Results 1 to 10 of 18

Thread: Infected Virtumonde.dll help please

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2010-12-03, 16:00 #1
    swonderbin
    swonderbin is offline
    Junior Member swonderbin's Avatar
    Join Date
    Dec 2010
    Location
    Australia / Indonesia
    Posts
    11

    Default

    Hi
    I have been infected with the Virtumonde.dll trojan and cant get rid of it using spybot. It is not a false positive as the PC is playing up. Before I (possibly) start the long process of trying to disinfect if some one can please answer the following questions it would be helpful.

    1/ If I re-install windows from the OEM copy on the hard drive will this eliminate the trojan? (or does the trojan go deep enough to infect from there) . I usually re-install windows every couple of years anyway to refresh the system and it is just about due.

    2/ Any special precautions I should take doing this ?

    3/ If I connect any external hardrives will they be infected?
    (there is some files I still want to get off the hard drive, and luckily none of my externals have been connected for a while)

    If anyone knows the quick answer to these it would be greatly appreciated so I dont take up to much time trying to disinfect if I dont have to.


    In advance - Thank You
    Steve
    --------------------------------
    Edit Removed own post as helpers look for topics with zero response. -tashi
     --------------------------------

    Hi
    Thanks for your help. Find attached the required reports.

    Dont know if you need this info but I have run 3 full spybot removals (1 x in windows AND 1x on reboot)

    Major problems occuring with shortcuts wanting to delete files, delete button gets stuck on, Vaio splash screen freezes and much more, It is getting very hard to even try and operate the machine.

    I do want to get this problem solved but please bare with me if it takes a while due to several things (bad internet connection, work etc) If you do not hear from me for 24 hours that is why. BUT I WILL DO MY BEST.

    Thanks for helping a little lost sole.

    Steve

    DDS Report

    DDS (Ver_10-11-27.01) - NTFSx86
    Run by BarrellON Production at 1:17:34.21 on Sat 04/12/2010
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.421 [GMT 11:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Documents and Settings\BarrellON Production\My Documents\SpyBot Removal Stuff\DDS\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
    mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
    mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [NeroFilterCheck] C:\Program F)Please wait scanning download directoriesexe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
    mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
    StartupFolder: c:\docume~1\barrel~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1236322130609
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286798456296
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286798433937
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    TCP: {2C67CE15-22B8-4EAC-B05D-335174D5D78A} = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\barrel~1\applic~1\mozilla\firefox\profiles\yak88t2s.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cef4538&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-GB&q=
    FF - component: c:\documents and settings\barrellon production\application data\mozilla\firefox\profiles\yak88t2s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\barrellon production\application data\mozilla\firefox\profiles\yak88t2s.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\openoffice.org 3\program\npsoplugin.dll
    FF - plugin: c:\program files\picasa2\npPicasa2.dll
    FF - plugin: c:\program files\picasa2\npPicasa3.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\barrel~1\applic~1\mozilla\firefox\profiles\yak88t2s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\docume~1\barrel~1\applic~1\mozilla\firefox\profiles\yak88t2s.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Extension: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\docume~1\barrel~1\applic~1\mozilla\firefox\profiles\yak88t2s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Extension: Java Quick Starter: - c:\program files\java\jre6\lib\deploy\jqs\ff

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-21 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-21 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-21 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-14 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-14 297752]
    S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-4-5 1120960]

    =============== Created Last 30 ================

    2010-11-28 04:46:45 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2010-11-28 04:46:45 -------- d-----w- c:\windows\system32\wbem\Repository

    ==================== Find3M ====================


    ============= FINISH: 1:18:04.15 ===============




    Spybot Report


    --- Report generated: 2010-12-02 03:33 ---

    Virtumonde.dll: [SBI $DB0322C4] Library (File, fixed)
    C:\WINDOWS\system32\mfc40.dll
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Log: Activity: COM+.log (Backup file, nothing done)
    C:\WINDOWS\COM+.log

    Log: Activity: SchedLgU.Txt (Backup file, nothing done)
    C:\WINDOWS\SchedLgU.Txt

    Log: Activity: imsins.log (Backup file, nothing done)
    C:\WINDOWS\imsins.log

    Log: Activity: OEWABLog.txt (Backup file, nothing done)
    C:\WINDOWS\OEWABLog.txt

    Log: Install: comsetup.log (Backup file, nothing done)
    C:\WINDOWS\comsetup.log

