Dr. Web:
RegUBP2b-anand.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
4DFCBD1D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04140002;Trojan.PWS.Panda.114;Deleted.;
4DF8AC25.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04D80000;Trojan.PWS.Panda.114;Deleted.;
4FFD68BB.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E540000;Trojan.PWS.Panda.114;Deleted.;
KittyFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\anand\Desktop\KittyFix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\anand\Desktop;Archive contains infected objects;;
KittyFix.exe;C:\Documents and Settings\anand\Desktop;Container contains infected objects;;
ld08.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Win32.HLLW.Facebook.55;Deleted.;
Process.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Tool.Prockill;;
A0001074.exe;C:\System Volume Information\_restore{3C60EC10-2C36-4355-B45F-3B25C7DE5F5A}\RP96;Tool.Prockill;;
A0001084.exe;C:\System Volume Information\_restore{3C60EC10-2C36-4355-B45F-3B25C7DE5F5A}\RP96;Win32.HLLW.Facebook.55;Deleted.;
A0001102.EXE;C:\System Volume Information\_restore{3C60EC10-2C36-4355-B45F-3B25C7DE5F5A}\RP96;Program.PsExec.170;;
A0001240.exe;C:\System Volume Information\_restore{3C60EC10-2C36-4355-B45F-3B25C7DE5F5A}\RP97;Trojan.Fakealert.4222;Deleted.;
A0007311.reg;C:\System Volume Information\_restore{3C60EC10-2C36-4355-B45F-3B25C7DE5F5A}\RP97;Trojan.StartPage.1505;Deleted.;
A0007331.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{3C60EC10-2C36-4355-B45F-3B25C7DE5F5A}\RP97\A0007331.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{3C60EC10-2C36-4355-B45F-3B25C7DE5F5A}\RP97;Archive contains infected objects;;
A0007331.exe;C:\System Volume Information\_restore{3C60EC10-2C36-4355-B45F-3B25C7DE5F5A}\RP97;Container contains infected objects;;
A0007536.reg;C:\System Volume Information\_restore{3C60EC10-2C36-4355-B45F-3B25C7DE5F5A}\RP98;Trojan.StartPage.1505;Deleted.;
A0007560.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{3C60EC10-2C36-4355-B45F-3B25C7DE5F5A}\RP98\A0007560.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{3C60EC10-2C36-4355-B45F-3B25C7DE5F5A}\RP98;Archive contains infected objects;;
A0007560.exe;C:\System Volume Information\_restore{3C60EC10-2C36-4355-B45F-3B25C7DE5F5A}\RP98;Container contains infected objects;;
A0007577.sys;C:\System Volume Information\_restore{3C60EC10-2C36-4355-B45F-3B25C7DE5F5A}\RP98;Trojan.NtRootKit.2670;Deleted.;
A0008596.EXE;C:\System Volume Information\_restore{3C60EC10-2C36-4355-B45F-3B25C7DE5F5A}\RP98;Program.PsExec.170;;
A0012807.reg;C:\System Volume Information\_restore{3C60EC10-2C36-4355-B45F-3B25C7DE5F5A}\RP99;Trojan.StartPage.1505;Deleted.;
Tukanas Hits Generator.msi/stream002\Tukanas_Hits_Generator.exe;C:\WINDOWS\Downloaded Installations\{F9239913-723B-439E-B1FF-2D6C9E24ACC9}\Tukanas Hits Generator.msi/stream002;Trojan.PWS.Banker.21297;;
stream002;C:\WINDOWS\Downloaded Installations\{F9239913-723B-439E-B1FF-2D6C9E24ACC9};Archive contains infected objects;;
Tukanas Hits Generator.msi;C:\WINDOWS\Downloaded Installations\{F9239913-723B-439E-B1FF-2D6C9E24ACC9};Archive contains infected objects;;
ndis.sys;C:\WINDOWS\system32\dllcache;Trojan.NtRootKit.2670;Deleted.;
freeripmp3.exe\data004;D:\apps\freeripmp3.exe;Adware.MyWay;;
freeripmp3.exe\data007;D:\apps\freeripmp3.exe;Adware.MyWay;;
freeripmp3.exe\data009;D:\apps\freeripmp3.exe;Adware.MyWay;;
freeripmp3.exe;D:\apps;Archive contains infected objects;;
HT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:12 PM, on 5/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Marcus & Millichap\VPN Client Software\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\emitray.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\fucker.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone:
http://get.adobe.comO15 - Trusted Zone:
http://www.adobe.comO15 - Trusted Zone:
http://www.eset.euO15 - Trusted Zone:
http://www.livemocha.comO15 - ESC Trusted Zone:
http://www.petri.co.il (HKLM)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cabO16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -
https://www-secure.symantec.com/techsup ... gctlsr.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resourc ... oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 0269107789O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mmreibc.prv
O17 - HKLM\Software\..\Telephony: DomainName = mmreibc.prv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mmreibc.prv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mmreibc.prv
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Marcus & Millichap\VPN Client Software\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Emagic EMI System Tray Service (emitray) - Emagic Soft- und Hardware GmbH - C:\WINDOWS\system32\emitray.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - - (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8748 bytes