Itoshiki

Members
  • Content count

    5
  • Joined

  • Last visited

About Itoshiki

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Hey everyone, this is Zac again. I'm just here to say that the Maleware.Trace and Trojan.Vundo problem has been solved (well, as far as I know at least) Malwarebytes' Anti-Malware 1.31 Database version: 1528 Windows 5.1.2600 Service Pack 3 12/22/2008 4:07:16 PM mbam-log-2008-12-22 (16-07-16).txt Scan type: Quick Scan Objects scanned: 52719 Time elapsed: 1 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) It took alot of time and effort, but I have done it. Best of wishes to everyone.
  2. Well, Im heading off to bed for the night. I'll try to wake up as soon as possible tomorrow in case someone responds. Thank you again.
  3. Just a small update; From the looks of it, I think I have completely removed the Trojan.Vundo itself. The only thing I have left to deal with and won't go away is The Malware.Trace. Any idea's of how I could possibly get rid of this nasty thing? (MBAM Log: Recent) Malwarebytes' Anti-Malware 1.31 Database version: 1528 Windows 5.1.2600 Service Pack 3 12/21/2008 10:45:21 PM mbam-log-2008-12-21 (22-45-21).txt Scan type: Quick Scan Objects scanned: 50560 Time elapsed: 3 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ________________________________________________________________________________ _________________________________ (Combo Fix Log: Recent) ComboFix 08-12-21.04 - Zac 2008-12-21 22:22:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2707 [GMT -5:00] Running from: c:\documents and settings\Zac\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\hpowiax2.dll c:\windows\system32\kvptifbq.dll c:\windows\system32\nthbbywo.ini . ((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 ))))))))))))))))))))))))))))))) . 2008-12-21 22:06 . 2008-12-21 22:06 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-21 21:34 . 2008-12-21 21:34 <DIR> d--hs---- c:\documents and settings\Zac\PrivacIE 2008-12-21 21:28 . 2008-12-21 21:29 <DIR> d--h-c--- c:\windows\ie8 2008-12-21 20:19 . 2008-12-21 20:23 <DIR> d-------- c:\program files\Exterminate It! 2008-12-21 20:07 . 2008-12-21 20:07 <DIR> d-------- c:\program files\MSXML 4.0 2008-12-21 04:15 . 2008-12-21 04:15 <DIR> d-------- c:\program files\Panda Security 2008-12-21 04:15 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2008-12-21 04:06 . 2008-12-21 04:06 <DIR> d-------- c:\program files\Trend Micro 2008-12-21 03:32 . 2008-12-21 03:32 <DIR> d-------- c:\program files\Enigma Software Group 2008-12-21 01:21 . 2008-12-21 01:21 <DIR> d-------- c:\documents and settings\Zac\Application Data\HP 2008-12-21 01:20 . 2008-12-21 01:21 <DIR> d-------- c:\program files\Common Files\HP 2008-12-21 01:19 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll 2008-12-21 01:18 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2008-12-21 01:18 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2008-12-21 01:14 . 2008-12-21 01:21 117,156 --a------ c:\windows\hpoins11.dat 2008-12-21 01:13 . 2006-04-12 19:02 827,392 --a------ c:\windows\system32\hpotiop2.dll 2008-12-21 01:13 . 2006-04-12 19:02 254,026 --a------ c:\windows\system32\hpovst09.dll 2008-12-21 01:12 . 2006-05-05 18:17 11,634 --a------ c:\windows\hpomdl11.dat 2008-12-21 00:53 . 2008-12-21 00:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP 2008-12-21 00:51 . 2008-12-21 01:20 <DIR> d-------- c:\program files\Hewlett-Packard 2008-12-21 00:51 . 2008-12-21 00:51 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard 2008-12-21 00:48 . 2008-12-21 01:20 <DIR> d-------- c:\program files\HP 2008-12-21 00:48 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll 2008-12-21 00:48 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll 2008-12-21 00:48 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll 2008-12-21 00:48 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe 2008-12-21 00:48 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe 2008-12-21 00:48 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll 2008-12-21 00:48 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-12-21 00:48 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2008-12-21 00:47 . 2006-04-12 19:04 49,664 --a------ c:\windows\system32\drivers\HPZid412.sys 2008-12-21 00:47 . 2006-04-12 19:04 21,568 --a------ c:\windows\system32\drivers\HPZius12.sys 2008-12-21 00:47 . 2006-04-12 19:04 16,496 --a------ c:\windows\system32\drivers\HPZipr12.sys 2008-12-21 00:46 . 2006-04-12 19:04 282,624 --a------ c:\windows\system32\HPZc3212.dll 2008-12-21 00:46 . 2005-07-18 20:38 98,304 --a------ c:\windows\system32\hpzjsn01.dll 2008-12-21 00:46 . 2006-01-04 03:12 77,824 --a------ c:\windows\system32\HPZIDS01.dll 2008-12-20 23:26 . 2008-12-20 23:26 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-12-20 23:26 . 2008-12-20 23:26 <DIR> d-------- c:\documents and settings\Zac\Application Data\SUPERAntiSpyware.com 2008-12-20 23:26 . 2008-12-20 23:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-12-20 23:25 . 2008-12-20 23:25 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-12-20 22:29 . 2008-12-20 22:29 <DIR> d-------- C:\VundoFix Backups 2008-12-20 14:23 . 2008-12-20 14:23 <DIR> d-------- c:\program files\Microsoft SQL Server 2008-12-20 14:23 . 2008-12-20 14:23 <DIR> d-------- c:\program files\Microsoft Silverlight 2008-12-20 14:20 . 2008-12-20 14:21 <DIR> d-------- c:\program files\Microsoft Visual Studio 9.0 2008-12-20 14:20 . 2008-12-20 14:20 <DIR> d-------- c:\program files\Microsoft SDKs 2008-12-20 14:20 . 2008-12-20 14:21 <DIR> d-------- c:\program files\Common Files\Merge Modules 2008-12-20 14:20 . 2008-12-20 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-20 14:17 . 2008-12-20 18:10 <DIR> d-------- c:\windows\SxsCaPendDel 2008-12-20 14:17 . 2008-12-20 14:18 <DIR> d-------- C:\2ba7307b42c696e53db568a3 2008-12-18 14:32 . 2008-12-18 14:32 494 --a------ c:\windows\replace.vbs 2008-12-17 00:46 . 2008-12-17 00:46 <DIR> d-------- c:\documents and settings\Zac\Application Data\Broad Intelligence 2008-12-17 00:44 . 2008-12-17 03:08 <DIR> d-------- c:\program files\MediaCoder 2008-12-17 00:39 . 2008-12-17 00:39 <DIR> d-------- c:\program files\Veoh Networks 2008-12-16 19:10 . 2008-12-16 19:10 <DIR> d-------- c:\documents and settings\Zac\Application Data\TortoiseSVN 2008-12-16 19:08 . 2008-12-16 19:08 <DIR> d-------- c:\documents and settings\Zac\Application Data\Nexon 2008-12-16 18:41 . 2008-12-16 18:41 <DIR> d-------- c:\program files\HashCalc 2008-12-16 18:25 . 2008-12-16 18:25 <DIR> d-------- c:\program files\TortoiseSVN 2008-12-16 18:25 . 2008-12-16 18:25 <DIR> d-------- c:\program files\Common Files\TortoiseOverlays 2008-12-16 18:25 . 2008-12-16 18:25 <DIR> d-------- c:\documents and settings\Zac\Application Data\Subversion 2008-12-16 18:15 . 2008-12-16 18:15 <DIR> d-------- c:\windows\Sun 2008-12-16 18:15 . 2008-12-19 15:33 <DIR> d-------- c:\documents and settings\Zac\Application Data\MySQL 2008-12-16 18:15 . 2008-12-16 18:15 <DIR> d-------- c:\documents and settings\Zac\.netbeans-derby 2008-12-16 18:14 . 2008-12-16 18:14 <DIR> d-------- c:\documents and settings\Zac\.netbeans 2008-12-16 18:13 . 2008-12-16 18:13 <DIR> d-------- c:\program files\glassfish-v3-prelude 2008-12-16 18:13 . 2008-12-16 18:13 <DIR> d-------- c:\documents and settings\Zac\.netbeans-registration 2008-12-16 18:12 . 2008-12-18 14:23 <DIR> d-------- c:\program files\glassfish-v2ur2 2008-12-16 18:05 . 2008-12-16 18:13 <DIR> d-------- c:\program files\NetBeans 6.5 2008-12-16 18:04 . 2008-12-16 18:14 <DIR> d-------- c:\documents and settings\Zac\.nbi 2008-12-16 17:58 . 2008-12-19 15:52 <DIR> d-------- C:\Nexon 2008-12-16 17:46 . 2008-12-16 17:48 <DIR> d-------- c:\program files\MySQL 2008-12-16 17:39 . 