    Log: Install: Directx.log (Backup file, nothing done)
    C:\WINDOWS\Directx.log

    Log: Install: ocgen.log (Backup file, nothing done)
    C:\WINDOWS\ocgen.log

    Log: Install: setupact.log (Backup file, nothing done)
    C:\WINDOWS\setupact.log

    Log: Install: setupapi.log (Backup file, nothing done)
    C:\WINDOWS\setupapi.log

    Log: Install: setuplog.txt (Backup file, nothing done)
    C:\WINDOWS\setuplog.txt

    Log: Install: svcpack.log (Backup file, nothing done)
    C:\WINDOWS\svcpack.log

    Log: Install: wmsetup.log (Backup file, nothing done)
    C:\WINDOWS\wmsetup.log

    Log: Install: DtcInstall.log (Backup file, nothing done)
    C:\WINDOWS\DtcInstall.log

    Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\mofcomp.log

    Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\setup.log

    Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemcore.log

    Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.lo_

    Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.log

    Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemprox.log

    Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\winmgmt.log

    Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiadap.log

    Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiprov.log

    Ahead Nero Burning Rom: [SBI $B67505E9] Recent file list (1 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Ahead\Nero - Burning Rom\Recent file list

    Ahead Nero Burning Rom: [SBI $0D846EDB] Compilation directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation

    Ahead Nero Burning Rom: [SBI $DE353278] Browser directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir

    Ahead Nero Burning Rom: [SBI $F3FD92E9] Working directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir

    Ahead Nero Burning Rom: [SBI $055C754D] Last ISO directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\ahead\Nero - Burning Rom\General\OFDLastISODir

    MS Management Console: [SBI $ECD50EAD] Recent command list (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Microsoft Management Console\Recent File List

    MS Media Player: [SBI $735D57D7] Recent open directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir

    MS Media Player: [SBI $656F1808] Search terms history (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch

    MS Media Player: [SBI $8E65C0EE] Last opened playlist (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

    MS Media Player: [SBI $1BDA487B] Last selected track index (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex

    MS Media Player: [SBI $6D2E50D8] Last selected node (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode

    MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

    MS Office 12.0 (Publisher): [SBI $CBBE5E84] Recent Publication List (9 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Office\12.0\Publisher\Recent File List

    MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (50 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Office\12.0\Word\File MRU

    MS Paint: [SBI $07867C39] Recent file list (1 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

    MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Search Assistant\ACMru

    MS Wordpad: [SBI $4C02334D] Recent file list (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

    Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

    Windows.OpenWith: [SBI $CDE7D0A6] Open with list - .ASX extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList

    Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (6 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

    Windows.OpenWith: [SBI $DCEE25EC] Open with list - .BAK extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BAK\OpenWithList

    Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (5 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

    Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

    Windows.OpenWith: [SBI $7E93AD81] Open with list - .CSS extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList

    Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (48 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

    Windows Explorer: [SBI $7308A845] Run history (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

    Windows Explorer: [SBI $AA0766B5] Stream history (201 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: [SBI $2026AFB6] User Assistant history IE (11 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: [SBI $6107D172] User Assistant history files (286 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: [SBI $B7EBA926] Last visited history (24 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-1754583774-3961524848-3462523170-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    History: [SBI $49804B54] History (60) (History, nothing done)


    Cookie: [SBI $49804B54] Cookie (10) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-01-26 TeaTimer.exe (1.6.4.26)
    2009-02-17 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2010-06-29 Includes\Adware.sbi (*)
    2010-10-12 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-09-22 Includes\Dialer.sbi (*)
    2010-10-12 Includes\DialerC.sbi (*)
    2010-01-25 Includes\HeavyDuty.sbi (*)
    2010-11-16 Includes\Hijackers.sbi (*)
    2010-11-16 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-08-02 Includes\Keyloggers.sbi (*)
    2010-10-12 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2010-09-13 Includes\Malware.sbi (*)
    2010-11-23 Includes\MalwareC.sbi (*)
    2010-05-18 Includes\PUPS.sbi (*)
    2010-10-12 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-14 Includes\Security.sbi (*)
    2010-10-12 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2010-06-29 Includes\Spyware.sbi (*)
    2010-10-26 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti (*)
    2010-11-02 Includes\Trojans.sbi (*)
    2010-10-12 Includes\TrojansC-02.sbi (*)
    2010-10-12 Includes\TrojansC-03.sbi (*)
    2010-10-12 Includes\TrojansC-04.sbi (*)
    2010-11-24 Includes\TrojansC-05.sbi (*)
    2010-11-23 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll
    Last edited by tashi; 2010-12-03 at 17:40. Reason: Merged two posts
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules