Been having problems removing Vundo [RESOLVED]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

4 Pages

1 2 3 > »

Been having problems removing Vundo [RESOLVED], Can't seem to fully remove it

Options

obsidianx View Member Profile	Nov 17 2008, 09:41 PM Post #1
Member Posts: 65 OS: Windows XP	Vundo keeps disabling my antivirus and antispyware programs right when i install them unless I am in safe mode. I have run all the programs mentioned in the You Must Read Before Posting Section. I have also run the Symantec fixVundo tool and VundoFix, Spy Sweeper, and Trend Micro antivirus and the only thing that has been able to detect it is Malwarebytes. It has disable my firewall and antivirus/antispyware programs; plus it won't recognize the automatic update feature for Windows Update on the security center. When I reinstall the programs in safe mode it seems that they are not effected as quickly. It has also made it so windows update and my programs have difficulty updating. I am at my wits end with this. Any help would be greatly appreciated. HijackThis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:52:24 PM, on 11/17/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\LxrSII1s.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe" O4 - HKLM\..\Run: [CTxfiHlp] "C:\WINDOWS\system32\CTXFIHLP.EXE" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" O4 - HKLM\..\Run: [MimBoot] "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" O4 - HKLM\..\Run: [SansaDispatch] "C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] "C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe" /S O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user') O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162602577793 O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll O20 - AppInit_DLLs: eyghwy.dll O20 - Winlogon Notify: vtUmJBQJ - vtUmJBQJ.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- End of file - 11305 bytes Combofix log ComboFix 08-11-16.05 - Joan 2008-11-17 10:17:41.1 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.619 [GMT -5:00] Running from: c:\documents and settings\Joan\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\system32\MSINET.oca . ((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 ))))))))))))))))))))))))))))))) . 2008-11-17 12:15 . 2008-11-17 21:33 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-17 12:15 . 2008-11-17 12:15 <DIR> d-------- c:\documents and settings\Joan\Application Data\Malwarebytes 2008-11-17 12:15 . 2008-11-17 12:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-17 12:15 . 2008-10-26 21:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-17 12:15 . 2008-10-26 21:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-17 12:13 . 2008-11-17 12:13 <DIR> d-------- c:\program files\ERUNT 2008-11-17 11:40 . 2008-11-17 11:40 <DIR> d-------- C:\VundoFix Backups 2008-11-16 03:18 . 2008-11-16 03:18 <DIR> d-------- c:\windows\kdefense 2008-11-16 03:18 . 2008-11-16 03:18 846,336 --a------ c:\windows\system32\kdfinj.dll 2008-11-16 03:18 . 2008-11-17 19:51 722,472 --a------ c:\windows\system32\kdfmgr.exe 2008-11-16 03:18 . 2008-11-17 19:51 192,512 --a------ c:\windows\system32\kdfvmgr.exe 2008-11-16 03:18 . 2008-11-17 19:51 77,824 --a------ c:\windows\system32\kdfapi.dll 2008-11-16 03:18 . 2008-11-17 19:51 53,248 --a------ c:\windows\system32\Kdfhok.dll 2008-11-16 03:16 . 2008-11-16 03:16 <DIR> d-------- c:\windows\LocalSSL 2008-11-16 03:14 . 2008-11-16 03:11 50,192 --a------ c:\windows\system32\drivers\tmactmon.sys 2008-11-16 03:14 . 2008-11-16 03:11 49,680 --a------ c:\windows\system32\drivers\tmevtmgr.sys 2008-11-16 03:12 . 2008-11-17 12:08 <DIR> d-------- c:\program files\Trend Micro 2008-11-16 03:12 . 2008-11-16 11:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro 2008-11-16 03:11 . 2008-11-16 03:11 1,195,448 --a------ c:\windows\system32\drivers\vsapint.sys 2008-11-16 03:11 . 2008-11-16 03:11 661,808 --a------ c:\windows\system32\UfWSC.cpl 2008-11-16 03:11 . 2008-11-16 03:11 334,352 --a------ c:\windows\system32\drivers\TM_CFW.sys 2008-11-16 03:11 . 2008-11-16 03:11 205,328 --a------ c:\windows\system32\drivers\tmxpflt.sys 2008-11-16 03:11 . 2008-11-16 03:11 80,400 --a------ c:\windows\system32\drivers\tmtdi.sys 2008-11-16 03:11 . 2008-11-16 03:11 36,368 --a------ c:\windows\system32\drivers\tmpreflt.sys 2008-11-16 01:25 . 2008-11-16 03:11 144,912 --a------ c:\windows\system32\drivers\tmcomm.sys 2008-11-15 13:58 . 2008-11-15 15:58 <DIR> d-------- c:\documents and settings\Joan\.housecall6.6 2008-11-15 13:56 . 2008-11-15 13:56 664 --a------ c:\windows\system32\d3d9caps.dat 2008-11-15 12:47 . 2008-11-15 12:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Webroot 2008-11-14 10:11 . 2008-11-14 10:11 <DIR> d-------- C:\Binaries 2008-11-14 00:11 . 2008-11-14 00:11 <DIR> d-------- c:\documents and settings\Joan\Application Data\System Tweaker 2008-11-13 14:47 . 2008-11-13 14:47 <DIR> d-------- c:\documents and settings\Joan\Application Data\Uniblue 2008-11-13 14:46 . 2008-11-13 15:04 <DIR> d-------- c:\program files\Uniblue 2008-11-13 14:45 . 2008-11-13 14:46 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-11-13 12:45 . 2008-11-13 12:45 2,723,264 --a------ c:\documents and settings\All Users\vcredist_x86.exe 2008-11-13 12:13 . 2008-11-13 12:14 <DIR> d-------- c:\documents and settings\Joan\Application Data\Tunebite 2008-11-13 12:13 . 2008-02-20 13:47 27,936 --a------ c:\windows\system32\drivers\tbhsd.sys 2008-11-13 12:11 . 2008-11-13 12:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\RapidSolution 2008-11-12 23:50 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 23:50 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 13:25 . 2008-10-24 11:19 23,096 --a------ c:\windows\system32\drivers\DrmRAudio.sys 2008-11-12 13:25 . 2008-10-24 11:19 3,768 --a------ c:\windows\system32\drivers\DrmRVideo.sys 2008-11-12 00:32 . 2008-11-12 00:32 <DIR> d-------- c:\program files\Agatha Christie Death on the Nile 2008-11-12 00:32 . 2008-11-12 00:32 <DIR> d-------- c:\documents and settings\Joan\Application Data\FloodLightGames 2008-11-12 00:32 . 2008-11-12 00:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\FloodLightGames 2008-11-11 02:48 . 2008-11-10 11:21 23,096 --a------ c:\windows\system32\drivers\SndTAudio.sys 2008-11-11 02:48 . 2008-11-10 11:21 3,768 --a------ c:\windows\system32\drivers\SndTVideo.sys 2008-11-11 02:27 . 2008-11-11 02:28 <DIR> d-------- c:\documents and settings\Joan\Application Data\vlc 2008-11-09 21:08 . 2008-11-09 21:08 151 --a------ c:\windows\PhotoSnapViewer.INI 2008-10-29 17:26 . 2008-10-29 17:26 <DIR> d-------- c:\program files\DAEMON Tools Lite 2008-10-29 17:18 . 2008-10-29 17:18 <DIR> d-------- c:\documents and settings\Joan\Application Data\DAEMON Tools 2008-10-29 17:05 . 2008-10-29 17:05 <DIR> d-------- c:\program files\2K Games 2008-10-29 17:05 . 2007-05-16 15:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll 2008-10-29 17:05 . 2007-03-12 15:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll 2008-10-29 17:05 . 2007-05-16 15:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll 2008-10-29 17:05 . 2007-03-12 15:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll 2008-10-29 17:05 . 2007-05-16 15:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll 2008-10-29 17:05 . 2007-03-15 15:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll 2008-10-29 17:05 . 2007-06-20 19:46 266,088 --a------ c:\windows\system32\xactengine2_8.dll 2008-10-29 17:05 . 2007-04-04 17:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll 2008-10-29 17:05 . 2007-06-20 19:45 18,280 --a------ c:\windows\system32\x3daudio1_2.dll 2008-10-29 17:04 . 2006-11-29 12:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll 2008-10-29 17:04 . 2007-01-24 14:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll 2008-10-29 17:04 . 2006-12-08 11:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll 2008-10-29 15:50 . 2008-10-29 15:47 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-10-29 15:47 . 2008-10-29 15:47 410,976 --a------ c:\windows\system32\deploytk.dll 2008-10-29 15:38 . 2008-10-29 15:40 <DIR> d-------- c:\documents and settings\Joan\.SunDownloadManager 2008-10-27 17:48 . 2008-11-12 00:32 <DIR> d-------- c:\documents and settings\Joan\Saved Games 2008-10-27 17:48 . 2008-10-27 18:06 <DIR> d-------- c:\documents and settings\Joan\Application Data\Flood Light Games 2008-10-27 17:48 . 2008-10-27 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Flood Light Games 2008-10-27 17:46 . 2008-10-27 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia 2008-10-24 05:55 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-17 22:27 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys 2008-11-17 22:27 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys 2008-11-17 22:27 170,608 ----a-w c:\windows\system32\drivers\ssidrv.sys 2008-11-17 22:27 164 ----a-w C:\install.dat 2008-11-16 08:06 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2008-11-16 08:02 --------- d-----w c:\documents and settings\Joan\Application Data\McAfee 2008-11-14 06:05 --------- d-----w c:\documents and settings\Joan\Application Data\DNA 2008-11-14 05:31 --------- d-----w c:\program files\DNA 2008-11-13 22:11 1,553,272 ----a-w c:\windows\WRSetup.dll 2008-11-13 17:33 --------- d-----w c:\documents and settings\Joan\Application Data\BitTorrent 2008-10-29 22:18 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-10-29 22:12 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-10-29 22:05 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-29 20:55 --------- d-----w c:\program files\Java 2008-10-29 19:30 --------- d-----w c:\program files\Common Files\Adobe 2008-10-26 04:36 --------- d-----w c:\documents and settings\All Users\Application Data\Webroot 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-21 17:26 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-16 04:59 --------- d-----w c:\program files\iTunes 2008-10-16 04:59 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-16 04:58 --------- d-----w c:\program files\iPod 2008-10-13 16:09 --------- d-----w c:\program files\Common Files\xing shared 2008-10-13 16:09 --------- d-----w c:\program files\Common Files\Real 2008-10-03 17:56 --------- d-----w c:\program files\SanDisk 2008-10-03 17:55 --------- d-----w c:\documents and settings\Joan\Application Data\InstallShield 2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll 2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-27 08:56 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2008-09-27 08:53 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys 2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll 2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll 2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys 2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-29 14:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-08-29 13:53 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-08-25 08:37 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe 2008-08-23 05:56 635,848 ----a-w c:\windows\system32\dllcache\iexplore.exe 2008-08-23 05:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll 2008-02-08 02:55 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2007-11-25 00:28 88 -csh--r c:\windows\system32\949F5E81B4.sys 2008-01-21 21:11 104 -csh--r c:\windows\system32\B4815E9F94.sys 2008-01-21 21:11 6,686 -csha-w c:\windows\system32\KGyGaAvL.sys 2008-05-12 23:22 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051220080513\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId] @="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}" [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}] 2008-11-13 17:04 238968 --a------ c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-11-16 497008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "CTxfiHlp"="c:\windows\system32\CTXFIHLP.EXE" [2005-11-11 19968] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304] "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-11-16 970808] "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-11-13 6273400] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-11-16 497008] c:\documents and settings\All Users\Start Menu\Programs\Startup\ America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-03-15 156784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eyghwy.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2008-11-12 00:28 342336 c:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] --a------ 2005-09-20 12:08 16384 c:\windows\CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-08-08 07:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] --a------ 2006-03-20 17:34 213936 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2006-03-20 17:34 213936 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-10-29 15:47 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808] R2 WRConsumerService;Webroot Client Service;"c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe" [2008-10-25 1086840] S2 LxrSII1d;Secure II Driver;\??\c:\windows\system32\Drivers\LxrSII1d.sys [2007-03-09 70016] S2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2008-11-16 181584] S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-08-14 24652] S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2008-11-12 23096] S3 DrmRVideo;DrmRVideo;c:\windows\system32\DRIVERS\DrmRVideo.sys [2008-11-12 3768] S3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-03-15 1093632] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-17 38496] S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2008-11-11 23096] S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2007-06-17 513152] S3 SndTVideo;SndTVideo;c:\windows\system32\DRIVERS\SndTVideo.sys [2008-11-11 3768] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\checkkey.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cabcd3f-c506-11da-9aad-806d6172696f}] \Shell\AutoRun\command - D:\checkkey.exe Newly Created Service - MBAMSWISSARMY Newly Created Service - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-14 c:\windows\Tasks\wrSpySweeperFullSweep.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-11-13 17:11] 2008-11-14 c:\windows\Tasks\wrSpySweeperFullSweep.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-11-13 17:11] 2008-11-14 c:\windows\Tasks\wrSpySweeperFullSweep.job - c:\","d:\" [] 2008-11-18 c:\windows\Tasks\wrSpySweeper_L0B46C7BDED584405903A77788D435A8C.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-11-13 17:11] 2008-11-18 c:\windows\Tasks\wrSpySweeper_L0B46C7BDED584405903A77788D435A8C.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-11-13 17:11] 2008-11-18 c:\windows\Tasks\wrSpySweeper_L0B46C7BDED584405903A77788D435A8C.job - c:\","d:\" [] 2008-11-18 c:\windows\Tasks\wrSpySweeper_L51258625F8DF40778A60B3B4D2B5FB91.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-11-13 17:11] 2008-11-18 c:\windows\Tasks\wrSpySweeper_L51258625F8DF40778A60B3B4D2B5FB91.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-11-13 17:11] 2008-11-18 c:\windows\Tasks\wrSpySweeper_L51258625F8DF40778A60B3B4D2B5FB91.job - c:\","d:\","E:\" [] . - - - - ORPHANS REMOVED - - - - Notify-vtUmJBQJ - vtUmJBQJ.dll MSConfigStartUp-McENUI - c:\progra~1\McAfee\MHN\McENUI.exe MSConfigStartUp-CTXFIREG - CTxfiReg.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Joan\Application Data\Mozilla\Firefox\Profiles\ysojm9w8.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxps://universe.chacha.com/idle FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-17 10:19:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: c:\windows\system32\winlogon.exe -> c:\windows\system32\tsd32.dll . Completion time: 2008-11-17 10:21:59 ComboFix-quarantined-files.txt 2008-11-17 15:21:16 Pre-Run: 12,093,501,440 bytes free Post-Run: 12,593,426,432 bytes free 299 --- E O F --- 2008-11-13 05:02:05 This post has been edited by obsidianx**: Nov 20 2008, 11:49 AM

Jimmy2012 View Member Profile	Nov 21 2008, 12:02 AM Post #2
Trusted Helper Posts: 3,944 From: Ohio, USA OS: linux, Windows XP	Hello obsidianx and welcome to Geeks to go. Sorry about the delay. You should not use tools like Combofix unless a trained helper asks you to, it can be dangerous to use it like that. Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

obsidianx

Nov 21 2008, 11:21 AM

Post #3

Member

Posts: 65
OS: Windows XP

Thanks for your response; sorry about using Combofix thought I was saving some time. Here are the two logs running RSIT provided:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Joan at 2008-11-21 12:12:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (17%) free of 71 GB
Total RAM: 1022 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:28 PM, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Documents and Settings\Joan\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Joan.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [CTxfiHlp] "C:\WINDOWS\system32\CTXFIHLP.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [MimBoot] "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [SansaDispatch] "C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-7MDRV.exe" /REG
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162602577793
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O20 - AppInit_DLLs: eyghwy.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 9339 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-01-06 181752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-29 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\Program Files\GoogleAFE\GoogleAE.dll [2006-01-25 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-29 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCAC5586-44D7-4c43-B64A-F042461A97D2} - Trend Micro Toolbar - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll [2008-08-13 140624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2005-11-11 19968]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2006-05-03 98304]
"CTDVDDET"=C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [2005-07-11 122880]
"AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-06-16 49152]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-03-20 86960]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [2006-09-18 8192]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"SansaDispatch"=C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe [2007-10-22 75584]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-11-16 970808]
"SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 6273400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"InnoSetupRegFile.0000000001"=C:\WINDOWS\is-7MDRV.exe [2008-11-17 775168]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-26 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-11-16 497008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-11-12 342336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\CTHELPER.EXE [2005-09-20 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCA