Jump to content


Photo
- - - - -

Malware.Trace&Trojan.Vundo (and possibly more...?)


  • This topic is locked This topic is locked
6 replies to this topic

#1 Itoshiki

Itoshiki

    New Member

  • Members
  • Pip
  • 5 posts

Posted 21 December 2008 - 02:59 PM

Hello,
my name is Zac.
Just recently (Yesterday) there was an attack on my computer (pop-ups), which I immidently took action on and ran a scan.
After the scan was finished, I removed everything, and then rebooted my computer (as instructed).

So when it finished restarting, I go to try and use the internet again, only to be greeted by more pop-ups.
So I ran yet another scan, only this time 2 items were picked up.
(This is from MBAM)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

So I did what I was told again and restarted. However when I went to try and use the internet again; more popups.
Ran another scan; same problem.

If anyone would be willing to help me fix this problem, it would be greatly appricitated.
I've been up for litterly almost 24 hours straight trying to fix this problem.
Thank you in advance.
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 3

12/21/2008 2:36:13 PM
mbam-log-2008-12-21 (14-36-13).txt

Scan type: Quick Scan
Objects scanned: 63522
Time elapsed: 9 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
--------------------------------------------------------------------------------------------------------------------------------------------------------------
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-12-21 13:42:00
PROTECTIONS: 1
MALWARE: 17
SUSPECTS: 15
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Norton AntiVirus 16.0.0.125 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00029036 adware/superspider Adware No 1 Yes No c:\windows\system32\a.exe
00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms juan
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\zac\favorites\health
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\zac\favorites\insurance
00046757 spyware/bridge Spyware No 1 Yes No c:\windows\system32\a.exe
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@atdmt[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@mediaplex[1].txt
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@tucows[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@bs.serving-sys[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@statse.webtrendslive[2].txt
00171475 adware/perfect-search Adware No 0 Yes No c:\documents and settings\zac\favorites\insurance\term life insurance.url
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@target[1].txt
00519333 Application/Processor HackTools No 0 Yes No C:\RECYCLER\S-1-5-21-823518204-2077806209-1801674531-1003\Dc342.exe
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location
;===============================================================================
================================================================================
=
===================
No C:\WINDOWS\System32\xydlaw.dll
No C:\WINDOWS\system32\xydlaw.dll
No C:\WINDOWS\system32\kvptifbq.dll
No C:\WINDOWS\system32\xydlaw.dll
No E:\Desktop Stuff\Files Needed\LocalHost_Multi-Client_v55_without_dmg_cap_swear_filter_disabled_and_drop_able_nx.rar[LocalHost.
exe]
No E:\MapleStory55\LocalHost55.exe
No E:\MapleStory55\LocalHost55.rar[LocalHost55.exe]
No E:\MapleStory55\NoDCFastAttbyjoen.exe
No E:\MapleStory58\localhost.exe
No E:\MapleStory58\localhost.rar[localhost.exe]
No E:\MapleStory58\pk's_edited_localhost.exe
No E:\MapleStory58\PlutoKiss_s_Edited_Localhost.zip[PlutoKiss's Edited Localhost/pk's_edited_localhost.exe]
No E:\MapleStory60\localhost60.exe
No E:\MapleStory60\localhost60.zip[localhost60.exe]
No E:\PlayOnline\SquareEnix\TetraMaster\polboot.exe
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:13 AM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\HPZipm12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: {7fe69e12-de0a-10bb-12e4-55b72766eba4} - {4abe6672-7b55-4e21-bb01-a0ed21e96ef7} - C:\WINDOWS\system32\xydlaw.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...abs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1228016758875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1229228389937
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - AppInit_DLLs: ofyuwz.dll xydlaw.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8090 bytes

#2 Itoshiki

Itoshiki

    New Member

  • Members
  • Pip
  • 5 posts

Posted 21 December 2008 - 06:50 PM

So can Malware.Trace and Trojan.Vundo not be removed?
I've still been working (after taking a small nap of course)
and I still can't find a way to successfully remove it.

