|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
12-27-2007, 09:22 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 49
OS: Win XP Home SP2
|
Computer almost dead:Virtumundo infected:lots of pop ups.
recently,
I got this problem. I started getting some pop ups a couple of days back. By that time it was like nasty winspyware etc. I have McAfee security, free version of AVG antispyware and spybot S&D. Immediately i scaned my computer by McAfee, got nothing more than some cookies. then i scaned with spybot S&D. it found a file and some 3-4 registries saying virtumundo (did i spell it right?). It was supposed to have been fixed, after that i started getting other kinds of pop ups and recently my cmputer is almost dead. i have cable internet but pages hardly loads. any kinds of programs i start takes lot longer to start. but pop ups comes silently in a flash and i hardly notice a pop up window poping but its already there. Very frequently my screen freezes for about a minute or so. Today a number of times i noticed that just suddenly my desktop icons disappers leaving only desktop picture. and i have to restart to get it back. I tried to scan using panda but it was so slow and it had alredy reported 2 infections. I had to stop scan before it complete and one of the spy reported was fccdef.dll in Windows/System32. I have included hickthis log here: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:22:32 PM, on 12/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\DNA\btdna.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Pramod\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [c09f4a48] rundll32.exe "C:\WINDOWS\system32\jkxtbsbf.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\G3V1V4Z2\FAVICO~3.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\8LK2XUC6\SEARCH~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\8LK2XUC6\FAVICO~3.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\Q4F4LOUC\FAVICO~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\Q4F4LOUC\FAVICO~2.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\8LK2XUC6\FAVICO~2.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\Q4F4LOUC\FAVICO~3.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\G3V1V4Z2\FA9455~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\CA270KKS\FAVICO~4.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\Q4F4LOUC\SECURI~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\CA270KKS\FA9455~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\CA270KKS\HOVER_~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\G3V1V4Z2\FAVICO~4.SH! C:\DOCUME~1\Pramod\LOCALS O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.doginhispen.com O15 - Trusted Zone: *.whataboutadog.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windo..._5.3.0.228.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1191988838937 O16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.comcast.net/videomail/vmLauncher.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- End of file - 11302 bytes Last edited by drosera01 : 12-27-2007 at 09:46 PM. |
|
     |
|
12-28-2007, 11:43 AM
|
#2 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 49
OS: Win XP Home SP2
|
Re: Computer almost dead:Virtumundo infected:lots of pop ups.
Just one more update on this issue.
After posting hijackthis log above, i did go for vundofix and it detected some files. One was same file in system32 as panda was showing as virtumundo spy. I let vundo to fix the problems but it said, could not remove one file fcccdef.dll in system 32, but gave me the option to remove after reboot. it did remove after reboot and and had to restart again but when i restart, the computer showed me error message. Message reads like this. "Error Loading C:\WINDOWS\system32\jkxtbf.dll The specified module could not be found" when i clicked "ok" computer started normally. then after everytime i restart it shows same error message. here is the Vundofix log: VundoFix V6.7.7 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 11:55:35 PM 12/27/2007 Listing files found while scanning.... C:\windows\system32\ddcyw.dll C:\WINDOWS\system32\fbsbtxkj.ini C:\WINDOWS\system32\fcccdef.dll C:\WINDOWS\system32\jkxtbsbf.dll C:\windows\system32\wycdd.ini C:\windows\system32\wycdd.ini2 Beginning removal... Attempting to delete C:\windows\system32\ddcyw.dll C:\windows\system32\ddcyw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fbsbtxkj.ini C:\WINDOWS\system32\fbsbtxkj.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\fcccdef.dll C:\WINDOWS\system32\fcccdef.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\jkxtbsbf.dll C:\WINDOWS\system32\jkxtbsbf.dll Has been deleted! Attempting to delete C:\windows\system32\wycdd.ini C:\windows\system32\wycdd.ini Has been deleted! Attempting to delete C:\windows\system32\wycdd.ini2 C:\windows\system32\wycdd.ini2 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\fcccdef.dll C:\WINDOWS\system32\fcccdef.dll Has been deleted! Performing Repairs to the registry. Done! |
|
|
|
|
12-28-2007, 03:55 PM
|
#3 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 49
OS: Win XP Home SP2
|
Re: Computer almost dead:Virtumundo infected:lots of pop ups.
