david84b
2008-08-10, 23:45
Looks like this virus found its way to my computer too.
My computer is sluggish and the internet often doesn't work at all. Firefox and Internet Explorer have been showing random pop ups for porn and antivirus software. My anti-virus automatic update has been disabled and I can't enable it again. I don't use anti-virus, just normally stay away from anything risky.
I downloaded Spybot and ran it, removing some other stuff in the process, but virtumonde and virtumonde.dll remain. I can't get rid of it.
Here are the Spybot and Kaspersky logs.
Spybot:
--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()
WildTangent: [SBI $3A3BDC07] Program directory (Directory, fixing failed)
C:\WINDOWS\wt\
WildTangent: [SBI $76830867] Program directory (Directory, fixing failed)
C:\WINDOWS\wt\wtupdates\
WildTangent: [SBI $7E3A8D37] Program directory (Directory, fixing failed)
C:\WINDOWS\wt\webdriver\
Virtumonde: [SBI $42352499] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-301497866-448638352-2860170572-1005\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde.dll: [SBI $E934C34B] Library (File, fixed)
C:\WINDOWS\system32\khfEUoPJ.dll
Virtumonde.dll: [SBI $66AB8614] Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{519C2ECA-4ADB-4267-BAD4-6100B63B9C72}
Virtumonde.dll: [SBI $66AB8614] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{519C2ECA-4ADB-4267-BAD4-6100B63B9C72}
Virtumonde.prx: [SBI $C46E6FC7] Configuration file (File, fixed)
C:\WINDOWS\pskt.ini
Virtumonde.prx: [SBI $13DC8D4E] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\IProxyProvider\Path=...C:\WINDOWS\system32\hiccrlad.dll...
Virtumonde.prx: [SBI $797B4EBF] Library (File, fixed)
C:\WINDOWS\system32\hiccrlad.dll
Virtumonde.prx: [SBI $0EED8ADA] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BM97f89746
Virtumonde.prx: [SBI $7BFCBA71] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-08-07 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-08-05 Includes\Adware.sbi (*)
2008-08-05 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-08-05 Includes\DialerC.sbi (*)
2008-07-22 Includes\HeavyDuty.sbi (*)
2008-07-30 Includes\Hijackers.sbi (*)
2008-07-08 Includes\HijackersC.sbi (*)
2008-08-05 Includes\Keyloggers.sbi (*)
2008-08-05 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-08-05 Includes\Malware.sbi (*)
2008-08-05 Includes\MalwareC.sbi (*)
2008-08-05 Includes\PUPS.sbi (*)
2008-08-05 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-17 Includes\Security.sbi (*)
2008-08-05 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-08-03 Includes\Spyware.sbi (*)
2008-08-05 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-08-05 Includes\Trojans.sbi (*)
2008-08-05 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP3: Windows XP Media Center Edition 2005 KB888316
/ Media Center 2005 / SP3: Windows XP Media Center Edition 2005 KB894553
/ Media Center 2005 / SP3: Windows XP Media Center Edition 2005 KB895678
/ Media Center 2005 / SP3: Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB926251)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB884018
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885855
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB888622
/ Windows XP / SP3: Hotfix for Windows XP (KB888795)
/ Windows XP / SP3: Windows XP Hotfix - KB889673
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890546
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Hotfix for Windows XP (KB891593)
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Windows XP Hotfix - KB893056
/ Windows XP / SP3: Hotfix for Windows XP (KB893357)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB894871)
/ Windows XP / SP3: Hotfix for Windows XP (KB896243)
/ Windows XP / SP3: Hotfix for Windows XP (KB896256)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Hotfix for Windows XP (KB899337)
/ Windows XP / SP3: Hotfix for Windows XP (KB899510)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Hotfix for Windows XP (KB902841)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Hotfix for Windows XP (KB910728)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Hotfix for Windows XP (KB917332)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928090)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB930494)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931768)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933566)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Hotfix for Windows XP (KB935448)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Security Update for Windows XP (KB937143)
/ Windows XP / SP3: Security Update for Windows XP (KB937894)
/ Windows XP / SP3: Security Update for Windows XP (KB938127)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB939653)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB941693)
/ Windows XP / SP3: Security Update for Windows XP (KB942615)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Update for Windows XP (KB942840)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944338)
/ Windows XP / SP3: Security Update for Windows XP (KB944533)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB945553)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ Windows XP / SP3: Update for Windows XP (KB946627)
/ Windows XP / SP3: Security Update for Windows XP (KB947864)
/ Windows XP / SP3: Security Update for Windows XP (KB948590)
/ Windows XP / SP3: Security Update for Windows XP (KB948881)
/ Windows XP / SP3: Security Update for Windows XP (KB950749)
/ Windows XP / SP4: Security Update for Windows XP (KB950759)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
--- Startup entries list ---
Located: HK_LM:Run, 94cba4da
command: rundll32.exe "C:\WINDOWS\system32\ampdioyn.dll",b
file: C:\WINDOWS\system32\ampdioyn.dll
size: 95232
MD5: ABBB81C04603508EE53B1E77BBA37D08
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 89541
MD5: D6E32F433FDC70670DD50CCBC1923789
Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A
Located: HK_LM:Run, BM97f89746
command: Rundll32.exe "C:\WINDOWS\system32\hiccrlad.dll",s
file: C:\WINDOWS\system32\hiccrlad.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, DDWMon
command: C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
file: C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
size: 299008
MD5: 14273A29CC670F43E3CE931B38C3729D
Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 7A21E06385E748E9CB0252F1BBC493F1
Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: D9F3DB62D1B361D82CD82A347EA6218D
Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 118784
MD5: 32FB9368F485A7FE944EB6678B61734B
Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 94208
MD5: 54F1F98C4AD8F99BBBE8FBB62B38733F
Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 700416
MD5: 370DC0AF1AC4E8F06E75716E8E023E3F
Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
file: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 802816
MD5: 2DFB46F886A092B1AF5F3A4A3402F6EA
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 267048
MD5: 04A9F0C58B170F30445BCC0683EF9FFC
Located: HK_LM:Run, LtMoh
command: C:\Program Files\ltmoh\Ltmoh.exe
file: C:\Program Files\ltmoh\Ltmoh.exe
size: 188416
MD5: 7DC4E93F9BE692E29B1E1D27B6A389DC
Located: HK_LM:Run, NDSTray.exe
command: NDSTray.exe
file: NDSTray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, PadTouch
command: C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
file: C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
size: 1077322
MD5: C211E45A28A2AD9DD57D856041EF717C
Located: HK_LM:Run, Pinger
command: c:\toshiba\ivp\ism\pinger.exe /run
file: c:\toshiba\ivp\ism\pinger.exe
size: 151552
MD5: FA8D59CD0B55A489A3CF237ACF6F3D46
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 6DF76965A0FB8237E9C3B3CAB9815EC2
Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 16050688
MD5: 94897A21D751D72DA0F34421DE17FB9D
Located: HK_LM:Run, SkyTel
command: SkyTel.EXE
file: C:\WINDOWS\SkyTel.EXE
size: 2879488
MD5: C74B86642F131D76C0EDE673FDF137B2
Located: HK_LM:Run, SmoothView
command: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
file: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
size: 122880
MD5: 021E0887AE43636F583E649AFEB3C767
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 761948
MD5: 6668B0E0B95E75CE3F3C8F737830F320
Located: HK_LM:Run, TFncKy
command: TFncKy.exe
file: TFncKy.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, THotkey
command: C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
file: C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
size: 364544
MD5: FF26607448DDEFFBB66C7D1E10E0E0AF
Located: HK_LM:Run, TPSMain
command: TPSMain.exe
file: C:\WINDOWS\system32\TPSMain.exe
size: 282624
MD5: 1812D1BB1FAD95017C613F927EAC8147
Located: HK_LM:Run, Tvs
command: C:\Program Files\Toshiba\Tvs\TvsTray.exe
file: C:\Program Files\Toshiba\Tvs\TvsTray.exe
size: 73728
MD5: A468117106C94701A3B55576192815D4
Located: HK_LM:RunOnce, Spybot - Search & Destroy
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
Located: HK_LM:RunOnce, SpybotDeletingA556
command: command /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
file: command /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA9836
command: command /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
file: command /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingC2006
command: cmd /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
file: cmd /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingC4710
command: cmd /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
file: cmd /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
Located: HK_CU:Run, ctfmon.exe
where: PE_C_ADMINISTRATOR...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, MSMSGS
where: PE_C_ADMINISTRATOR...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
Located: HK_CU:Run, TOSCDSPD
where: PE_C_ADMINISTRATOR...
command: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
size: 65536
MD5: D8CF04E65081018CF3379B0FC02FFCBB
Located: HK_CU:Run, AIM
where: S-1-5-21-301497866-448638352-2860170572-1005...
command: C:\Program Files\AIM\aim.exe -cnetwait.odl
file: C:\Program Files\AIM\aim.exe
size: 67112
MD5: 92BE69A36A9504EDBA2CAB34A32B97B3
Located: HK_CU:Run, TOSCDSPD
where: S-1-5-21-301497866-448638352-2860170572-1005...
command: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
size: 65536
MD5: D8CF04E65081018CF3379B0FC02FFCBB
Located: HK_CU:RunOnce, SpybotDeletingB6341
where: S-1-5-21-301497866-448638352-2860170572-1005...
command: command /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
file: command /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB9693
where: S-1-5-21-301497866-448638352-2860170572-1005...
command: command /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
file: command /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingD4088
where: S-1-5-21-301497866-448638352-2860170572-1005...
command: cmd /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
file: cmd /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingD6064
where: S-1-5-21-301497866-448638352-2860170572-1005...
command: cmd /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
file: cmd /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (common), Adobe Gamma Loader.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 110592
MD5: 5CD0CD0EC4DC5DF459B3AC016764F5AA
Located: Startup (common), Google Updater.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
file: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 124400
MD5: B3B8E688BC00E84EABC049F01C1C5420
Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A
Located: Startup (common), RAMASST.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\WINDOWS\system32\RAMASST.exe
file: C:\WINDOWS\system32\RAMASST.exe
size: 155648
MD5: 5648152AD2CCAB0265EAB9711755F484
Located: Startup (user), Adobe Gamma.lnk
where: C:\Documents and Settings\David\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 110592
MD5: 5CD0CD0EC4DC5DF459B3AC016764F5AA
Located: WinLogon, bYoNecYR
command: bYoNecYR.dll
file: bYoNecYR.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{4020100D-29D7-4392-AFD5-5AD713FF4B88} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: bYoNecYR.dll
Short name:
Date (created): 8/4/2008 12:40:42 PM
Date (last access): 8/9/2008 10:00:12 AM
Date (last write): 8/4/2008 12:40:42 PM
Filesize: 38400
Attributes: archive
MD5: 843EC9A55D1000EBBB2C01B58A4CA3B7
CRC32: C8576C0A
{519C2ECA-4ADB-4267-BAD4-6100B63B9C72} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: khfEUoPJ.dll
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 8/7/2008 12:10:22 AM
Date (last access): 8/9/2008 10:00:26 AM
Date (last write): 7/7/2008 9:41:58 AM
Filesize: 1562448
Attributes: archive
MD5: 32981ADE44D01EC2A9EBC2E311291707
CRC32: C2F522E6
Version: 1.6.0.12
{59084536-9D0B-4BCC-9287-E8DDA375A66E} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\CTYROLYJ\
Long name: 3077htsbdjyf[1].dll
Short name: 3077HT~1.DLL
Date (created): 8/4/2008 9:20:00 PM
Date (last access): 8/9/2008 9:56:54 AM
Date (last write): 8/4/2008 9:20:00 PM
Filesize: 91648
Attributes: archive
MD5: 0A9EBE91127F0140F747C3F50F61DFA8
CRC32: C24FF9B3
Version: 1.0.0.0
{6B7A0FA9-9DD0-4807-978E-CE92826C9FF0} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: byXpmnMd.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 11/10/2005 12:03:56 PM
Date (last access): 8/9/2008 9:54:30 AM
Date (last write): 11/10/2005 12:22:10 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\
Long name: swg.dll
Short name:
Date (created): 5/6/2008 2:27:00 PM
Date (last access): 8/9/2008 9:54:30 AM
Date (last write): 5/6/2008 2:27:00 PM
Filesize: 654320
Attributes: archive
MD5: 72D6804DC43CC0CF4F10E699D7738138
CRC32: ABF4BA3E
Version: 2.1.1119.1736
{ef798f0c-9d72-4ece-8192-d6fa154cb951} ({159bc451-af6d-2918-ece4-27d9c0f897fe})
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: {159bc451-af6d-2918-ece4-27d9c0f897fe}
CLSID name:
Path: C:\WINDOWS\system32\
Long name: mjukun.dll
Short name:
Date (created): 8/9/2008 3:59:44 AM
Date (last access): 8/9/2008 10:00:14 AM
Date (last write): 8/9/2008 3:59:44 AM
Filesize: 110592
Attributes: archive
MD5: 4FDCE1CD11FDDC6352E9559BAF76678D
CRC32: B4780452
{F7495247-D507-4BD5-B62E-B34A68D78DFF} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: yayYPgGX.dll
--- ActiveX list ---
{474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class)
DPF name:
CLSID name: UploadListView Class
Installer: C:\WINDOWS\Downloaded Program Files\default.inf
Codebase: http://picasaweb.google.com/s/v/32.72/uploader2.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: UploaderX.dll
Short name: UPLOAD~1.DLL
Date (created): 9/18/2007 9:20:50 AM
Date (last access): 8/8/2008 11:00:28 AM
Date (last write): 9/18/2007 9:20:50 AM
Filesize: 878072
Attributes: archive
MD5: 4314A3B6073BDB452725F8EFD4B77C34
CRC32: F6A8D4BC
Version: 1.0.0.31
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 12:03:56 PM
Date (last access): 8/8/2008 11:00:28 AM
Date (last write): 11/10/2005 12:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 12:03:56 PM
Date (last access): 8/9/2008 10:01:58 AM
Date (last write): 11/10/2005 12:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 12:03:56 PM
Date (last access): 8/9/2008 10:01:58 AM
Date (last write): 11/10/2005 12:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9f.ocx
Short name:
Date (created): 3/24/2008 6:32:42 PM
Date (last access): 8/8/2008 11:00:30 AM
Date (last write): 3/24/2008 6:32:42 PM
Filesize: 2991488
Attributes: readonly archive
MD5: 48FDF435B8595604E54125B321924510
CRC32: 12335E29
Version: 9.0.124.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 904 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 952 ( 904) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 980 ( 904) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 1028 ( 980) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 1040 ( 980) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1192 (1028) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1276 (1028) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1336 (1028) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1384 (1028) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1480 (1028) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
size: 434176
MD5: 2B1284C4EC97CC204F8430F5CCC2992F
PID: 1564 (1028) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
size: 937984
MD5: D72566C2E6A9EE9BA5B0D1F855AF74CF
PID: 1868 (1028) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1892 (1696) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 1956 (1028) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 624 (1028) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1236 (1028) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 110592
MD5: 8C34FFA452D0680FFAA02A6982A930B7
PID: 1316 (1028) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
size: 40960
MD5: 3CB0CC8879956C187E87E18634EE5164
PID: 1736 (1028) C:\WINDOWS\system32\DVDRAMSV.exe
size: 110592
MD5: C9FFBD6B8EDC46CD3D13E3C6DB914FB7
PID: 1828 (1028) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9
PID: 224 (1028) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 448 (1028) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
size: 137200
MD5: 1BF044E23206FDDC16891A32922D571B
PID: 640 (1028) C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
size: 9150464
MD5: 751961E128DBCC7A32304339C4BDEFF0
PID: 808 (1028) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
size: 327680
MD5: C35EC743558ED20FBC99C47616F9415E
PID: 1088 (1028) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1372 (1028) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1612 (1028) c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
size: 40960
MD5: 486A64AABD88E4E174681E89E9736BC9
PID: 1816 (1028) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
size: 35840
MD5: 36772B5EAAAF42DB5C5EE6EEB0EC0AF7
PID: 1616 (1028) C:\WINDOWS\system32\TODDSrv.exe
size: 114688
MD5: D540858E65BFA6FDED41AD2495ECE344
PID: 1180 (1028) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 2508 (1028) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: DD87DB7387B9EB441C5674888A0D840C
PID: 2616 (1336) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 2728 (1028) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3820 (1892) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
size: 364544
MD5: FF26607448DDEFFBB66C7D1E10E0E0AF
PID: 3484 (1892) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
size: 974848
MD5: 9EC785EBD0966DDE6FED10FB59FCB186
PID: 2652 (1892) C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
size: 299008
MD5: 14273A29CC670F43E3CE931B38C3729D
PID: 1856 (1892) C:\WINDOWS\RTHDCPL.EXE
size: 16050688
MD5: 94897A21D751D72DA0F34421DE17FB9D
PID: 2008 (1892) C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 7A21E06385E748E9CB0252F1BBC493F1
PID: 3208 (1892) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 761948
MD5: 6668B0E0B95E75CE3F3C8F737830F320
PID: 504 (1892) C:\Program Files\ltmoh\Ltmoh.exe
size: 188416
MD5: 7DC4E93F9BE692E29B1E1D27B6A389DC
PID: 3868 (1892) C:\WINDOWS\AGRSMMSG.exe
size: 89541
MD5: D6E32F433FDC70670DD50CCBC1923789
PID: 2128 (1892) C:\WINDOWS\system32\TPSMain.exe
size: 282624
MD5: 1812D1BB1FAD95017C613F927EAC8147
PID: 2260 (1892) C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
size: 1077322
MD5: C211E45A28A2AD9DD57D856041EF717C
PID: 816 (2128) C:\WINDOWS\system32\TPSBattM.exe
size: 45056
MD5: 1822A66A82433F83195B170592F8A7D8
PID: 3024 (1192) C:\WINDOWS\eHome\ehmsas.exe
size: 46592
MD5: 03A905FBA1D62317087DB5C21C0F8F62
PID: 3128 (3208) C:\Program Files\Synaptics\SynTP\Toshiba.exe
size: 151552
MD5: 5B935E585843F667561A794BA59978D0
PID: 3152 (1892) C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
size: 188416
MD5: DE7ADBA97297AB81C6E11652AFFFD674
PID: 3176 (1892) C:\Program Files\Toshiba\Tvs\TvsTray.exe
size: 73728
MD5: A468117106C94701A3B55576192815D4
PID: 3248 (1892) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
size: 122880
MD5: 021E0887AE43636F583E649AFEB3C767
PID: 3268 (1892) C:\toshiba\ivp\ism\pinger.exe
size: 151552
MD5: FA8D59CD0B55A489A3CF237ACF6F3D46
PID: 3472 (1892) C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 802816
MD5: 2DFB46F886A092B1AF5F3A4A3402F6EA
PID: 2708 (1892) C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 700416
MD5: 370DC0AF1AC4E8F06E75716E8E023E3F
PID: 3036 (1892) C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: D9F3DB62D1B361D82CD82A347EA6218D
PID: 892 (1892) C:\WINDOWS\system32\igfxpers.exe
size: 118784
MD5: 32FB9368F485A7FE944EB6678B61734B
PID: 3448 (1892) C:\Program Files\iTunes\iTunesHelper.exe
size: 267048
MD5: 04A9F0C58B170F30445BCC0683EF9FFC
PID: 3528 (1892) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
size: 65536
MD5: D8CF04E65081018CF3379B0FC02FFCBB
PID: 4064 (1892) C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 124400
MD5: B3B8E688BC00E84EABC049F01C1C5420
PID: 4084 (1192) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
size: 479232
MD5: 217CD9B3FED4F6F80E43C5988831C51D
PID: 3840 (1892) C:\WINDOWS\system32\RAMASST.exe
size: 155648
MD5: 5648152AD2CCAB0265EAB9711755F484
PID: 3580 (1028) C:\Program Files\iPod\bin\iPodService.exe
size: 504104
MD5: 1CB96E83FD76EB5580451CEF29E24303
PID: 2972 (1892) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 3720 (1892) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 3064 (1892) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/9/2008 10:01:59 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.toshibadirect.com/dpdstart
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CBB99845-7A47-4433-A4DB-92CC50742605}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CBB99845-7A47-4433-A4DB-92CC50742605}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4326325D-A6C4-48FC-99B1-9A41CFC35034}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4326325D-A6C4-48FC-99B1-9A41CFC35034}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{639C5725-625A-4CF1-B6E6-F49069972E96}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{639C5725-625A-4CF1-B6E6-F49069972E96}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DFB9DC23-C7C9-44A6-B53B-71B6D22ECE33}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DFB9DC23-C7C9-44A6-B53B-71B6D22ECE33}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04D38D40-EF02-4FC5-BEE7-1AF6499DE663}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04D38D40-EF02-4FC5-BEE7-1AF6499DE663}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDB1195F-BB1C-4F2A-90A0-DA28B8958FEA}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDB1195F-BB1C-4F2A-90A0-DA28B8958FEA}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05DD8672-9C80-48EC-9815-6DF182682140}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05DD8672-9C80-48EC-9815-6DF182682140}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, August 8, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 08, 2008 10:12:36
Records in database: 1069107
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
F:\
Scan statistics:
Files scanned: 120280
Threat name: 10
Infected objects: 49
Suspicious objects: 0
Duration of the scan: 02:39:38
File name / Threat name / Threats count
C:\WINDOWS\system32\bYoNecYR.dll/C:\WINDOWS\system32\bYoNecYR.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmr 2
C:\WINDOWS\system32\pjkkqrwx.dll/C:\WINDOWS\system32\pjkkqrwx.dll Infected: Trojan.Win32.Monder.dun 33
C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1ab034e7-3ee6482b.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-388d49e9.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\LOU38ZNA\8579[1].dll Infected: Trojan.Win32.Monder.dkx 1
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\OU9XG5DT\kb456456[1] Infected: Trojan.Win32.Monder.dun 1
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\STYRSD2V\CAES07PH Infected: not-a-virus:AdWare.Win32.Virtumonde.afbd 1
C:\RECYCLER\S-1-5-21-301497866-448638352-2860170572-1005\Dc671.rar Infected: Trojan-Dropper.Win32.VB.bix 1
C:\RECYCLER\S-1-5-21-301497866-448638352-2860170572-1005\Dc677\Cold War Kids - Robbers & Cowards (2006)\Bonus Tracks.exe Infected: Trojan-Dropper.Win32.VB.bix 1
C:\WINDOWS\system32\bccpkj.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cde 1
C:\WINDOWS\system32\bjzdeg.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cgi 1
C:\WINDOWS\system32\bYoNecYR.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmr 1
C:\WINDOWS\system32\inauxayj.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cgi 1
C:\WINDOWS\system32\pjkkqrwx.dll Infected: Trojan.Win32.Monder.dun 1
C:\WINDOWS\system32\qngkbxdx.dll Infected: Trojan.Win32.Monder.dug 1
C:\WINDOWS\system32\tjdqimtq.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cde 1
The selected area was scanned.
My computer is sluggish and the internet often doesn't work at all. Firefox and Internet Explorer have been showing random pop ups for porn and antivirus software. My anti-virus automatic update has been disabled and I can't enable it again. I don't use anti-virus, just normally stay away from anything risky.
I downloaded Spybot and ran it, removing some other stuff in the process, but virtumonde and virtumonde.dll remain. I can't get rid of it.
Here are the Spybot and Kaspersky logs.
Spybot:
--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()
WildTangent: [SBI $3A3BDC07] Program directory (Directory, fixing failed)
C:\WINDOWS\wt\
WildTangent: [SBI $76830867] Program directory (Directory, fixing failed)
C:\WINDOWS\wt\wtupdates\
WildTangent: [SBI $7E3A8D37] Program directory (Directory, fixing failed)
C:\WINDOWS\wt\webdriver\
Virtumonde: [SBI $42352499] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-301497866-448638352-2860170572-1005\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde.dll: [SBI $E934C34B] Library (File, fixed)
C:\WINDOWS\system32\khfEUoPJ.dll
Virtumonde.dll: [SBI $66AB8614] Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{519C2ECA-4ADB-4267-BAD4-6100B63B9C72}
Virtumonde.dll: [SBI $66AB8614] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{519C2ECA-4ADB-4267-BAD4-6100B63B9C72}
Virtumonde.prx: [SBI $C46E6FC7] Configuration file (File, fixed)
C:\WINDOWS\pskt.ini
Virtumonde.prx: [SBI $13DC8D4E] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\IProxyProvider\Path=...C:\WINDOWS\system32\hiccrlad.dll...
Virtumonde.prx: [SBI $797B4EBF] Library (File, fixed)
C:\WINDOWS\system32\hiccrlad.dll
Virtumonde.prx: [SBI $0EED8ADA] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BM97f89746
Virtumonde.prx: [SBI $7BFCBA71] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-08-07 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-08-05 Includes\Adware.sbi (*)
2008-08-05 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-08-05 Includes\DialerC.sbi (*)
2008-07-22 Includes\HeavyDuty.sbi (*)
2008-07-30 Includes\Hijackers.sbi (*)
2008-07-08 Includes\HijackersC.sbi (*)
2008-08-05 Includes\Keyloggers.sbi (*)
2008-08-05 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-08-05 Includes\Malware.sbi (*)
2008-08-05 Includes\MalwareC.sbi (*)
2008-08-05 Includes\PUPS.sbi (*)
2008-08-05 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-17 Includes\Security.sbi (*)
2008-08-05 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-08-03 Includes\Spyware.sbi (*)
2008-08-05 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-08-05 Includes\Trojans.sbi (*)
2008-08-05 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP3: Windows XP Media Center Edition 2005 KB888316
/ Media Center 2005 / SP3: Windows XP Media Center Edition 2005 KB894553
/ Media Center 2005 / SP3: Windows XP Media Center Edition 2005 KB895678
/ Media Center 2005 / SP3: Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB926251)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB884018
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885855
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB888622
/ Windows XP / SP3: Hotfix for Windows XP (KB888795)
/ Windows XP / SP3: Windows XP Hotfix - KB889673
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890546
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Hotfix for Windows XP (KB891593)
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Windows XP Hotfix - KB893056
/ Windows XP / SP3: Hotfix for Windows XP (KB893357)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB894871)
/ Windows XP / SP3: Hotfix for Windows XP (KB896243)
/ Windows XP / SP3: Hotfix for Windows XP (KB896256)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Hotfix for Windows XP (KB899337)
/ Windows XP / SP3: Hotfix for Windows XP (KB899510)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Hotfix for Windows XP (KB902841)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Hotfix for Windows XP (KB910728)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Hotfix for Windows XP (KB917332)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928090)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB930494)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931768)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933566)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Hotfix for Windows XP (KB935448)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Security Update for Windows XP (KB937143)
/ Windows XP / SP3: Security Update for Windows XP (KB937894)
/ Windows XP / SP3: Security Update for Windows XP (KB938127)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB939653)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB941693)
/ Windows XP / SP3: Security Update for Windows XP (KB942615)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Update for Windows XP (KB942840)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944338)
/ Windows XP / SP3: Security Update for Windows XP (KB944533)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB945553)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ Windows XP / SP3: Update for Windows XP (KB946627)
/ Windows XP / SP3: Security Update for Windows XP (KB947864)
/ Windows XP / SP3: Security Update for Windows XP (KB948590)
/ Windows XP / SP3: Security Update for Windows XP (KB948881)
/ Windows XP / SP3: Security Update for Windows XP (KB950749)
/ Windows XP / SP4: Security Update for Windows XP (KB950759)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
--- Startup entries list ---
Located: HK_LM:Run, 94cba4da
command: rundll32.exe "C:\WINDOWS\system32\ampdioyn.dll",b
file: C:\WINDOWS\system32\ampdioyn.dll
size: 95232
MD5: ABBB81C04603508EE53B1E77BBA37D08
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 89541
MD5: D6E32F433FDC70670DD50CCBC1923789
Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A
Located: HK_LM:Run, BM97f89746
command: Rundll32.exe "C:\WINDOWS\system32\hiccrlad.dll",s
file: C:\WINDOWS\system32\hiccrlad.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, DDWMon
command: C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
file: C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
size: 299008
MD5: 14273A29CC670F43E3CE931B38C3729D
Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 7A21E06385E748E9CB0252F1BBC493F1
Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: D9F3DB62D1B361D82CD82A347EA6218D
Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 118784
MD5: 32FB9368F485A7FE944EB6678B61734B
Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 94208
MD5: 54F1F98C4AD8F99BBBE8FBB62B38733F
Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 700416
MD5: 370DC0AF1AC4E8F06E75716E8E023E3F
Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
file: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 802816
MD5: 2DFB46F886A092B1AF5F3A4A3402F6EA
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 267048
MD5: 04A9F0C58B170F30445BCC0683EF9FFC
Located: HK_LM:Run, LtMoh
command: C:\Program Files\ltmoh\Ltmoh.exe
file: C:\Program Files\ltmoh\Ltmoh.exe
size: 188416
MD5: 7DC4E93F9BE692E29B1E1D27B6A389DC
Located: HK_LM:Run, NDSTray.exe
command: NDSTray.exe
file: NDSTray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, PadTouch
command: C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
file: C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
size: 1077322
MD5: C211E45A28A2AD9DD57D856041EF717C
Located: HK_LM:Run, Pinger
command: c:\toshiba\ivp\ism\pinger.exe /run
file: c:\toshiba\ivp\ism\pinger.exe
size: 151552
MD5: FA8D59CD0B55A489A3CF237ACF6F3D46
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 6DF76965A0FB8237E9C3B3CAB9815EC2
Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 16050688
MD5: 94897A21D751D72DA0F34421DE17FB9D
Located: HK_LM:Run, SkyTel
command: SkyTel.EXE
file: C:\WINDOWS\SkyTel.EXE
size: 2879488
MD5: C74B86642F131D76C0EDE673FDF137B2
Located: HK_LM:Run, SmoothView
command: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
file: C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
size: 122880
MD5: 021E0887AE43636F583E649AFEB3C767
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 761948
MD5: 6668B0E0B95E75CE3F3C8F737830F320
Located: HK_LM:Run, TFncKy
command: TFncKy.exe
file: TFncKy.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, THotkey
command: C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
file: C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
size: 364544
MD5: FF26607448DDEFFBB66C7D1E10E0E0AF
Located: HK_LM:Run, TPSMain
command: TPSMain.exe
file: C:\WINDOWS\system32\TPSMain.exe
size: 282624
MD5: 1812D1BB1FAD95017C613F927EAC8147
Located: HK_LM:Run, Tvs
command: C:\Program Files\Toshiba\Tvs\TvsTray.exe
file: C:\Program Files\Toshiba\Tvs\TvsTray.exe
size: 73728
MD5: A468117106C94701A3B55576192815D4
Located: HK_LM:RunOnce, Spybot - Search & Destroy
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
Located: HK_LM:RunOnce, SpybotDeletingA556
command: command /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
file: command /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA9836
command: command /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
file: command /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingC2006
command: cmd /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
file: cmd /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingC4710
command: cmd /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
file: cmd /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
Located: HK_CU:Run, ctfmon.exe
where: PE_C_ADMINISTRATOR...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, MSMSGS
where: PE_C_ADMINISTRATOR...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
Located: HK_CU:Run, TOSCDSPD
where: PE_C_ADMINISTRATOR...
command: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
size: 65536
MD5: D8CF04E65081018CF3379B0FC02FFCBB
Located: HK_CU:Run, AIM
where: S-1-5-21-301497866-448638352-2860170572-1005...
command: C:\Program Files\AIM\aim.exe -cnetwait.odl
file: C:\Program Files\AIM\aim.exe
size: 67112
MD5: 92BE69A36A9504EDBA2CAB34A32B97B3
Located: HK_CU:Run, TOSCDSPD
where: S-1-5-21-301497866-448638352-2860170572-1005...
command: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
file: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
size: 65536
MD5: D8CF04E65081018CF3379B0FC02FFCBB
Located: HK_CU:RunOnce, SpybotDeletingB6341
where: S-1-5-21-301497866-448638352-2860170572-1005...
command: command /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
file: command /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB9693
where: S-1-5-21-301497866-448638352-2860170572-1005...
command: command /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
file: command /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingD4088
where: S-1-5-21-301497866-448638352-2860170572-1005...
command: cmd /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
file: cmd /c del "C:\WINDOWS\system32\khfEUoPJ.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingD6064
where: S-1-5-21-301497866-448638352-2860170572-1005...
