Itoshiki

Malware.Trace&Trojan.Vundo (and possibly more...?)

7 posts in this topic

Hello,

my name is Zac.

Just recently (Yesterday) there was an attack on my computer (pop-ups), which I immidently took action on and ran a scan.

After the scan was finished, I removed everything, and then rebooted my computer (as instructed).

So when it finished restarting, I go to try and use the internet again, only to be greeted by more pop-ups.

So I ran yet another scan, only this time 2 items were picked up.

(This is from MBAM)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

So I did what I was told again and restarted. However when I went to try and use the internet again; more popups.

Ran another scan; same problem.

If anyone would be willing to help me fix this problem, it would be greatly appricitated.

I've been up for litterly almost 24 hours straight trying to fix this problem.

Thank you in advance.

--------------------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.31

Database version: 1528

Windows 5.1.2600 Service Pack 3

12/21/2008 2:36:13 PM

mbam-log-2008-12-21 (14-36-13).txt

Scan type: Quick Scan

Objects scanned: 63522

Time elapsed: 9 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

--------------------------------------------------------------------------------------------------------------------------------------------------------------

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-21 13:42:00

PROTECTIONS: 1

MALWARE: 17

SUSPECTS: 15

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Norton AntiVirus 16.0.0.125 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00029036 adware/superspider Adware No 1 Yes No c:\windows\system32\a.exe

00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms juan

00039204 adware/cws Adware No 0 Yes No c:\documents and settings\zac\favorites\health

00039204 adware/cws Adware No 0 Yes No c:\documents and settings\zac\favorites\insurance

00046757 spyware/bridge Spyware No 1 Yes No c:\windows\system32\a.exe

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@atdmt[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@tribalfusion[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@mediaplex[1].txt

00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@tucows[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@ad.yieldmanager[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@apmebf[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@bs.serving-sys[1].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@statse.webtrendslive[2].txt

00171475 adware/perfect-search Adware No 0 Yes No c:\documents and settings\zac\favorites\insurance\term life insurance.url

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Zac\Cookies\zac@target[1].txt

00519333 Application/Processor HackTools No 0 Yes No C:\RECYCLER\S-1-5-21-823518204-2077806209-1801674531-1003\Dc342.exe

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

No C:\WINDOWS\System32\xydlaw.dll

No C:\WINDOWS\system32\xydlaw.dll

No C:\WINDOWS\system32\kvptifbq.dll

No C:\WINDOWS\system32\xydlaw.dll

No E:\Desktop Stuff\Files Needed\LocalHost_Multi-Client_v55_without_dmg_cap_swear_filter_disabled_and_drop_able_nx.rar[LocalHost.

exe]

No E:\MapleStory55\LocalHost55.exe

No E:\MapleStory55\LocalHost55.rar[LocalHost55.exe]

No E:\MapleStory55\NoDCFastAttbyjoen.exe

No E:\MapleStory58\localhost.exe

No E:\MapleStory58\localhost.rar[localhost.exe]

No E:\MapleStory58\pk's_edited_localhost.exe

No E:\MapleStory58\PlutoKiss_s_Edited_Localhost.zip[PlutoKiss's Edited Localhost/pk's_edited_localhost.exe]

No E:\MapleStory60\localhost60.exe

No E:\MapleStory60\localhost60.zip[localhost60.exe]

No E:\PlayOnline\SquareEnix\TetraMaster\polboot.exe

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

--------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:07:13 AM, on 12/21/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\HPZipm12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: {7fe69e12-de0a-10bb-12e4-55b72766eba4} - {4abe6672-7b55-4e21-bb01-a0ed21e96ef7} - C:\WINDOWS\system32\xydlaw.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1228016758875

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229228389937

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: ofyuwz.dll xydlaw.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 8090 bytes

Share this post


Link to post
Share on other sites

So can Malware.Trace and Trojan.Vundo not be removed?

I've still been working (after taking a small nap of course)

and I still can't find a way to successfully remove it.

Am I doomed?

:)

Share this post


Link to post
Share on other sites

Just a small update;

From the looks of it, I think I have completely removed the Trojan.Vundo itself.