And I just finished online Panda Active scan,
This scan is the latest scan, after Vundofix. the report is below: Incident Status Location Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.advertising.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.zedo.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.apmebf.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.atdmt.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.anm.co.uk/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.com.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.overture.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.target.com/] Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.webpower.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.www.burstbeacon.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[.xiti.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Pramod\Application Data\Mozilla\Firefox\Profiles\4ts36cek.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@adserver.easyad[1].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@apmebf[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@atdmt[3].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@azjmp[2].txt Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@ccbill[1].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@citi.bridgetrack[2].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@citi.bridgetrack[3].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@com[2].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@did-it[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@doubleclick[1].txt Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@enhance[2].txt Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@findwhat[1].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@gostats[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@go[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@statcounter[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@statse.webtrendslive[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@statse.webtrendslive[2].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@target[1].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@toplist[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@tribalfusion[3].txt Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@webpower[1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@www.burstbeacon[1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@www.burstbeacon[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@www1.addfreestats[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@www2.addfreestats[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@www3.addfreestats[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@xiti[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Pramod\Cookies\pramod@zedo[3].txt Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\fcccdef.dll.bad |
|
|
|
|
01-02-2008, 09:08 PM
|
#5 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 49
OS: Win XP Home SP2
|
Re: Computer almost dead:Virtumundo infected:lots of pop ups.
Update on the above issue:
Its been 5-6 days i am waiting to get some idea, seems everyone is out for new year celebration. I just did scan my computer with updated Spybot S&D today and its still showing 3 registry entry for Virtumonde infection. I believe these are the same it was reporting on last scan as well. Thus i guessing, it is coming back. Here is my latest SPybot S&D scan report: Thanks a lot. Virtumonde: [SBI $42352499] User settings (Registry key, fixed) HKEY_USERS\S-1-5-21-49382135-3011189677-513861276-1006\Software\Microsoft\rdfa Virtumonde: [SBI $47E741CD] Settings (Registry key, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws Virtumonde: [SBI $7342F9D9] Settings (Registry key, fixed) HKEY_USERS\S-1-5-21-49382135-3011189677-513861276-1006\Software\Microsoft\aldd