Am I doomed?
:)

#3 Itoshiki

Itoshiki

    New Member

  • Members
  • Pip
  • 5 posts

Posted 21 December 2008 - 10:56 PM

Just a small update;
From the looks of it, I think I have completely removed the Trojan.Vundo itself.
The only thing I have left to deal with and won't go away is The Malware.Trace.
Any idea's of how I could possibly get rid of this nasty thing?

(MBAM Log: Recent)

Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 3

12/21/2008 10:45:21 PM
mbam-log-2008-12-21 (22-45-21).txt

Scan type: Quick Scan
Objects scanned: 50560
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
________________________________________________________________________________
_________________________________

(Combo Fix Log: Recent)

ComboFix 08-12-21.04 - Zac 2008-12-21 22:22:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2707 [GMT -5:00]
Running from: c:\documents and settings\Zac\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\hpowiax2.dll
c:\windows\system32\kvptifbq.dll
c:\windows\system32\nthbbywo.ini

.
((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-21 22:06 . 2008-12-21 22:06 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 21:34 . 2008-12-21 21:34 <DIR> d--hs---- c:\documents and settings\Zac\PrivacIE
2008-12-21 21:28 . 2008-12-21 21:29 <DIR> d--h-c--- c:\windows\ie8
2008-12-21 20:19 . 2008-12-21 20:23 <DIR> d-------- c:\program files\Exterminate It!
2008-12-21 20:07 . 2008-12-21 20:07 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-21 04:15 . 2008-12-21 04:15 <DIR> d-------- c:\program files\Panda Security
2008-12-21 04:15 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-21 04:06 . 2008-12-21 04:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-21 03:32 . 2008-12-21 03:32 <DIR> d-------- c:\program files\Enigma Software Group
2008-12-21 01:21 . 2008-12-21 01:21 <DIR> d-------- c:\documents and settings\Zac\Application Data\HP
2008-12-21 01:20 . 2008-12-21 01:21 <DIR> d-------- c:\program files\Common Files\HP
2008-12-21 01:19 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll
2008-12-21 01:18 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-21 01:18 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-21 01:14 . 2008-12-21 01:21 117,156 --a------ c:\windows\hpoins11.dat
2008-12-21 01:13 . 2006-04-12 19:02 827,392 --a------ c:\windows\system32\hpotiop2.dll
2008-12-21 01:13 . 2006-04-12 19:02 254,026 --a------ c:\windows\system32\hpovst09.dll
2008-12-21 01:12 . 2006-05-05 18:17 11,634 --a------ c:\windows\hpomdl11.dat
2008-12-21 00:53 . 2008-12-21 00:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-21 00:51 . 2008-12-21 01:20 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-21 00:51 . 2008-12-21 00:51 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-12-21 00:48 . 2008-12-21 01:20 <DIR> d-------- c:\program files\HP
2008-12-21 00:48 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll
2008-12-21 00:48 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll
2008-12-21 00:48 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll
2008-12-21 00:48 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-12-21 00:48 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe
2008-12-21 00:48 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll
2008-12-21 00:48 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-21 00:48 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-12-21 00:47 . 2006-04-12 19:04 49,664 --a------ c:\windows\system32\drivers\HPZid412.sys
2008-12-21 00:47 . 2006-04-12 19:04 21,568 --a------ c:\windows\system32\drivers\HPZius12.sys
2008-12-21 00:47 . 2006-04-12 19:04 16,496 --a------ c:\windows\system32\drivers\HPZipr12.sys
2008-12-21 00:46 . 2006-04-12 19:04 282,624 --a------ c:\windows\system32\HPZc3212.dll
2008-12-21 00:46 . 2005-07-18 20:38 98,304 --a------ c:\windows\system32\hpzjsn01.dll
2008-12-21 00:46 . 2006-01-04 03:12 77,824 --a------ c:\windows\system32\HPZIDS01.dll
2008-12-20 23:26 . 2008-12-20 23:26 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-20 23:26 . 2008-12-20 23:26 <DIR> d-------- c:\documents and settings\Zac\Application Data\SUPERAntiSpyware.com
2008-12-20 23:26 . 2008-12-20 23:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-20 23:25 . 2008-12-20 23:25 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-20 22:29 . 2008-12-20 22:29 <DIR> d-------- C:\VundoFix Backups
2008-12-20 14:23 . 2008-12-20 14:23 <DIR> d-------- c:\program files\Microsoft SQL Server
