I downloaded a DVD trancoder/burner util from usenet(bad) and I got a warning about Trojan:Win32/Vundo.gen!R from Windows Defender. I canceled the install to be safe, ran it again to see if same warning would come back and got none. Proceeded with the install and issues have begun. (worse even) Apparently my luck may have run out as I began to get AV's on exe's associated with my malware products, my video driver blue screened the box, my DVD burner writes data, but doesn't read the same discs that my DVD player sees fine. by the computer see as blank and needing formatting. Hope there's still help for me yet, Thanks in advance, let me know if any additional data/information is needed, lowpost99 Here is my MBAM: Malwarebytes' Anti-Malware 1.28 Database version: 1200 Windows 6.0.6001 Service Pack 1 9/24/2008 12:25:04 PM mbam-log-2008-09-24 (12-25-04).txt Scan type: Quick Scan Objects scanned: 48888 Time elapsed: 1 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here's the Panda Scan, ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-09-24 12:22:14 PROTECTIONS: 1 MALWARE: 37 SUSPECTS: 5 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Windows Defender 1.1.3903.0 No No ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00095508 Adware/nCase Adware No 0 Yes No H:\Utils\Serials\Keygens\sims\file3.zip[Run.exe] 00095508 Adware/nCase Adware No 0 Yes No H:\Utils\Serials\Keygens\sims\file6.zip[Run.exe] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@trafficmp[2].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@casalemedia[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@doubleclick[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@atdmt[2].txt 00139535 Application/Processor HackTools No 0 Yes No H:\Utils\smitRem.exe[smitRem/Process.exe] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@tradedoubler[2].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@247realmedia[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@fastclick[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@tribalfusion[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@mediaplex[1].txt 00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\lowpost@mysearch[1].txt 00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@linksynergy[1].txt 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@clickbank[1].txt 00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@findwhat[1].txt 00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@www.myaffiliateprogram[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@xiti[1].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@azjmp[2].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@statcounter[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@ad.yieldmanager[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@apmebf[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@advertising[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@ads.pointroll[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@realmedia[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@questionmarket[2].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@zedo[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@bluestreak[1].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@adrevolver[2].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@go[1].txt 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@ehg-dig.hitbox[1].txt 00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@citi.bridgetrack[1].txt 00505668 Application/MyWebSearch HackTools Yes 0 Yes No C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL 01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Users\lowpost\AppData\Roaming\Microsoft\Windows\Cookies\Low\lowpost@enhance[2].txt 01891534 Generic Malware Virus/Trojan No 0 No No H:\Utils\DVD Burning\Apollo.DVD.Creator.v3.6.0.WinALL.Cracked-CzW\CzW.rar[Crack\Apollo DVD Creator.exe] 01891534 Generic Malware Virus/Trojan No 0 Yes No H:\Utils\DVD Burning\Apollo.DVD.Creator.v3.6.0.WinALL.Cracked-CzW\CzW\Crack\Apollo DVD Creator.exe 02935399 Adware/Zango Adware No 0 Yes No H:\Grabit Files\NZBs\Setup.exe 03398240 Adware/AntiSpywareMaster Adware No 0 Yes No C:\Users\lowpost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3Y23EKCG\data[1].htm 03398240 Adware/AntiSpywareMaster Adware No 0 Yes No C:\Users\lowpost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5CIN8MJI\data[1].htm 03398240 Adware/AntiSpywareMaster Adware No 0 Yes No C:\Users\lowpost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W3TS19IJ\data[1].htm 03738695 Generic Malware Virus/Trojan No 0 Yes No H:\Utils\DVD Burning\CDRApps\Ahead Nero8\keygen.exe ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location �z�D�� ;=============================================================================== ================================================================================ = =================== No H:\Utils\DVD Burning\Aone\Aone.Movie.DVD.Maker.v1.6.6\Aone.Movie.DVD.Maker.v1.6.6\keygen\keygen.exe �z�D�� No H:\Utils\DVD Burning\Aone\Aone.Ultra.DVD.Creator.v1.6.8\Aone.Ultra.DVD.Creator.v1.6.8\keygen\keygen.exe No H:\Utils\Serials\Cracks\PCMark2002_build_100_by_KaliM.zip[PCMark.exe] �z�D�� No H:\Utils\Serials\Cracks\WinRAR_Univesal_Crack_All_Version_3[1].xx.zip[winrar3uni_crk.exe] �z�D�� No H:\Utils\Serials\Keygens\nav2004keygen.zip[keygen.exe] �z�D�� ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description �z�D�� ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== Here is the HJ log: Logfile of HijackThis v1.99.1 Scan saved at 10:36:40 AM, on 9/24/2008 Platform: Unknown Windows (WinNT 6.00.1905 SP1) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Windows\System32\CtHelper.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe D:\Program Files\Creative\Creative Media Lite\CTZDetec.exe C:\Windows\ehome\ehtray.exe E:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe H:\Utils\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [CTZDetec.exe] d:\Program Files\Creative\Creative Media Lite\CTZDetec.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E31D8696-EC81-4C7B-9741-4CF7D135D866}: NameServer = 68.87.68.162,68.87.74.162 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