DoubleClick: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) Statcounter: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) BurstMedia: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) FastClick: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) SexTracker: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) AdRevolver: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) HitBox: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) CoreMetrics: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) TagASaurus: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) AdRevolver: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) Virtumonde: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) CasaleMedia: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) HitBox: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) MediaPlex: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) AdRevolver: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) Zedo: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) HitBox: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) SexTracker: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) HitBox: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) SexTracker: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) HitBox: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) BurstMedia: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) HitBox: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) BFast: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) HitBox: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) MediaPlex: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) WebTrends live: [SBI $61F39AC8] Tracking cookie (Internet Explorer: Pramod) (Cookie, fixed) MediaPlex: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, fixed) DoubleClick: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, fixed) FastClick: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, fixed) FastClick: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, fixed) Statcounter: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, fixed) Zedo: [SBI $61F39AC8] Tracking cookie (Firefox: default) (Cookie, fixed) --- Spybot - Search & Destroy version: 1.5 (build: 20070830) --- 2007-08-31 blindman.exe (1.0.0.6) 2007-08-31 SDMain.exe (1.0.0.4) 2007-08-31 SDUpdate.exe (1.0.6.4) 2007-08-31 SDWinSec.exe (1.0.0.8) 2007-08-31 SpybotSD.exe (1.5.1.15) 2007-08-31 TeaTimer.exe (1.5.0.9) 2007-11-01 unins000.exe (51.46.0.0) 2007-08-31 Update.exe (1.4.0.5) 2007-08-31 advcheck.dll (1.5.3.0) 2007-04-02 aports.dll (2.1.0.0) 2007-04-02 DelZip179.dll (1.79.5.3) 2007-08-31 SDHelper.dll (1.5.0.8) 2007-08-31 Tools.dll (2.1.2.0) 2008-01-02 Includes\Cookies.sbi (*) 2007-12-26 Includes\Dialer.sbi (*) 2008-01-02 Includes\DialerC.sbi (*) 2007-12-26 Includes\Hijackers.sbi (*) 2008-01-02 Includes\HijackersC.sbi (*) 2007-10-04 Includes\Keyloggers.sbi (*) 2008-01-02 Includes\KeyloggersC.sbi (*) 2007-11-07 Includes\Malware.sbi (*) 2008-01-02 Includes\MalwareC.sbi (*) 2007-10-24 Includes\PUPS.sbi (*) 2008-01-02 Includes\PUPSC.sbi (*) 2008-01-02 Includes\Revision.sbi (*) 2007-05-30 Includes\Security.sbi (*) 2008-01-02 Includes\SecurityC.sbi (*) 2007-11-07 Includes\Spybots.sbi (*) 2008-01-02 Includes\SpybotsC.sbi (*) 2007-11-06 Includes\Tracks.uti 2007-12-12 Includes\Trojans.sbi (*) 2008-01-02 Includes\TrojansC.sbi (*) 2008-12-24 Plugins\TCPIPAddress.dll |
|
|
|
|
01-02-2008, 09:52 PM
|
#6 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 49
OS: Win XP Home SP2
|
Re: Computer almost dead:Virtumundo infected:lots of pop ups.
here is dss.exe scan report.
This is the latest one. extra is attached below. Deckard's System Scanner v20071014.68 Run by Pramod on 2008-01-02 23:43:03 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 104: 2008-01-03 04:43:15 UTC - RP139 - Deckard's System Scanner Restore Point 103: 2008-01-02 17:02:49 UTC - RP138 - System Checkpoint 102: 2008-01-01 16:42:50 UTC - RP137 - System Checkpoint 101: 2007-12-30 14:25:12 UTC - RP136 - Installed iTunes 100: 2007-12-29 19:45:44 UTC - RP135 - System Checkpoint -- First Restore Point -- 1: 2007-12-24 02  03 UTC - RP36 - Software Distribution Service 3.0Backed up registry hives. Performed disk cleanup. Total Physical Memory: 510 MiB (512 MiB recommended). -- HijackThis (run as Pramod.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:46:08 PM, on 1/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\DNA\btdna.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Documents and Settings\Pramod\Desktop\dss.exe C:\DOCUME~1\Pramod\Desktop\Pramod.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2206B84C-93F1-4D4C-8996-0FE62A787EDE} - C:\WINDOWS\system32\ssqpm.dll (file missing) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {87FFF7FF-462E-4307-97DF-7C4DCC7F8B2D} - C:\WINDOWS\system32\ddcyw.dll (file missing) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [c09f4a48] rundll32.exe "C:\WINDOWS\system32\jkxtbsbf.dll",b O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\G3V1V4Z2\FAVICO~3.