2008-12-20 14:23 . 2008-12-20 14:23 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-20 14:20 . 2008-12-20 14:21 <DIR> d-------- c:\program files\Microsoft Visual Studio 9.0
2008-12-20 14:20 . 2008-12-20 14:20 <DIR> d-------- c:\program files\Microsoft SDKs
2008-12-20 14:20 . 2008-12-20 14:21 <DIR> d-------- c:\program files\Common Files\Merge Modules
2008-12-20 14:20 . 2008-12-20 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-20 14:17 . 2008-12-20 18:10 <DIR> d-------- c:\windows\SxsCaPendDel
2008-12-20 14:17 . 2008-12-20 14:18 <DIR> d-------- C:\2ba7307b42c696e53db568a3
2008-12-18 14:32 . 2008-12-18 14:32 494 --a------ c:\windows\replace.vbs
2008-12-17 00:46 . 2008-12-17 00:46 <DIR> d-------- c:\documents and settings\Zac\Application Data\Broad Intelligence
2008-12-17 00:44 . 2008-12-17 03:08 <DIR> d-------- c:\program files\MediaCoder
2008-12-17 00:39 . 2008-12-17 00:39 <DIR> d-------- c:\program files\Veoh Networks
2008-12-16 19:10 . 2008-12-16 19:10 <DIR> d-------- c:\documents and settings\Zac\Application Data\TortoiseSVN
2008-12-16 19:08 . 2008-12-16 19:08 <DIR> d-------- c:\documents and settings\Zac\Application Data\Nexon
2008-12-16 18:41 . 2008-12-16 18:41 <DIR> d-------- c:\program files\HashCalc
2008-12-16 18:25 . 2008-12-16 18:25 <DIR> d-------- c:\program files\TortoiseSVN
2008-12-16 18:25 . 2008-12-16 18:25 <DIR> d-------- c:\program files\Common Files\TortoiseOverlays
2008-12-16 18:25 . 2008-12-16 18:25 <DIR> d-------- c:\documents and settings\Zac\Application Data\Subversion
2008-12-16 18:15 . 2008-12-16 18:15 <DIR> d-------- c:\windows\Sun
2008-12-16 18:15 . 2008-12-19 15:33 <DIR> d-------- c:\documents and settings\Zac\Application Data\MySQL
2008-12-16 18:15 . 2008-12-16 18:15 <DIR> d-------- c:\documents and settings\Zac\.netbeans-derby
2008-12-16 18:14 . 2008-12-16 18:14 <DIR> d-------- c:\documents and settings\Zac\.netbeans
2008-12-16 18:13 . 2008-12-16 18:13 <DIR> d-------- c:\program files\glassfish-v3-prelude
2008-12-16 18:13 . 2008-12-16 18:13 <DIR> d-------- c:\documents and settings\Zac\.netbeans-registration
2008-12-16 18:12 . 2008-12-18 14:23 <DIR> d-------- c:\program files\glassfish-v2ur2
2008-12-16 18:05 . 2008-12-16 18:13 <DIR> d-------- c:\program files\NetBeans 6.5
2008-12-16 18:04 . 2008-12-16 18:14 <DIR> d-------- c:\documents and settings\Zac\.nbi
2008-12-16 17:58 . 2008-12-19 15:52 <DIR> d-------- C:\Nexon
2008-12-16 17:46 . 2008-12-16 17:48 <DIR> d-------- c:\program files\MySQL
2008-12-16 17:39 . 2008-12-16 17:39 <DIR> d-------- c:\program files\Sun
2008-12-16 17:39 . 2008-12-21 22:06 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-16 17:35 . 2008-12-16 17:35 <DIR> d-------- c:\program files\Common Files\Java
2008-12-16 17:33 . 2008-12-16 18:26 <DIR> d-------- c:\program files\Java
2008-12-16 17:14 . 2008-12-16 17:29 95 --a------ c:\windows\system32\productregistry
2008-12-16 16:55 . 2008-12-19 23:43 <DIR> d-------- c:\documents and settings\Zac\Application Data\Hamachi
2008-12-16 16:54 . 2008-12-16 16:55 <DIR> d-------- c:\program files\Hamachi
2008-12-16 16:54 . 2008-12-16 16:54 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2008-12-13 23:35 . 2008-12-13 23:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-13 23:35 . 2008-12-13 23:35 <DIR> d-------- c:\documents and settings\Zac\Application Data\Malwarebytes
2008-12-13 23:35 . 2008-12-13 23:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-13 23:35 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-13 23:35 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-13 22:31 . 2008-12-13 22:31 62,358,710 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-12-13 21:29 . 2008-12-13 21:29 <DIR> d--h----- c:\windows\PIF
2008-12-13 13:11 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2008-12-13 13:11 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2008-12-13 13:11 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2008-12-13 13:11 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2008-12-13 13:11 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2008-12-13 13:11 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2008-12-13 13:03 . 2008-12-13 13:03 <DIR> d-------- c:\program files\Ubisoft
2008-12-13 01:40 . 2008-12-05 04:52 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2008-12-12 15:24 . 2008-12-12 15:24 <DIR> d-------- c:\documents and settings\Zac\Application Data\DivX
2008-12-12 15:23 . 2008-12-12 15:23 <DIR> d-------- c:\program files\DivX
2008-12-12 15:19 . 2008-12-12 15:19 <DIR> d-------- c:\windows\system32\QuickTime
2008-12-12 15:19 . 2008-12-12 15:19 <DIR> d-------- c:\program files\TechSmith
2008-12-12 15:19 . 2008-12-12 15:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\TechSmith
2008-12-12 15:19 . 2006-06-14 21:13 102,400 --a------ c:\windows\system32\tsccvid.dll
2008-12-11 18:12 . 2008-12-11 18:12 <DIR> d-------- c:\program files\Macromedia
2008-12-11 18:12 . 2008-12-11 18:12 <DIR> d-------- c:\program files\Common Files\Macromedia Shared
2008-12-11 18:12 . 2008-12-11 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2008-12-11 18:00 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-12-09 19:58 . 2008-12-13 15:34 <DIR> d-------- c:\program files\NLVM
2008-12-09 19:57 . 2008-12-13 15:33 <DIR> d--h----- c:\program files\Zero G Registry
2008-12-07 00:41 . 2008-12-06 16:19 146,453 --a------ C:\1214433052944.jpg
2008-12-07 00:26 . 2008-12-07 00:26 <DIR> d-------- c:\program files\Microsoft IntelliPoint
2008-12-07 00:26 . 2008-06-10 13:04 31,048 --a------ c:\windows\system32\drivers\point32.sys
2008-12-07 00:24 . 2008-12-07 00:24 <DIR> d-------- c:\program files\Microsoft IntelliType Pro
2008-12-06 20:16 . 2008-12-06 20:16 <DIR> dr------- c:\program files\Norton Support
2008-12-05 21:37 . 2008-12-06 20:03 <DIR> d-------- c:\program files\LibUSB-Win32-0.1.10.1
2008-12-05 21:37 . 2005-03-09 20:50 46,592 --a------ c:\windows\system32\libusb0.dll
2008-12-05 21:37 . 2005-03-09 20:50 33,792 --a------ c:\windows\system32\drivers\libusb0.sys
2008-12-05 21:26 . 2008-12-05 21:26 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Xfire
2008-12-05 21:25 . 2008-12-13 14:31 <DIR> d-------- c:\program files\Xfire
2008-12-05 21:25 . 2008-12-14 03:50 <DIR> d-------- c:\documents and settings\Zac\Application Data\Xfire
2008-12-02 14:48 . 2008-12-02 14:49 <DIR> d-------- c:\program files\Google
2008-12-01 22:06 . 2008-12-01 22:07 <DIR> d-------- c:\program files\Guild Wars
2008-12-01 02:20 . 2008-12-01 02:20 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-01 02:05 . 2008-12-01 02:05 <DIR> d-------- c:\program files\Bethesda Softworks
2008-12-01 02:05 . 2008-12-01 02:05 <DIR> d-------- c:\documents and settings\Zac\Application Data\InstallShield Installation Information
2008-12-01 02:04 . 2008-12-01 02:04 <DIR> d-------- c:\windows\Logs
2008-12-01 02:04 . 2008-12-01 02:04 <DIR> d-------- c:\program files\MSBuild
2008-12-01 02:04 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-12-01 02:03 . 2008-12-20 14:18 <DIR> d-------- c:\windows\system32\XPSViewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 01:47 960 --sha-w C:\vjojavz3.sys
2008-11-30 01:47 --------- d-----w c:\program files\microsoft frontpage
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-11-20 20:45 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:07 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-02 39408]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 872448]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-10-08 864256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ofyuwz.dll xydlaw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\ezshot\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_06\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-21 28544]
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS []
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-10 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NAV\1002000.007\ccHPx86.sys [2008-12-10 362544]
R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081220.001\IDSxpx86.sys [2008-12-20 274808]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 Norton AntiVirus;Norton AntiVirus;"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe" /s "Norton AntiVirus" /m "c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll" /prefetch:1 []
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-12-05 33792]
S3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys [2008-11-30 176640]
S3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys [2008-11-30 27264]
.
.
------- Supplementary Scan -------
.
uStart Page = www.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 22:30:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1108)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(244)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\searchindexer.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
.
**************************************************************************
.
Completion time: 2008-12-21 22:34:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-22 03:34:35