The only thing I have left to deal with and won't go away is The Malware.Trace.

Any idea's of how I could possibly get rid of this nasty thing?

(MBAM Log: Recent)

Malwarebytes' Anti-Malware 1.31

Database version: 1528

Windows 5.1.2600 Service Pack 3

12/21/2008 10:45:21 PM

mbam-log-2008-12-21 (22-45-21).txt

Scan type: Quick Scan

Objects scanned: 50560

Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Delete on reboot.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

________________________________________________________________________________

_________________________________

(Combo Fix Log: Recent)

ComboFix 08-12-21.04 - Zac 2008-12-21 22:22:42.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2707 [GMT -5:00]

Running from: c:\documents and settings\Zac\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\hpowiax2.dll

c:\windows\system32\kvptifbq.dll

c:\windows\system32\nthbbywo.ini

.

((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))

.

2008-12-21 22:06 . 2008-12-21 22:06 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-21 21:34 . 2008-12-21 21:34 <DIR> d--hs---- c:\documents and settings\Zac\PrivacIE

2008-12-21 21:28 . 2008-12-21 21:29 <DIR> d--h-c--- c:\windows\ie8

2008-12-21 20:19 . 2008-12-21 20:23 <DIR> d-------- c:\program files\Exterminate It!

2008-12-21 20:07 . 2008-12-21 20:07 <DIR> d-------- c:\program files\MSXML 4.0

2008-12-21 04:15 . 2008-12-21 04:15 <DIR> d-------- c:\program files\Panda Security

2008-12-21 04:15 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-12-21 04:06 . 2008-12-21 04:06 <DIR> d-------- c:\program files\Trend Micro

2008-12-21 03:32 . 2008-12-21 03:32 <DIR> d-------- c:\program files\Enigma Software Group

2008-12-21 01:21 . 2008-12-21 01:21 <DIR> d-------- c:\documents and settings\Zac\Application Data\HP

2008-12-21 01:20 . 2008-12-21 01:21 <DIR> d-------- c:\program files\Common Files\HP

2008-12-21 01:19 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll

2008-12-21 01:18 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2008-12-21 01:18 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

2008-12-21 01:14 . 2008-12-21 01:21 117,156 --a------ c:\windows\hpoins11.dat

2008-12-21 01:13 . 2006-04-12 19:02 827,392 --a------ c:\windows\system32\hpotiop2.dll

2008-12-21 01:13 . 2006-04-12 19:02 254,026 --a------ c:\windows\system32\hpovst09.dll

2008-12-21 01:12 . 2006-05-05 18:17 11,634 --a------ c:\windows\hpomdl11.dat

2008-12-21 00:53 . 2008-12-21 00:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP

2008-12-21 00:51 . 2008-12-21 01:20 <DIR> d-------- c:\program files\Hewlett-Packard

2008-12-21 00:51 . 2008-12-21 00:51 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard

2008-12-21 00:48 . 2008-12-21 01:20 <DIR> d-------- c:\program files\HP

2008-12-21 00:48 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll

2008-12-21 00:48 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll

2008-12-21 00:48 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll

2008-12-21 00:48 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe

2008-12-21 00:48 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe

2008-12-21 00:48 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll

2008-12-21 00:48 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys

2008-12-21 00:48 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys

2008-12-21 00:47 . 2006-04-12 19:04 49,664 --a------ c:\windows\system32\drivers\HPZid412.sys

2008-12-21 00:47 . 2006-04-12 19:04 21,568 --a------ c:\windows\system32\drivers\HPZius12.sys

2008-12-21 00:47 . 2006-04-12 19:04 16,496 --a------ c:\windows\system32\drivers\HPZipr12.sys

2008-12-21 00:46 . 2006-04-12 19:04 282,624 --a------ c:\windows\system32\HPZc3212.dll

2008-12-21 00:46 . 2005-07-18 20:38 98,304 --a------ c:\windows\system32\hpzjsn01.dll

2008-12-21 00:46 . 2006-01-04 03:12 77,824 --a------ c:\windows\system32\HPZIDS01.dll