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\8LK2XUC6\SEARCH~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\8LK2XUC6\FAVICO~3.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\Q4F4LOUC\FAVICO~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\Q4F4LOUC\FAVICO~2.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\8LK2XUC6\FAVICO~2.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\Q4F4LOUC\FAVICO~3.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\G3V1V4Z2\FA9455~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\CA270KKS\FAVICO~4.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\Q4F4LOUC\SECURI~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\CA270KKS\FA9455~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\CA270KKS\HOVER_~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\G3V1V4Z2\FAVICO~4.SH! C:\DOCUME~1\Pramod\LOCALS O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.doginhispen.com O15 - Trusted Zone: *.whataboutadog.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windo..._5.3.0.228.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1191988838937 O16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.comcast.net/videomail/vmLauncher.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- End of file - 13056 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller> S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus> S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour> R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-01-02 17:44:10 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-01-01 01:00:11 334 --a------ C:\WINDOWS\Tasks\McQcTask.job 2007-12-15 01:36:33 342 --a------ C:\WINDOWS\Tasks\McDefragTask.job -- Files created between 2007-12-02 and 2008-01-02 ----------------------------- 2007-12-30 22:29:48 0 d-------- C:\Program Files\AVI MPEG RM WMV Joiner 2007-12-30 09:26:54 0 d-------- C:\Program Files\iPod 2007-12-30 09:26:32 0 d-------- C:\Program Files\iTunes 2007-12-30 09:11:28 1353 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache 2007-12-28 00:23:42 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service> 2007-12-27 23:55:34 0 d-------- C:\VundoFix Backups 2007-12-27 19:17:35 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus> 2007-12-27 19:15:14 8576 --a------ C:\WINDOWS\system32\drivers\opiqrosgfnrk.sys <Not Verified; Panda Software International; RKPavProc Driver> 2007-12-27 18:56:42 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-25 17:12:08 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-12-25 17:12:08 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2007-12-25 17:12:08 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2007-12-25 17:12:08 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2007-12-25 17:12:08 0 dr------- C:\Documents and Settings\Administrator\My Documents 2007-12-25 17:12:08 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-12-25 17:12:08 0 dr------- C:\Documents and Settings\Administrator\Favorites 2007-12-25 17:12:08 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-12-25 17:12:08 0 d--hs---- C:\Documents and Settings\Administrator\Cookies 2007-12-25 17:12:08 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-12-25 17:12:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2007-12-25 17:12:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun 2007-12-25 17:12:08 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-12-25 17:12:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc 2007-12-25 17:12:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2007-12-25 17:12:08 0 d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek 2007-12-25 17:12:07 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-12-25 17:12:07 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-12-25 17:12:06 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2007-12-23 21:05:50 403936 --ahs---- C:\WINDOWS\system32\mpqss.ini2 2007-12-23 21:00:30 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)> 2007-12-23 21:00:30 314368 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5> 2007-12-23 21:00:28 0 d-------- C:\Program Files\Magic Video Converter 2007-12-23 00:02:40 107648 --a------ C:\WINDOWS\system32\drivers\vnetu9xl.sys <Not Verified; Cisco-Linksys LLC.; Instant Wireless USB Network Adapter ver.2.6> 2007-12-23 00:02:40 122112 --a------ C:\WINDOWS\system32\drivers\vnet58l.sys <Not Verified; Cisco-Linksys LLC.; Wireless-B USB Network Adapter ver.2.8> 2007-12-23 00:02:39 49936 --a------ C:\WINDOWS\system32\drivers\PRISM9x.SYS <Not Verified; Cisco-Linksys LLC.; Instant Wireless USB Network Adapter ver.2.5> 2007-12-23 00:02:39 72704 --a------ C:\WINDOWS\system32\drivers\NETUSBXP.SYS <Not Verified; Cisco-Linksys LLC.; Instant Wireless USB Network Adapter ver.2.5> 2007-12-23 00:02:39 70016 --a------ C:\WINDOWS\system32\drivers\NETUSB.SYS <Not Verified; Cisco-Linksys LLC.; Instant Wireless USB Network Adapter ver.2.5> 2007-12-23 00:02:36 40960 --a------ C:\WINDOWS\system32\IsUser11b.dll 2007-12-23 00:02:35 0 d-------- C:\Program Files\WUSB11 WLAN Monitor 2007-12-22 23:40:20 0 d-------- C:\Linksys Driver 2007-12-21 16:05:36 0 d-------- C:\REA_GRE 2007-12-21 16:05:19 247664 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller> 2007-12-21 16:05:19 26768 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control> 2007-12-20 16:14:54 0 d-------- C:\Program Files\GameHouse 2007-12-19 10:12:43 0 d-------- C:\Program Files\Google 2007-12-19 10:12:43 0 d-------- C:\Documents and Settings\Pramod\Application Data\Google 2007-12-18 23:47:05 0 d-------- C:\WINDOWS\system32\Dell 2007-12-17 18:11:10 0 d-------- C:\Documents and Settings\Pramod\Application Data\BitTorrent 2007-12-17 18:10:30 0 d-------- C:\Program Files\DNA 2007-12-17 18:10:30 0 d-------- C:\Documents and Settings\Pramod\Application Data\DNA 2007-12-17 14:15:24 0 d-------- C:\Program Files\Common Files\ODBC 2007-12-17 11:24:52 1158 --a------ C:\WINDOWS\mozver.dat 2007-12-17 11:11:06 0 d-------- C:\Documents and Settings\Pramod\Application Data\Mozilla 2007-12-15 22:57:22 0 d-------- C:\Program Files\Common Files\Macrovision Shared 2007-12-15 20:15:38 0 d-------- C:\Program Files\My Downloaded Games 2007-12-15 20:15:38 0 d-------- C:\Program Files\BoontyGames 2007-12-14 23:22:46 0 d-------- C:\Documents and Settings\Pramod\Application Data\Nero 2007-12-14 23:17:52 0 d-------- C:\Program Files\Common Files\Nero 2007-12-14 23:17:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero 2007-12-14 22:49:32 0 dr-h----- C:\Documents and Settings\Pramod\Recent 2007-12-14 20:14:14 0 d-------- C:\Documents and Settings\All Users\Application Data\scar5 2007-12-14 20:13:40 0 d-------- C:\Program Files\scar5 2007-12-14 20:13:40 0 d-------- C:\Documents and Settings\Pramod\Application Data\scar5 2007-12-13 01:48:06 0 d-------- C:\Documents and Settings\Pramod\Shared 2007-12-13 01:47:47 0 d-------- C:\Documents and Settings\Pramod\Incomplete 2007-12-13 01:47:00 0 d-------- C:\Documents and Settings\Pramod\Application Data\LimeWire 2007-12-12 12:08:35 0 d-------- C:\Program Files\Bonjour 2007-12-07 19:39:42 0 d-------- C:\Documents and Settings\Pramod\Application Data\McAfee 2007-12-07 19:32:29 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL> 2007-12-07 19:28:17 0 d-------- C:\Program Files\McAfee.com 2007-12-07 19:28:07 0 d-------- C:\Program Files\Common Files\McAfee 2007-12-07 19:27:57 0 d-------- C:\Program Files\McAfee 2007-12-07 19:27:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-07 19:19:42 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2007-12-05 11:15:04 0 d-------- C:\Documents and Settings\Pramod\Application Data\Media Player Classic 2007-12-05 11:09:35 164352 --a------ C:\WINDOWS\system32\unrar.dll 2007-12-05 11:09:33 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec> 2007-12-05 11:09:32 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-12-05 11:09:31 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-12-05 11:09:31 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-12-05 11:09:29 0 d-------- C:\Program Files\K-Lite Codec Pack 2007-12-05 10:44:12 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic> 2007-12-05 10:44:12 9728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL <Not Verified; Microsoft Corporation; PicClip> 2007-12-05 10:44:11 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL> 2007-12-05 10:44:11 15360 --a------ C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer> 2007-12-05 10:44:11 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG> 2007-12-04 11:17:44 0 d-------- C:\Program Files\Common Files\xing shared 2007-12-03 11:00:05 0 d-------- C:\WINDOWS\SxsCaPendDel -- Find3M Report --------------------------------------------------------------- 2008-01-02 16:27:29 0 d-------- C:\Documents and Settings\Pramod\Application Data\uTorrent 2007-12-30 11:12:52 0 d-------- C:\Program Files\QuickTime 2007-12-28 16:02:54 0 d-------- C:\Program Files\PowerISO 2007-12-28 15:58:41 0 d-------- C:\Program Files\MagicISO 2007-12-23 