Pre-Run: 241,227,358,208 bytes free
Post-Run: 243,201,490,944 bytes free

339 --- E O F --- 2008-12-22 01:07:16

#4 Itoshiki

Itoshiki

    New Member

  • Members
  • Pip
  • 5 posts

Posted 22 December 2008 - 03:02 AM

Well, Im heading off to bed for the night.
I'll try to wake up as soon as possible tomorrow in case someone responds.

Thank you again.

#5 Itoshiki

Itoshiki

    New Member

  • Members
  • Pip
  • 5 posts

Posted 22 December 2008 - 04:15 PM

Hey everyone, this is Zac again.
I'm just here to say that the Maleware.Trace and Trojan.Vundo problem
has been solved (well, as far as I know at least)

Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 3

12/22/2008 4:07:16 PM
mbam-log-2008-12-22 (16-07-16).txt

Scan type: Quick Scan
Objects scanned: 52719
Time elapsed: 1 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

It took alot of time and effort, but I have done it.
Best of wishes to everyone.

#6 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,477 posts
  • Gender:Male
  • Location:US

Posted 22 December 2008 - 05:24 PM

Hello Zac,

Really sorry for the late reply but the site has been very busy lately. If you can please reboot the computer and then run a new HJT scan and save log and post that back and I'll review and let you know if I still see anything wrong.

Thanks.

#7 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,477 posts
  • Gender:Male
  • Location:US

Posted 05 January 2009 - 05:54 AM

No response so I'll close this post now

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users