2008-12-16 17:39 <DIR> d-------- c:\program files\Sun 2008-12-16 17:39 . 2008-12-21 22:06 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-12-16 17:35 . 2008-12-16 17:35 <DIR> d-------- c:\program files\Common Files\Java 2008-12-16 17:33 . 2008-12-16 18:26 <DIR> d-------- c:\program files\Java 2008-12-16 17:14 . 2008-12-16 17:29 95 --a------ c:\windows\system32\productregistry 2008-12-16 16:55 . 2008-12-19 23:43 <DIR> d-------- c:\documents and settings\Zac\Application Data\Hamachi 2008-12-16 16:54 . 2008-12-16 16:55 <DIR> d-------- c:\program files\Hamachi 2008-12-16 16:54 . 2008-12-16 16:54 25,280 --a------ c:\windows\system32\drivers\hamachi.sys 2008-12-13 23:35 . 2008-12-13 23:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-13 23:35 . 2008-12-13 23:35 <DIR> d-------- c:\documents and settings\Zac\Application Data\Malwarebytes 2008-12-13 23:35 . 2008-12-13 23:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-13 23:35 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-13 23:35 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-13 22:31 . 2008-12-13 22:31 62,358,710 --a------ C:\SYM_REGISTRY_BACKUP.reg 2008-12-13 21:29 . 2008-12-13 21:29 <DIR> d--h----- c:\windows\PIF 2008-12-13 13:11 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll 2008-12-13 13:11 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll 2008-12-13 13:11 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll 2008-12-13 13:11 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll 2008-12-13 13:11 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll 2008-12-13 13:11 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll 2008-12-13 13:03 . 2008-12-13 13:03 <DIR> d-------- c:\program files\Ubisoft 2008-12-13 01:40 . 2008-12-05 04:52 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys 2008-12-12 15:24 . 2008-12-12 15:24 <DIR> d-------- c:\documents and settings\Zac\Application Data\DivX 2008-12-12 15:23 . 2008-12-12 15:23 <DIR> d-------- c:\program files\DivX 2008-12-12 15:19 . 2008-12-12 15:19 <DIR> d-------- c:\windows\system32\QuickTime 2008-12-12 15:19 . 2008-12-12 15:19 <DIR> d-------- c:\program files\TechSmith 2008-12-12 15:19 . 2008-12-12 15:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\TechSmith 2008-12-12 15:19 . 2006-06-14 21:13 102,400 --a------ c:\windows\system32\tsccvid.dll 2008-12-11 18:12 . 2008-12-11 18:12 <DIR> d-------- c:\program files\Macromedia 2008-12-11 18:12 . 2008-12-11 18:12 <DIR> d-------- c:\program files\Common Files\Macromedia Shared 2008-12-11 18:12 . 2008-12-11 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision 2008-12-11 18:00 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2008-12-09 19:58 . 2008-12-13 15:34 <DIR> d-------- c:\program files\NLVM 2008-12-09 19:57 . 2008-12-13 15:33 <DIR> d--h----- c:\program files\Zero G Registry 2008-12-07 00:41 . 2008-12-06 16:19 146,453 --a------ C:\1214433052944.jpg 2008-12-07 00:26 . 2008-12-07 00:26 <DIR> d-------- c:\program files\Microsoft IntelliPoint 2008-12-07 00:26 . 2008-06-10 13:04 31,048 --a------ c:\windows\system32\drivers\point32.sys 2008-12-07 00:24 . 2008-12-07 00:24 <DIR> d-------- c:\program files\Microsoft IntelliType Pro 2008-12-06 20:16 . 2008-12-06 20:16 <DIR> dr------- c:\program files\Norton Support 2008-12-05 21:37 . 2008-12-06 20:03 <DIR> d-------- c:\program files\LibUSB-Win32-0.1.10.1 2008-12-05 21:37 . 2005-03-09 20:50 46,592 --a------ c:\windows\system32\libusb0.dll 2008-12-05 21:37 . 2005-03-09 20:50 33,792 --a------ c:\windows\system32\drivers\libusb0.sys 2008-12-05 21:26 . 2008-12-05 21:26 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Xfire 2008-12-05 21:25 . 2008-12-13 14:31 <DIR> d-------- c:\program files\Xfire 2008-12-05 21:25 . 2008-12-14 03:50 <DIR> d-------- c:\documents and settings\Zac\Application Data\Xfire 2008-12-02 14:48 . 2008-12-02 14:49 <DIR> d-------- c:\program files\Google 2008-12-01 22:06 . 2008-12-01 22:07 <DIR> d-------- c:\program files\Guild Wars 2008-12-01 02:20 . 2008-12-01 02:20 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-12-01 02:05 . 2008-12-01 02:05 <DIR> d-------- c:\program files\Bethesda Softworks 2008-12-01 02:05 . 2008-12-01 02:05 <DIR> d-------- c:\documents and settings\Zac\Application Data\InstallShield Installation Information 2008-12-01 02:04 . 2008-12-01 02:04 <DIR> d-------- c:\windows\Logs 2008-12-01 02:04 . 2008-12-01 02:04 <DIR> d-------- c:\program files\MSBuild 2008-12-01 02:04 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2008-12-01 02:03 . 2008-12-20 14:18 <DIR> d-------- c:\windows\system32\XPSViewer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-30 01:47 960 --sha-w C:\vjojavz3.sys 2008-11-30 01:47 --------- d-----w c:\program files\microsoft frontpage 2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe 2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll 2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe 2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll 2008-11-20 20:45 42,320 ----a-w c:\windows\system32\xfcodec.dll 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 19:07 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-02 39408] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 872448] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-10-08 864256] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=ofyuwz.dll xydlaw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Steam\\steamapps\\ezshot\\team fortress 2\\hl2.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"= "c:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Java\\jre1.6.0_06\\bin\\java.exe"= "c:\\Program Files\\Java\\jdk1.6.0_06\\bin\\java.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-21 28544] R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS [] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-10 255536] R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NAV\1002000.007\ccHPx86.sys [2008-12-10 362544] R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081220.001\IDSxpx86.sys [2008-12-20 274808] R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944] R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024] R2 Norton AntiVirus;Norton AntiVirus;"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe" /s "Norton AntiVirus" /m "c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll" /prefetch:1 [] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992] R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408] S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152] S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-12-05 33792] S3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys [2008-11-30 176640] S3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys [2008-11-30 27264] . . ------- Supplementary Scan ------- . uStart Page = www.msn.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-21 22:30:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1108) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(244) c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll c:\progra~1\WINDOW~2\wmpband.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\TortoiseSVN\bin\TSVNCache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\system32\searchindexer.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe . ************************************************************************** . Completion time: 2008-12-21 22:34:40 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-22 03:34:35 Pre-Run: 241,227,358,208 bytes free Post-Run: 243,201,490,944 bytes free 339 --- E O F --- 2008-12-22 01:07:16
  4. So can Malware.Trace and Trojan.Vundo not be removed? I've still been working (after taking a small nap of course) and I still can't find a way to successfully remove it. Am I doomed?
