PDA

View Full Version : RPC Virus virus



Sonic40
2011-08-30, 21:56
Hello,

My PC action centre warned me last night that I have the RPC Virus virus, and offered a link for security software. The virus virus term didnt look kosher, so I asked my fiancee to look at my computer. Since then we have ran trend micro housecall, malwarebytes, spybot, escan, microsoft MRT and my comodo internet security/MS security essentials. We have found nothing.

Google points this to be the blaster worrm, but surely something would have flagged this up by now? I'm really sorry if this is a waste of your time, but something isn't right.

I enclose my DDS logs below, thanks for your time.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Fluffy at 19:34:50 on 2011-08-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2542 [GMT 1:00]
.
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files (x86)\Micronet\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Micronet\11n USB Wireless LAN Utility\RtWlan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.bbc.co.uk/weather/
mWinlogon: Userinit=userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2AE74FA8-C992-4F82-BDEF-3DB85E49414C} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{B756CA8A-884A-4354-BD45-26F181DF7F30} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B756CA8A-884A-4354-BD45-26F181DF7F30}\24450264573796F6E6D283130323 : DhcpNameServer = 192.168.178.254
TCP: Interfaces\{B756CA8A-884A-4354-BD45-26F181DF7F30}\244524573796E6563737845726D2130323 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B756CA8A-884A-4354-BD45-26F181DF7F30}\45D2D4F62696C6560275962756C65637370205F696E6475627434343 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{B756CA8A-884A-4354-BD45-26F181DF7F30}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B756CA8A-884A-4354-BD45-26F181DF7F30}\84453402E6564777F627B6 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fluffy\AppData\Roaming\Mozilla\Firefox\Profiles\kla99ti7.default\
FF - prefs.js: browser.startup.homepage - GOOGLE.CO.UK
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-11 2255464]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Micronet\11n USB Wireless LAN Utility\RtlService.exe [2010-9-30 36864]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-30 1153368]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
SUnknown ALSysIO;ALSysIO; [x]
SUnknown cpuz130;cpuz130; [x]
.
=============== Created Last 30 ================
.
2011-08-30 18:11:20 -------- d---a-w- C:\Windows\rundll16.exe
2011-08-30 18:11:20 -------- d---a-w- C:\Windows\logo1_.exe
2011-08-30 18:08:29 -------- d---a-w- C:\Windows\VDLL.DLL
2011-08-30 18:08:29 -------- d---a-w- C:\Windows\SysWow64\runouce.exe
2011-08-30 18:08:29 -------- d---a-w- C:\Windows\RUNDL132.EXE
2011-08-30 18:08:29 -------- d---a-w- C:\Windows\logo_1.exe
2011-08-30 18:05:11 632064 ----a-w- C:\Windows\SysWow64\msvcr80.dll
2011-08-30 18:05:10 554240 ----a-w- C:\Windows\SysWow64\msvcp80.dll
2011-08-30 18:05:09 34048 ----a-w- C:\Windows\SysWow64\eEmpty.exe
2011-08-30 18:05:05 -------- d-----w- C:\Program Files (x86)\Common Files\MicroWorld
2011-08-30 18:05:00 -------- d-----w- C:\ProgramData\MicroWorld
2011-08-30 08:44:30 -------- d--h--w- C:\VritualRoot
2011-08-30 08:41:49 -------- d-----w- C:\Program Files\COMODO
2011-08-30 08:41:07 -------- d-----w- C:\ProgramData\Comodo Downloader
2011-08-30 07:50:22 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9A29CA77-4875-41AF-98F0-195DED8BC692}\mpengine.dll
2011-08-30 06:33:02 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-08-30 06:33:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-08-29 18:25:06 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{21A1171D-D93D-4E8B-8DE2-BDB9A0DAE64E}\gapaengine.dll
2011-08-29 18:23:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-08-29 18:23:29 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-29 18:23:26 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-08-29 18:17:47 -------- d-----w- C:\Users\Fluffy\AppData\Roaming\Malwarebytes
2011-08-29 18:17:44 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-29 18:17:43 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-29 18:17:41 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-29 18:17:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-24 15:24:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 15:24:53 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-24 10:00:09 -------- d-----w- C:\Program Files (x86)\Starbreeze Studios
2011-08-13 09:41:23 -------- d-----w- C:\ProgramData\Samsung
2011-08-12 11:24:15 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll
2011-08-12 11:24:09 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2011-08-11 21:26:03 980072 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-08-11 21:26:03 61544 ----a-w- C:\Windows\System32\nvshext.dll
2011-08-11 21:26:03 6136936 ----a-w- C:\Windows\System32\nvcpl.dll
2011-08-11 21:26:03 3021416 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-08-11 21:26:03 2560616 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-08-11 21:26:03 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-08-11 21:22:29 -------- d-----w- C:\Program Files (x86)\Phyxion.net
2011-08-11 10:49:07 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-08-06 19:42:15 -------- d-----w- C:\Users\Fluffy\.thumbnails
2011-08-06 19:41:00 -------- d-----w- C:\Users\Fluffy\.gimp-2.6
2011-08-05 12:36:15 -------- d-----w- C:\Users\Fluffy\AppData\Local\Amazon
2011-08-04 19:56:23 -------- d-----w- C:\Users\Fluffy\AppData\Roaming\Foxit Software
.
==================== Find3M ====================
.
2011-08-25 20:01:07 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-30 08:38:10 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-06-30 08:38:08 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-06-30 08:38:08 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-06-30 08:37:26 363560 ----a-w- C:\Windows\System32\guard64.dll
2011-06-30 08:37:26 285256 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 19:37:07.97 ===============

shelf life
2011-09-03, 01:58
hi Sonic40,

Sounds like scareware. Could it have been a pop up while you were browsing the internet? Hard to believe everything you ran would have missed something that was on your machine.
Also looks like you are running two AV, two is not better in this case, only one AV per machine is needed.

Sonic40
2011-09-03, 06:45
Hello shelf life, thank you for replying.

I don't remember any pop ups, the only issue was the warning which was in the action centre warning page. I've archived it, and it hasnt returned.

We installed comodo a few days ago because nothing seemed to find the source of the problem. Is my PC clean? Is it safe to do online banking etc?

Thank you very, very much for your help and time

shelf life
2011-09-03, 21:17
Hi,

See this link (http://www.bleepingcomputer.com/tutorials/tutorial151.html) on how to display normally hidden system files on W7.

Next go here (http://www.bleepingcomputer.com/submit-malware.php?channel=67) and using the browse button look for these two files on your machine, both in the C:/Windows directory and upload them one by one using the Send File button.

C:\Windows\rundll16.exe
C:\Windows\logo1_.exe