O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\jswpsapi.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
–
End of file - 9646 bytes
VundoFix V7.0.6
Scan started at 9:52:40 AM 10/4/2008
Listing files found while scanning…
No infected files were found.
SUPERAntiSpyware Scan Log
Generated 10/03/2008 at 11:54 PM
Application Version : 3.4.1000
Core Rules Database Version : 3403
Trace Rules Database Version: 1395
Scan type : Quick Scan
Total Scan Time : 00:11:27
Memory items scanned : 517
Memory threats detected : 0
Registry items scanned : 831
Registry threats detected : 0
File items scanned : 3556
File threats detected : 1
Adware.Tracking Cookie
C:\Documents and Settings\Neil\Cookies\neil@wmvmedialease[1].txt
Malwarebytes’ Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 3
10/3/2008 11:00:14 PM
mbam-log-2008-10-03 (23-00-14).txt
Scan type: Full Scan (C:|)
Objects scanned: 519785
Time elapsed: 3 hour(s), 14 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes’ Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 3
10/3/2008 7:37:13 PM
mbam-log-2008-10-03 (19-37-13).txt
Scan type: Quick Scan
Objects scanned: 53103
Time elapsed: 6 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{371ee1ef-f177-1390-7807-08525dc0e55c} (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) → Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Neil\Application Data\addon.dat (Malware.Trace) → Quarantined and deleted successfully.
Avast!
;******
;Scan header
;VPS file version: October 27, 2007 - [71027-0]
;Params: C:\ Scan: Full files, All files, Ignore targeting, Archive: All packers,
;Columns: File name TAB Status [OK,INFECTED,ERROR]
;******
C:\3dsmax7\tutorials\VIZ\revit\detached_garage.rvt\Formats\Latest\Latest ERROR: The file is a decompression bomb.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ABetterInternet.zip\sbRecovery.reg ERROR: Archive is password protected.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ABetterInternet.zip\sbRecovery.ini ERROR: Archive is password protected.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ABetterInternetAurora.zip\sbRecovery.ini ERROR: Archive is password protected.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ABetterInternetAurora1.zip\sbRecovery.ini ERROR: Archive is password protected.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ABetterInternetAurora10.zip\sbRecovery.ini ERROR: Archive is password protected.
[… snip …]
C:\Documents and Settings\Neil\My Documents\My Downloads\Expo 2005 VirtualCanadaVirtuel Installer.exe$INSTDIR\data\settings\WindowsMedia9-KB885492-x86-ENU.exe\wmp.dll ERROR: CAB archive is corrupted.
C:\Documents and Settings\Neil\My Documents\My Downloads\Expo 2005 VirtualCanadaVirtuel Installer.exe$INSTDIR\data\settings\dxwebsetup.exe\dxwsetup.exe ERROR: CAB archive is corrupted.
C:\Documents and Settings\Neil\My Documents\My Downloads\Expo 2005 VirtualCanadaVirtuel Installer.exe$INSTDIR\data\settings\flashplayer7_winax.exe\GetFlash.man ERROR: CAB archive is corrupted.
C:\pagefile.sys INFECTED: Win32:VB-BMA [trj]
C:\Program Files\Autodesk\3dsMax8\help\3dsmax.chm$FIftiMain ERROR: CHM archive is corrupted.
C:\Program Files\Cucusoft\avi-dvd-pro\SuperVideoCD.iso\MPEG2\AVSEQ01.MPG ERROR: The file pointer cannot be set on the specified device or file. Nr(132)
C:\Program Files\Cucusoft\avi-dvd-pro\VideoCD.iso\MPEGAV\AVSEQ01.DAT ERROR: The file pointer cannot be set on the specified device or file. Nr(132)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn ERROR: Archive is password protected.
[… snip …]
;--------------------------
;Files: 1181780
;Folders: 68370
;Files size: 140855610966
;Infected files: 1
;--------------------------
;******
;Scan footer
;Scan completed with return code: 0
;******
;******
;Command header
;Columns: File name TAB Command TAB Returned code TAB Custom parameter 1 TAB Custom parameter 2
;******
;******
;Command footer
;******