command: cmd /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
file: cmd /c del "C:\WINDOWS\system32\hiccrlad.dll_old"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (common), Adobe Gamma Loader.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 110592
MD5: 5CD0CD0EC4DC5DF459B3AC016764F5AA
Located: Startup (common), Google Updater.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
file: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 124400
MD5: B3B8E688BC00E84EABC049F01C1C5420
Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A
Located: Startup (common), RAMASST.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\WINDOWS\system32\RAMASST.exe
file: C:\WINDOWS\system32\RAMASST.exe
size: 155648
MD5: 5648152AD2CCAB0265EAB9711755F484
Located: Startup (user), Adobe Gamma.lnk
where: C:\Documents and Settings\David\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 110592
MD5: 5CD0CD0EC4DC5DF459B3AC016764F5AA
Located: WinLogon, bYoNecYR
command: bYoNecYR.dll
file: bYoNecYR.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{4020100D-29D7-4392-AFD5-5AD713FF4B88} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: bYoNecYR.dll
Short name:
Date (created): 8/4/2008 12:40:42 PM
Date (last access): 8/9/2008 10:00:12 AM
Date (last write): 8/4/2008 12:40:42 PM
Filesize: 38400
Attributes: archive
MD5: 843EC9A55D1000EBBB2C01B58A4CA3B7
CRC32: C8576C0A
{519C2ECA-4ADB-4267-BAD4-6100B63B9C72} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: khfEUoPJ.dll
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 8/7/2008 12:10:22 AM
Date (last access): 8/9/2008 10:00:26 AM
Date (last write): 7/7/2008 9:41:58 AM
Filesize: 1562448
Attributes: archive
MD5: 32981ADE44D01EC2A9EBC2E311291707
CRC32: C2F522E6
Version: 1.6.0.12
{59084536-9D0B-4BCC-9287-E8DDA375A66E} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\CTYROLYJ\
Long name: 3077htsbdjyf[1].dll
Short name: 3077HT~1.DLL
Date (created): 8/4/2008 9:20:00 PM
Date (last access): 8/9/2008 9:56:54 AM
Date (last write): 8/4/2008 9:20:00 PM
Filesize: 91648
Attributes: archive
MD5: 0A9EBE91127F0140F747C3F50F61DFA8
CRC32: C24FF9B3
Version: 1.0.0.0
{6B7A0FA9-9DD0-4807-978E-CE92826C9FF0} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: byXpmnMd.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 11/10/2005 12:03:56 PM
Date (last access): 8/9/2008 9:54:30 AM
Date (last write): 11/10/2005 12:22:10 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\
Long name: swg.dll
Short name:
Date (created): 5/6/2008 2:27:00 PM
Date (last access): 8/9/2008 9:54:30 AM
Date (last write): 5/6/2008 2:27:00 PM
Filesize: 654320
Attributes: archive
MD5: 72D6804DC43CC0CF4F10E699D7738138
CRC32: ABF4BA3E
Version: 2.1.1119.1736
{ef798f0c-9d72-4ece-8192-d6fa154cb951} ({159bc451-af6d-2918-ece4-27d9c0f897fe})
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: {159bc451-af6d-2918-ece4-27d9c0f897fe}
CLSID name:
Path: C:\WINDOWS\system32\
Long name: mjukun.dll
Short name:
Date (created): 8/9/2008 3:59:44 AM
Date (last access): 8/9/2008 10:00:14 AM
Date (last write): 8/9/2008 3:59:44 AM
Filesize: 110592
Attributes: archive
MD5: 4FDCE1CD11FDDC6352E9559BAF76678D
CRC32: B4780452
{F7495247-D507-4BD5-B62E-B34A68D78DFF} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: yayYPgGX.dll
--- ActiveX list ---
{474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class)
DPF name:
CLSID name: UploadListView Class
Installer: C:\WINDOWS\Downloaded Program Files\default.inf
Codebase: http://picasaweb.google.com/s/v/32.72/uploader2.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: UploaderX.dll
Short name: UPLOAD~1.DLL
Date (created): 9/18/2007 9:20:50 AM
Date (last access): 8/8/2008 11:00:28 AM
Date (last write): 9/18/2007 9:20:50 AM
Filesize: 878072
Attributes: archive
MD5: 4314A3B6073BDB452725F8EFD4B77C34
CRC32: F6A8D4BC
Version: 1.0.0.31
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 12:03:56 PM
Date (last access): 8/8/2008 11:00:28 AM
Date (last write): 11/10/2005 12:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 12:03:56 PM
Date (last access): 8/9/2008 10:01:58 AM
Date (last write): 11/10/2005 12:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 12:03:56 PM
Date (last access): 8/9/2008 10:01:58 AM
Date (last write): 11/10/2005 12:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9f.ocx
Short name:
Date (created): 3/24/2008 6:32:42 PM
Date (last access): 8/8/2008 11:00:30 AM
Date (last write): 3/24/2008 6:32:42 PM
Filesize: 2991488
Attributes: readonly archive
MD5: 48FDF435B8595604E54125B321924510
CRC32: 12335E29
Version: 9.0.124.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 904 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 952 ( 904) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 980 ( 904) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 1028 ( 980) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 1040 ( 980) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1192 (1028) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1276 (1028) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1336 (1028) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1384 (1028) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1480 (1028) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
size: 434176
MD5: 2B1284C4EC97CC204F8430F5CCC2992F
PID: 1564 (1028) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
size: 937984
MD5: D72566C2E6A9EE9BA5B0D1F855AF74CF
PID: 1868 (1028) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1892 (1696) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 1956 (1028) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 624 (1028) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1236 (1028) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 110592
MD5: 8C34FFA452D0680FFAA02A6982A930B7
PID: 1316 (1028) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
size: 40960
MD5: 3CB0CC8879956C187E87E18634EE5164
PID: 1736 (1028) C:\WINDOWS\system32\DVDRAMSV.exe
size: 110592
MD5: C9FFBD6B8EDC46CD3D13E3C6DB914FB7
PID: 1828 (1028) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9
PID: 224 (1028) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 448 (1028) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
size: 137200
MD5: 1BF044E23206FDDC16891A32922D571B
PID: 640 (1028) C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