2008-12-20 23:26 . 2008-12-20 23:26 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-12-20 23:26 . 2008-12-20 23:26 <DIR> d-------- c:\documents and settings\Zac\Application Data\SUPERAntiSpyware.com

2008-12-20 23:26 . 2008-12-20 23:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-12-20 23:25 . 2008-12-20 23:25 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-12-20 22:29 . 2008-12-20 22:29 <DIR> d-------- C:\VundoFix Backups

2008-12-20 14:23 . 2008-12-20 14:23 <DIR> d-------- c:\program files\Microsoft SQL Server

2008-12-20 14:23 . 2008-12-20 14:23 <DIR> d-------- c:\program files\Microsoft Silverlight

2008-12-20 14:20 . 2008-12-20 14:21 <DIR> d-------- c:\program files\Microsoft Visual Studio 9.0

2008-12-20 14:20 . 2008-12-20 14:20 <DIR> d-------- c:\program files\Microsoft SDKs

2008-12-20 14:20 . 2008-12-20 14:21 <DIR> d-------- c:\program files\Common Files\Merge Modules

2008-12-20 14:20 . 2008-12-20 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help

2008-12-20 14:17 . 2008-12-20 18:10 <DIR> d-------- c:\windows\SxsCaPendDel

2008-12-20 14:17 . 2008-12-20 14:18 <DIR> d-------- C:\2ba7307b42c696e53db568a3

2008-12-18 14:32 . 2008-12-18 14:32 494 --a------ c:\windows\replace.vbs

2008-12-17 00:46 . 2008-12-17 00:46 <DIR> d-------- c:\documents and settings\Zac\Application Data\Broad Intelligence

2008-12-17 00:44 . 2008-12-17 03:08 <DIR> d-------- c:\program files\MediaCoder

2008-12-17 00:39 . 2008-12-17 00:39 <DIR> d-------- c:\program files\Veoh Networks

2008-12-16 19:10 . 2008-12-16 19:10 <DIR> d-------- c:\documents and settings\Zac\Application Data\TortoiseSVN

2008-12-16 19:08 . 2008-12-16 19:08 <DIR> d-------- c:\documents and settings\Zac\Application Data\Nexon

2008-12-16 18:41 . 2008-12-16 18:41 <DIR> d-------- c:\program files\HashCalc

2008-12-16 18:25 . 2008-12-16 18:25 <DIR> d-------- c:\program files\TortoiseSVN

2008-12-16 18:25 . 2008-12-16 18:25 <DIR> d-------- c:\program files\Common Files\TortoiseOverlays

2008-12-16 18:25 . 2008-12-16 18:25 <DIR> d-------- c:\documents and settings\Zac\Application Data\Subversion

2008-12-16 18:15 . 2008-12-16 18:15 <DIR> d-------- c:\windows\Sun

2008-12-16 18:15 . 2008-12-19 15:33 <DIR> d-------- c:\documents and settings\Zac\Application Data\MySQL

2008-12-16 18:15 . 2008-12-16 18:15 <DIR> d-------- c:\documents and settings\Zac\.netbeans-derby

2008-12-16 18:14 . 2008-12-16 18:14 <DIR> d-------- c:\documents and settings\Zac\.netbeans

2008-12-16 18:13 . 2008-12-16 18:13 <DIR> d-------- c:\program files\glassfish-v3-prelude

2008-12-16 18:13 . 2008-12-16 18:13 <DIR> d-------- c:\documents and settings\Zac\.netbeans-registration

2008-12-16 18:12 . 2008-12-18 14:23 <DIR> d-------- c:\program files\glassfish-v2ur2

2008-12-16 18:05 . 2008-12-16 18:13 <DIR> d-------- c:\program files\NetBeans 6.5

2008-12-16 18:04 . 2008-12-16 18:14 <DIR> d-------- c:\documents and settings\Zac\.nbi

2008-12-16 17:58 . 2008-12-19 15:52 <DIR> d-------- C:\Nexon

2008-12-16 17:46 . 2008-12-16 17:48 <DIR> d-------- c:\program files\MySQL

2008-12-16 17:39 . 2008-12-16 17:39 <DIR> d-------- c:\program files\Sun

2008-12-16 17:39 . 2008-12-21 22:06 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-12-16 17:35 . 2008-12-16 17:35 <DIR> d-------- c:\program files\Common Files\Java