  5. Hello, my name is Zac. Just recently (Yesterday) there was an attack on my computer (pop-ups), which I immidently took action on and ran a scan. After the scan was finished, I removed everything, and then rebooted my computer (as instructed). So when it finished restarting, I go to try and use the internet again, only to be greeted by more pop-ups. So I ran yet another scan, only this time 2 items were picked up. (This is from MBAM) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. So I did what I was told again and restarted. However when I went to try and use the internet again; more popups. Ran another scan; same problem. If anyone would be willing to help me fix this problem, it would be greatly appricitated. I've been up for litterly almost 24 hours straight trying to fix this problem. Thank you in advance. -------------------------------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.31 Database version: 1528 Windows 5.1.2600 Service Pack 3 12/21/2008 2:36:13 PM mbam-log-2008-12-21 (14-36-13).txt Scan type: Quick Scan Objects scanned: 63522 Time elapsed: 9 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------------------------------------------------------------------------------------------- ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-12-21 13:42:00 PROTECTIONS: 1 MALWARE: 17 SUSPECTS: 15 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Norton AntiVirus 16.0.0.125 Yes Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00029036 adware/superspider Adware No 1 Yes No c:\windows\system32\a.exe 00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms juan 00039204 adware/cws Adware No 0 Yes No c:\documents and settings\zac\favorites\health 00039204 adware/cws Adware No 0 Yes No c:\documents and settings\zac\favorites\insurance 00046757 spyware/bridge Spyware No 1 Yes No c:\windows\system32\a.exe 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@atdmt[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@tribalfusion[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@mediaplex[1].txt 00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@tucows[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@ad.yieldmanager[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@apmebf[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@bs.serving-sys[1].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@statse.webtrendslive[2].txt 00171475 adware/perfect-search Adware No 0 Yes No c:\documents and settings\zac\favorites\insurance\term life insurance.url 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@target[1].txt 00519333 Application/Processor HackTools No 0 Yes No C:\RECYCLER\S-1-5-21-823518204-2077806209-1801674531-1003\Dc342.exe ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location ;=============================================================================== ================================================================================ = =================== No C:\WINDOWS\System32\xydlaw.dll No C:\WINDOWS\system32\xydlaw.dll No C:\WINDOWS\system32\kvptifbq.dll No C:\WINDOWS\system32\xydlaw.dll No E:\Desktop Stuff\Files Needed\LocalHost_Multi-Client_v55_without_dmg_cap_swear_filter_disabled_and_drop_able_nx.rar[LocalHost. exe] No E:\MapleStory55\LocalHost55.exe No E:\MapleStory55\LocalHost55.rar[LocalHost55.exe] No E:\MapleStory55\NoDCFastAttbyjoen.exe No E:\MapleStory58\localhost.exe No E:\MapleStory58\localhost.rar[localhost.exe] No E:\MapleStory58\pk's_edited_localhost.exe No E:\MapleStory58\PlutoKiss_s_Edited_Localhost.zip[PlutoKiss's Edited Localhost/pk's_edited_localhost.exe] No E:\MapleStory60\localhost60.exe No E:\MapleStory60\localhost60.zip[localhost60.exe] No E:\PlayOnline\SquareEnix\TetraMaster\polboot.exe ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== -------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:07:13 AM, on 12/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DNA\btdna.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe C:\WINDOWS\System32\alg.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\HPZipm12.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: {7fe69e12-de0a-10bb-12e4-55b72766eba4} - {4abe6672-7b55-4e21-bb01-a0ed21e96ef7} - C:\WINDOWS\system32\xydlaw.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1228016758875 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229228389937 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: ofyuwz.dll xydlaw.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8090 bytes