Vundo Virus Help! (MBAM, HJT, Panda Logs included)

[Womble]

Hope someone can help.

Symptoms : pop ups, sluggish performance

Malwarebytes' Anti-Malware 1.24

Database version: 1035

Windows 5.1.2600 Service Pack 2

9:52:56 PM 9/08/2008

mbam-log-8-9-2008 (21-52-56).txt

Scan type: Full Scan (C:\|M:\|V:\|)

Objects scanned: 148015

Time elapsed: 1 hour(s), 57 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 6

Registry Values Infected: 5

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 159

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\yayaWMfg.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:

HKEY_CURRENT_USER\CLSID\{9a50b2af-3b2b-47dd-aecd-5d80a886f504} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9a50b2af-3b2b-47dd-aecd-5d80a886f504} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a50b2af-3b2b-47dd-aecd-5d80a886f504} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayawmfg (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9a50b2af-3b2b-47dd-aecd-5d80a886f504} (Trojan.Vundo) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb7746 (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd367 (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga3392 (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc6557 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\yayaWMfg.dll (Trojan.Vundo) -> Delete on reboot.

C:\System Volume Information\_restore{017E8A4A-9726-4967-BA92-235E4B98AE87}\RP1187\A0207005.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{017E8A4A-9726-4967-BA92-235E4B98AE87}\RP1187\A0207007.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{017E8A4A-9726-4967-BA92-235E4B98AE87}\RP1187\A0207008.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{017E8A4A-9726-4967-BA92-235E4B98AE87}\RP1187\A0207010.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{017E8A4A-9726-4967-BA92-235E4B98AE87}\RP1188\A0207102.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxywvvww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxywWpqP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxyabxXO.dll (Backdoor.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxyaWNhg.dll (Backdoor.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tuvSIaYQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tuvSlJby.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tuvTlKax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tuvTnKbb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tuvUKBQh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qoMcdBuU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qoMdCvvT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qoMDvTnO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qoMeBroL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qoMffCRi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qoMgfFXR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cbXqRliI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cbXRKbcY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\geBqRhgG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\geBtSMDw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jkkHWOgh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jkkjjgGa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jkkKbYRL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jkkKcDWQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jkkKCRKD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jkkKeddD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jkkLFxwW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\opnKbxwW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\opnkiFxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\opnkkhif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\opnmJDsS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\opnnmmnO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\opnOgGXR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ddcATMec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ddcBQHYr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ddcbxyXq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ddcCUlIb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ddcDuUOI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ddcyXQGV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\byXNdcax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rqRIaWQj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rqRIcBTK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rqRKAQJd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rqRKATjj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rqRLbxXR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rqRLfDTJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rqRLfeFV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nnnliifC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nnnmjjIx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nnnmlJyW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nnnnkjIB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nnnoNGAs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pmnkHxvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pmnLDWmM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pmnlKedd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pmnnOHWM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pmnOeccA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pmnoPhEx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\urqOijhI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\urqQgeCV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\urqQhhhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\urqQjGYP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\awtstRkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\awtTkjiI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\awttqppO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\awttSMcA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\awtuRlii.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\byXOEtro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\byXOghhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\byXPhfcb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\byXQGvsr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\byXQIYpm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\byXQJdAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\byXRhfec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\byXRhiff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\efcARlmj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\efcATKcC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\efcDVLdA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\efcYRHya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hgGaYron.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hgGvvwvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hgGwTlIY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hgGwXrRJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hgGxUMde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hgGyabCV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hgGyvvuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iifccDus.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iifdcBQI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iifecApn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iiffCUKb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iiffExuU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iifGYopn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mlJbaAQg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mlJBTnnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mlJDsPIA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mlJDurRL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mlJDwtSj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mlJYolkJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mlJYqPjh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxyvUoPG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxyXOFyY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxyXRKCu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxyxXOhi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxyYpMda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxyyvULf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxyywtrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yayaaBSI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yayvUKaY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yayvWqpN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yayXPIXQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yayxwvvW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yayxxxWo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yayxyxVP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yayyXPij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssqNEwxU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssqnLdca.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssqOEwXN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssqoMgHB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssqRHATN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ljJATNhH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ljJCVlji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ljJDUopN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ljJDWNed.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ljJDWqnk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ljJYPIaw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ljJYRJbc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ljJYSjKe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wvUkHXrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wvUmjGXr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wvUmnOgE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wvUoOIBs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\BM13130294.xml (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\BM13130294.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\olmhvhln.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fccaArst.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fccccApQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fccCsqoO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fccdabYP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\khfCtrrR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\khfDvwVo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\khfDWoMG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\khfETKEU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\khfFVOhG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\khfgGXRk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\khfGvuSk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\khfGvWOf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ekkumscs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iIbBRIbA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vtUlIXOH.dll (Trojan.vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vtUlLbXP.dll (Trojan.vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vtUlLCts.dll (Trojan.vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vtUmJBrR.dll (Trojan.vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vtUmLdEv.dll (Trojan.vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vtUNFUlM.dll (Trojan.vundo) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:13:12 PM, on 9/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\D-Link\DSL-200\dslstat.exe

C:\Program Files\D-Link\DSL-200\dslagent.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\PeerGuardian2\pg2.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: (no name) - {6EE95CF7-D7A1-482A-9D23-D57C23124A66} - C:\WINDOWS\system32\opnmNHWq.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {D07D46C0-6038-4EDF-A147-88C856560486} - (no file)

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201259083812

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casin...sic/FlashAX.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1CC67DC0-AA7A-4007-B034-13A76F91DF0F}: NameServer = 203.12.160.35 203.12.160.36

O17 - HKLM\System\CS1\Services\Tcpip\..\{1CC67DC0-AA7A-4007-B034-13A76F91DF0F}: NameServer = 203.12.160.35 203.12.160.36

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--

End of file - 8500 bytes

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-08-10 14:10:46

PROTECTIONS: 1

MALWARE: 4

SUSPECTS: 1

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Trend Micro Internet Security 2008 16.10.1079 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch

02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{017E8A4A-9726-4967-BA92-235E4B98AE87}\RP1189\A0207108.dll

03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Documents and Settings\User\My Documents\CLONE DVD 2.9.1.7- Final - (-New-with serial keys-)\Keymaker\KeyMaker.exe[C:\Documents and Settings\User\My Documents\CLONE DVD 2.9.1.7- Final - (-New-with serial keys-)\Keymaker\KeyMaker.exe][is157747.exe]

03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Documents and Settings\User\My Documents\CLONE DVD 2.9.1.7- Final - (-New-with serial keys-)\SetupCloneDVD2917Slysoft.exe[C:\Documents and Settings\User\My Documents\CLONE DVD 2.9.1.7- Final - (-New-with serial keys-)\SetupCloneDVD2917Slysoft.exe][is157747.exe]

03448644 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{017E8A4A-9726-4967-BA92-235E4B98AE87}\RP1176\A0202553.dll

03448644 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{017E8A4A-9726-4967-BA92-235E4B98AE87}\RP1175\A0201596.dll

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location \7

;===============================================================================

================================================================================

=

===================

No C:\Documents and Settings\User\My Documents\divx pro 6.5\keygen.exe \7

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description \7

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

[1972vet]

Looks like mbam did a pretty good job of it. Uninstall the keygen before we continue. Thanks!

[warrensky]

Looks like mbam did a pretty good job of it. Uninstall the keygen before we continue. Thanks!

I'm having a very similar problem (and others seem to have the same problem). What do you mean uninstall keygen? What else needs to be done? Is there another program we should try?

Thanks!

[AdvancedSetup]

Hello warrensky

Please do not post to other user posts. If you have questions or need assistance please open a new thread of your own.

[1972vet]

Since you have not responded for more than five days, this thread is being closed to prevent others from posting here. If you need this thread reopened, please PM one of the Moderators.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.