C8E340E2-9C64-4B29-853E-6699F48CF48F} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: Antiwpa - antiwpa.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\vistor\application data\mozilla\firefox\profiles\iwweaoy5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\vistor\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl0f19e3d6;MpKsl0f19e3d6;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{912e447d-422b-46f1-bac8-3cd4c8979dcb}\MpKsl0f19e3d6.sys [2011-6-4 28752]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-8-1 212232]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-8-1 68136]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-12-25 632792]
S1 MpKsl18d89695;MpKsl18d89695;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{554de8e2-9825-46c6-8d40-d35191c99137}\mpksl18d89695.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{554de8e2-9825-46c6-8d40-d35191c99137}\MpKsl18d89695.sys [?]
S1 MpKsl50475657;MpKsl50475657;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54ec0980-d55a-4088-974a-74478ad2500b}\mpksl50475657.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54ec0980-d55a-4088-974a-74478ad2500b}\MpKsl50475657.sys [?]
S1 MpKsl7bea47a4;MpKsl7bea47a4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee21a650-379e-4276-8c0f-419b3c0dddea}\mpksl7bea47a4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee21a650-379e-4276-8c0f-419b3c0dddea}\MpKsl7bea47a4.sys [?]
S1 MpKslb72677d0;MpKslb72677d0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fc52f683-b66e-4209-aee7-a94ec97aae88}\mpkslb72677d0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fc52f683-b66e-4209-aee7-a94ec97aae88}\MpKslb72677d0.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-13 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-8-1 1684736]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google 更新服务 (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-13 136176]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2011-1-11 133632]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2011-1-11 79360]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVEX15.SYS [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-05 03:02:38 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{912e447d-422b-46f1-bac8-3cd4c8979dcb}\MpKsl0f19e3d6.sys
2011-06-05 02:41:27 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-05 02:36:05 230912 ----a-w- c:\windows\Dvyhoa.exe
2011-06-05 02:18:14 -------- d-----w- c:\documents and settings\all users\application data\UAB
2011-06-05 02:18:10 -------- d-----w- c:\documents and settings\vistor\local settings\application data\PC_Drivers_Headquarters
2011-06-05 02:18:05 -------- d-----w- c:\documents and settings\all users\application data\PC Drivers HeadQuarters
2011-06-05 02:16:58 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2011-06-04 20:32:04 71496 ----a-w- c:\windows\system32\rdboot32.exe
2011-06-04 19:28:50 -------- d-----w- c:\documents and settings\vistor\local settings\application data\O&O
2011-06-04 19:07:37 -------- d-----w- c:\program files\Raxco
2011-06-04 18:01:35 -------- d-----w- c:\documents and settings\vistor\local settings\application data\AeroSnapApp
2011-06-04 18:01:35 -------- d-----w- c:\documents and settings\vistor\application data\AeroSnapApp
2011-06-04 15:45:03 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{912e447d-422b-46f1-bac8-3cd4c8979dcb}\mpengine.dll
2011-06-04 14:44:51 -------- d-----w- c:\program files\Vista Drive Icon
2011-06-04 14:43:42 -------- d-----w- c:\program files\Taskbar Shuffle
2011-06-04 14:42:49 -------- d-----w- c:\program files\AeroSnap
2011-06-04 14:38:49 -------- d-----w- c:\documents and settings\vistor\application data\IconTweaker
2011-06-04 14:38:49 -------- d-----w- c:\documents and settings\all users\application data\IconTweaker
2011-06-04 14:38:47 -------- d-----w- c:\program files\IconTweaker
2011-06-04 14:16:11 -------- d-----w- c:\documents and settings\vistor\application data\Styler
2011-06-04 14:15:31 -------- d-----w- c:\program files\Styler
2011-06-04 02:02:14 -------- d-----w- C:\ppsvodcache
2011-06-04 01:29:39 -------- d-----w- c:\documents and settings\all users\application data\DivX
2011-06-03 23:12:24 -------- d-----w- c:\documents and settings\all users\application data\IObit
2011-06-03 20:52:11 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-06-03 20:51:51 -------- d-----w- c:\program files\common files\xing shared
2011-06-03 20:51:34 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-06-03 20:51:28 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-06-03 20:25:11 -------- d-----w- c:\documents and settings\vistor\Adobe Photoshop CS5.1
2011-06-03 20:20:51 -------- d-----w- c:\documents and settings\vistor\application data\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-06-03 02:06:58 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-06-03 00:48:10 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-06-03 00:48:10 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-06-03 00:42:00 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-06-03 00:41:07 -------- d-----w- c:\windows\SHELLNEW
2011-06-02 21:26:39 -------- d-----w- c:\documents and settings\vistor\local settings\application data\Microsoft Help
2011-06-02 21:18:57 -------- d-----w- c:\documents and settings\vistor\local settings\application data\SoftGrid Client
2011-06-02 21:18:54 -------- d-----w- c:\documents and settings\vistor\application data\SoftGrid Client
2011-06-02 21:13:05 -------- d-----w- c:\documents and settings\vistor\application data\TP
2011-06-01 01:45:47 -------- d-----w- c:\documents and settings\vistor\application data\Softplicity
2011-06-01 01:23:36 -------- d-----w- c:\documents and settings\vistor\local settings\application data\Conduit
2011-06-01 01:23:06 -------- d-----w- c:\documents and settings\vistor\application data\GetRightToGo
2011-06-01 00:47:55 304128 ----a-w- c:\windows\IsUninst.exe
2011-06-01 00:47:53 -------- d-----w- c:\documents and settings\vistor\WINDOWS
2011-05-31 20:11:43 -------- d-----w- c:\documents and settings\vistor\local settings\application data\Downloaded Installations
2011-05-31 19:58:19 -------- d-----w- c:\windows\system32\winrm
2011-05-31 19:58:11 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-05-31 03:06:43 -------- d-----w- c:\documents and settings\vistor\application data\Digiarty
2011-05-31 02:22:33 -------- d-----w- c:\program files\Digiarty
2011-05-31 01:59:06 -------- d-----w- c:\documents and settings\vistor\local settings\application data\FLVService
2011-05-31 01:00:08 -------- d-----w- c:\documents and settings\vistor\application data\AnvSoft
2011-05-31 00:40:49 -------- d-----w- c:\program files\Total Video Converter
2011-05-31 00:36:06 -------- d-----w- c:\program files\common files\SWF Studio
2011-05-31 00:35:57 -------- d-----w- c:\program files\Riva
2011-05-31 00:25:34 -------- d-----w- c:\program files\YouTube Downloader
2011-05-30 15:50:11 175616 ----a-w- c:\windows\system32\unrar.dll
2011-05-30 15:50:07 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-05-30 15:50:07 631808 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-30 15:50:07 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-05-30 15:50:07 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-05-30 15:50:06 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-05-30 15:50:06 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-05-30 15:50:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-05-30 15:46:45 -------- d-----w- c:\documents and settings\vistor\local settings\application data\WMTools Downloaded Files
2011-05-26 22:32:17 -------- d-----w- c:\windows\OPTIONS
2011-05-26 21:41:13 -------- d-----w- c:\documents and settings\vistor\local settings\application data\Temp
2011-05-26 21:41:08 -------- d-----w- c:\documents and settings\vistor\local settings\application data\Google
2011-05-26 05:57:08 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-05-26 00:56:55 -------- d-----w- c:\documents and settings\vistor\local settings\application data\ATI
2011-05-25 02:23:22 -------- d-----w- c:\documents and settings\vistor\local settings\application data\Wildtangent
2011-05-21 22:24:32 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-21 22:24:32 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 22:15:55 -------- d-----w- C:\AMD
2011-05-21 22:09:27 -------- d-----w- c:\program files\common files\Logitech
2011-05-21 22:09:26 -------- d-----w- c:\program files\MouseWare
2011-05-21 22:09:13 -------- d-----w- C:\Compaq
2011-05-21 22:03:00 -------- d-----w- c:\documents and settings\vistor\application data\DeviceDoctorSoftware
2011-05-21 21:54:28 -------- d-----w- c:\windows\LastGood(2)
2011-05-20 22:08:55 -------- d-----w- c:\documents and settings\vistor\application data\Unity
2011-05-15 01:17:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-06-05 03:02:40 17488 ----a-w- c:\windows\gdrv.sys
2011-06-03 20:51:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-03 20:51:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 0:11:00.65 ===============

Shaba
2011-06-14, 19:06
Hi Infected25

Which program finds that and where it is according to it?