2008-12-16 17:33 . 2008-12-16 18:26 <DIR> d-------- c:\program files\Java

2008-12-16 17:14 . 2008-12-16 17:29 95 --a------ c:\windows\system32\productregistry

2008-12-16 16:55 . 2008-12-19 23:43 <DIR> d-------- c:\documents and settings\Zac\Application Data\Hamachi

2008-12-16 16:54 . 2008-12-16 16:55 <DIR> d-------- c:\program files\Hamachi

2008-12-16 16:54 . 2008-12-16 16:54 25,280 --a------ c:\windows\system32\drivers\hamachi.sys

2008-12-13 23:35 . 2008-12-13 23:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-13 23:35 . 2008-12-13 23:35 <DIR> d-------- c:\documents and settings\Zac\Application Data\Malwarebytes

2008-12-13 23:35 . 2008-12-13 23:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-13 23:35 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-13 23:35 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-13 22:31 . 2008-12-13 22:31 62,358,710 --a------ C:\SYM_REGISTRY_BACKUP.reg

2008-12-13 21:29 . 2008-12-13 21:29 <DIR> d--h----- c:\windows\PIF

2008-12-13 13:11 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll

2008-12-13 13:11 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll

2008-12-13 13:11 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll

2008-12-13 13:11 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll

2008-12-13 13:11 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll

2008-12-13 13:11 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll

2008-12-13 13:03 . 2008-12-13 13:03 <DIR> d-------- c:\program files\Ubisoft

2008-12-13 01:40 . 2008-12-05 04:52 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys

2008-12-12 15:24 . 2008-12-12 15:24 <DIR> d-------- c:\documents and settings\Zac\Application Data\DivX

2008-12-12 15:23 . 2008-12-12 15:23 <DIR> d-------- c:\program files\DivX

2008-12-12 15:19 . 2008-12-12 15:19 <DIR> d-------- c:\windows\system32\QuickTime

2008-12-12 15:19 . 2008-12-12 15:19 <DIR> d-------- c:\program files\TechSmith

2008-12-12 15:19 . 2008-12-12 15:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\TechSmith

2008-12-12 15:19 . 2006-06-14 21:13 102,400 --a------ c:\windows\system32\tsccvid.dll

2008-12-11 18:12 . 2008-12-11 18:12 <DIR> d-------- c:\program files\Macromedia

2008-12-11 18:12 . 2008-12-11 18:12 <DIR> d-------- c:\program files\Common Files\Macromedia Shared

2008-12-11 18:12 . 2008-12-11 18:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision

2008-12-11 18:00 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

2008-12-09 19:58 . 2008-12-13 15:34 <DIR> d-------- c:\program files\NLVM

2008-12-09 19:57 . 2008-12-13 15:33 <DIR> d--h----- c:\program files\Zero G Registry

2008-12-07 00:41 . 2008-12-06 16:19 146,453 --a------ C:\1214433052944.jpg

2008-12-07 00:26 . 2008-12-07 00:26 <DIR> d-------- c:\program files\Microsoft IntelliPoint

2008-12-07 00:26 . 2008-06-10 13:04 31,048 --a------ c:\windows\system32\drivers\point32.sys

2008-12-07 00:24 . 2008-12-07 00:24 <DIR> d-------- c:\program files\Microsoft IntelliType Pro

2008-12-06 20:16 . 2008-12-06 20:16 <DIR> dr------- c:\program files\Norton Support

2008-12-05 21:37 . 2008-12-06 20:03 <DIR> d-------- c:\program files\LibUSB-Win32-0.1.10.1

2008-12-05 21:37 . 2005-03-09 20:50 46,592 --a------ c:\windows\system32\libusb0.dll

2008-12-05 21:37 . 2005-03-09 20:50 33,792 --a------ c:\windows\system32\drivers\libusb0.sys

2008-12-05 21:26 . 2008-12-05 21:26 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Xfire

2008-12-05 21:25 . 2008-12-13 14:31 <DIR> d-------- c:\program files\Xfire

2008-12-05 21:25 . 2008-12-14 03:50 <DIR> d-------- c:\documents and settings\Zac\Application Data\Xfire

2008-12-02 14:48 . 2008-12-02 14:49 <DIR> d-------- c:\program files\Google

2008-12-01 22:06 . 2008-12-01 22:07 <DIR> d-------- c:\program files\Guild Wars

2008-12-01 02:20 . 2008-12-01 02:20 107,888 --a------ c:\windows\system32\CmdLineExt.dll

2008-12-01 02:05 . 2008-12-01 02:05 <DIR> d-------- c:\program files\Bethesda Softworks

2008-12-01 02:05 . 2008-12-01 02:05 <DIR> d-------- c:\documents and settings\Zac\Application Data\InstallShield Installation Information

2008-12-01 02:04 . 2008-12-01 02:04 <DIR> d-------- c:\windows\Logs

2008-12-01 02:04 . 2008-12-01 02:04 <DIR> d-------- c:\program files\MSBuild

2008-12-01 02:04 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll

2008-12-01 02:03 . 2008-12-20 14:18 <DIR> d-------- c:\windows\system32\XPSViewer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-30 01:47 960 --sha-w C:\vjojavz3.sys

2008-11-30 01:47 --------- d-----w c:\program files\microsoft frontpage

2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe

2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

2008-11-20 20:45 42,320 ----a-w c:\windows\system32\xfcodec.dll

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 19:07 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-02 39408]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]

"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 872448]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-10-08 864256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=ofyuwz.dll xydlaw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Steam\\steamapps\\ezshot\\team fortress 2\\hl2.exe"=

"c:\\Program Files\\Xfire\\Xfire.exe"=

"c:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=

"c:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Java\\jre1.6.0_06\\bin\\java.exe"=

"c:\\Program Files\\Java\\jdk1.6.0_06\\bin\\java.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-21 28544]

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS []

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-10 255536]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NAV\1002000.007\ccHPx86.sys [2008-12-10 362544]

R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081220.001\IDSxpx86.sys [2008-12-20 274808]

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]

R2 Norton AntiVirus;Norton AntiVirus;"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe" /s "Norton AntiVirus" /m "c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll" /prefetch:1 []

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]

R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-12-05 33792]

S3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys [2008-11-30 176640]

S3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys [2008-11-30 27264]

.

.

------- Supplementary Scan -------

.

uStart Page = www.msn.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-21 22:30:27

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton AntiVirus]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1108)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(244)

c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

c:\program files\TortoiseSVN\bin\TortoiseStub.dll

c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

c:\program files\TortoiseSVN\bin\intl3_tsvn.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\TortoiseSVN\bin\TSVNCache.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\windows\system32\searchindexer.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe

.

**************************************************************************

.

Completion time: 2008-12-21 22:34:40 - machine was rebooted

ComboFix-quarantined-files.txt 2008-12-22 03:34:35

Pre-Run: 241,227,358,208 bytes free

Post-Run: 243,201,490,944 bytes free

339 --- E O F --- 2008-12-22 01:07:16

Share this post


Link to post
Share on other sites

Well, Im heading off to bed for the night.

I'll try to wake up as soon as possible tomorrow in case someone responds.

Thank you again.

Share this post


Link to post
Share on other sites

Hey everyone, this is Zac again.

I'm just here to say that the Maleware.Trace and Trojan.Vundo problem

has been solved (well, as far as I know at least)

Malwarebytes' Anti-Malware 1.31

Database version: 1528

Windows 5.1.2600 Service Pack 3

12/22/2008 4:07:16 PM

mbam-log-2008-12-22 (16-07-16).txt

Scan type: Quick Scan

Objects scanned: 52719

Time elapsed: 1 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

It took alot of time and effort, but I have done it.

Best of wishes to everyone.

Share this post


Link to post
Share on other sites

Hello Zac,

Really sorry for the late reply but the site has been very busy lately. If you can please reboot the computer and then run a new HJT scan and save log and post that back and I'll review and let you know if I still see anything wrong.

Thanks.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.