00:02:34 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-18 23:47:05 0 d-------- C:\Program Files\Dell 2007-12-18 08:43:10 0 d-------- C:\Documents and Settings\Pramod\Application Data\Adobe 2007-12-17 14:15:24 0 d-------- C:\Program Files\Common Files 2007-12-14 23:17:52 0 d-------- C:\Program Files\Nero 2007-12-12 12:08:29 0 d-------- C:\Program Files\Common Files\Adobe 2007-12-10 13:22:58 0 d-------- C:\Documents and Settings\Pramod\Application Data\U3 2007-12-10 09:30:48 0 d-------- C:\Program Files\Kap.GRETests 2007-12-04 11:18:21 0 d-------- C:\Documents and Settings\Pramod\Application Data\Real 2007-12-04 11:17:36 0 d-------- C:\Program Files\Common Files\Real 2007-12-01 21:18:14 0 d-------- C:\Program Files\COED11 2007-11-19 17:17:53 0 d-------- C:\Documents and Settings\Pramod\Application Data\OverDrive 2007-11-19 17:17:29 0 d-------- C:\Program Files\OverDrive Media Console 2007-11-18 20:38:57 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition 2007-11-14 13:14:23 0 d-------- C:\Program Files\Dell Support 2007-11-07 20:52:51 0 d-------- C:\Program Files\Common Files\InstallShield 2007-11-07 20:19:33 0 d-------- C:\Documents and Settings\Pramod\Application Data\InstallShield 2007-10-23 15 43 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>2007-10-23 15 42 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>2007-10-11 09:55:10 88576 --a------ C:\WINDOWS\system32\infocardapi.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework> 2007-10-09 12:58:20 16896 --a------ C:\WINDOWS\system32\tswpfwrp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2206B84C-93F1-4D4C-8996-0FE62A787EDE}] C:\WINDOWS\system32\ssqpm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87FFF7FF-462E-4307-97DF-7C4DCC7F8B2D}] C:\WINDOWS\system32\ddcyw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 08:32 AM] "@"="" [] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM] "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM] "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/04/2007 11:17 AM] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM] "c09f4a48"="C:\WINDOWS\system32\jkxtbsbf.dll" [] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [08/30/2007 10:50 AM] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [12/17/2007 06:10 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "DelayShred"=c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\G3V1V4Z2\FAVICO~3.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\8LK2XUC6\SEARCH~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\8LK2XUC6\FAVICO~3.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\Q4F4LOUC\FAVICO~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\Q4F4LOUC\FAVICO~2.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\8LK2XUC6\FAVICO~2.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\Q4F4LOUC\FAVICO~3.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\G3V1V4Z2\FA9455~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\CA270KKS\FAVICO~4.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\Q4F4LOUC\SECURI~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\CA270KKS\FA9455~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\CA270KKS\HOVER_~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\G3V1V4Z2\FAVICO~4.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\8LK2XUC6\FA9455~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\CA270KKS\GETDOW~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\G3V1V4Z2\FA9C55~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\G3V1V4Z2\FA9065~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\Q4F4LOUC\PROMO-~1.SH! C:\DOCUME~1\Pramod\LOCALS~1\TEMPOR~1\Content.IE5\019LB6KN\FAVICO~1.SH! [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "Registration"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcyw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pramod^Start Menu^Programs^Startup^MagicDisc.lnk] path=C:\Documents and Settings\Pramod\Start Menu\Programs\Startup\MagicDisc.lnk backup=C:\WINDOWS\pss\MagicDisc.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU] c:\dell\bldbubg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash] "C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a5479bb-9869-11dc-8943-0013205d3621}] AutoRun\command- F:\WD_Windows_Tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abfbf5f5-780f-11dc-890a-0013205d3621}] AutoRun\command- G:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2008-01-02 23:47:21 ------------ |
|
|