size: 9150464
MD5: 751961E128DBCC7A32304339C4BDEFF0
PID: 808 (1028) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
size: 327680
MD5: C35EC743558ED20FBC99C47616F9415E
PID: 1088 (1028) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1372 (1028) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1612 (1028) c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
size: 40960
MD5: 486A64AABD88E4E174681E89E9736BC9
PID: 1816 (1028) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
size: 35840
MD5: 36772B5EAAAF42DB5C5EE6EEB0EC0AF7
PID: 1616 (1028) C:\WINDOWS\system32\TODDSrv.exe
size: 114688
MD5: D540858E65BFA6FDED41AD2495ECE344
PID: 1180 (1028) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 2508 (1028) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: DD87DB7387B9EB441C5674888A0D840C
PID: 2616 (1336) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 2728 (1028) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3820 (1892) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
size: 364544
MD5: FF26607448DDEFFBB66C7D1E10E0E0AF
PID: 3484 (1892) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
size: 974848
MD5: 9EC785EBD0966DDE6FED10FB59FCB186
PID: 2652 (1892) C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
size: 299008
MD5: 14273A29CC670F43E3CE931B38C3729D
PID: 1856 (1892) C:\WINDOWS\RTHDCPL.EXE
size: 16050688
MD5: 94897A21D751D72DA0F34421DE17FB9D
PID: 2008 (1892) C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 7A21E06385E748E9CB0252F1BBC493F1
PID: 3208 (1892) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 761948
MD5: 6668B0E0B95E75CE3F3C8F737830F320
PID: 504 (1892) C:\Program Files\ltmoh\Ltmoh.exe
size: 188416
MD5: 7DC4E93F9BE692E29B1E1D27B6A389DC
PID: 3868 (1892) C:\WINDOWS\AGRSMMSG.exe
size: 89541
MD5: D6E32F433FDC70670DD50CCBC1923789
PID: 2128 (1892) C:\WINDOWS\system32\TPSMain.exe
size: 282624
MD5: 1812D1BB1FAD95017C613F927EAC8147
PID: 2260 (1892) C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
size: 1077322
MD5: C211E45A28A2AD9DD57D856041EF717C
PID: 816 (2128) C:\WINDOWS\system32\TPSBattM.exe
size: 45056
MD5: 1822A66A82433F83195B170592F8A7D8
PID: 3024 (1192) C:\WINDOWS\eHome\ehmsas.exe
size: 46592
MD5: 03A905FBA1D62317087DB5C21C0F8F62
PID: 3128 (3208) C:\Program Files\Synaptics\SynTP\Toshiba.exe
size: 151552
MD5: 5B935E585843F667561A794BA59978D0
PID: 3152 (1892) C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
size: 188416
MD5: DE7ADBA97297AB81C6E11652AFFFD674
PID: 3176 (1892) C:\Program Files\Toshiba\Tvs\TvsTray.exe
size: 73728
MD5: A468117106C94701A3B55576192815D4
PID: 3248 (1892) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
size: 122880
MD5: 021E0887AE43636F583E649AFEB3C767
PID: 3268 (1892) C:\toshiba\ivp\ism\pinger.exe
size: 151552
MD5: FA8D59CD0B55A489A3CF237ACF6F3D46
PID: 3472 (1892) C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 802816
MD5: 2DFB46F886A092B1AF5F3A4A3402F6EA
PID: 2708 (1892) C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 700416
MD5: 370DC0AF1AC4E8F06E75716E8E023E3F
PID: 3036 (1892) C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: D9F3DB62D1B361D82CD82A347EA6218D
PID: 892 (1892) C:\WINDOWS\system32\igfxpers.exe
size: 118784
MD5: 32FB9368F485A7FE944EB6678B61734B
PID: 3448 (1892) C:\Program Files\iTunes\iTunesHelper.exe
size: 267048
MD5: 04A9F0C58B170F30445BCC0683EF9FFC
PID: 3528 (1892) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
size: 65536
MD5: D8CF04E65081018CF3379B0FC02FFCBB
PID: 4064 (1892) C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 124400
MD5: B3B8E688BC00E84EABC049F01C1C5420
PID: 4084 (1192) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
size: 479232
MD5: 217CD9B3FED4F6F80E43C5988831C51D
PID: 3840 (1892) C:\WINDOWS\system32\RAMASST.exe
size: 155648
MD5: 5648152AD2CCAB0265EAB9711755F484
PID: 3580 (1028) C:\Program Files\iPod\bin\iPodService.exe
size: 504104
MD5: 1CB96E83FD76EB5580451CEF29E24303
PID: 2972 (1892) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 3720 (1892) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 3064 (1892) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/9/2008 10:01:59 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.toshibadirect.com/dpdstart
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CBB99845-7A47-4433-A4DB-92CC50742605}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CBB99845-7A47-4433-A4DB-92CC50742605}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4326325D-A6C4-48FC-99B1-9A41CFC35034}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4326325D-A6C4-48FC-99B1-9A41CFC35034}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{639C5725-625A-4CF1-B6E6-F49069972E96}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{639C5725-625A-4CF1-B6E6-F49069972E96}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DFB9DC23-C7C9-44A6-B53B-71B6D22ECE33}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DFB9DC23-C7C9-44A6-B53B-71B6D22ECE33}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04D38D40-EF02-4FC5-BEE7-1AF6499DE663}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04D38D40-EF02-4FC5-BEE7-1AF6499DE663}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDB1195F-BB1C-4F2A-90A0-DA28B8958FEA}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDB1195F-BB1C-4F2A-90A0-DA28B8958FEA}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05DD8672-9C80-48EC-9815-6DF182682140}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{05DD8672-9C80-48EC-9815-6DF182682140}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, August 8, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 08, 2008 10:12:36
Records in database: 1069107
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
F:\
Scan statistics:
Files scanned: 120280
Threat name: 10
Infected objects: 49
Suspicious objects: 0
Duration of the scan: 02:39:38
File name / Threat name / Threats count
C:\WINDOWS\system32\bYoNecYR.dll/C:\WINDOWS\system32\bYoNecYR.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmr 2
C:\WINDOWS\system32\pjkkqrwx.dll/C:\WINDOWS\system32\pjkkqrwx.dll Infected: Trojan.Win32.Monder.dun 33
C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1ab034e7-3ee6482b.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-388d49e9.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\LOU38ZNA\8579[1].dll Infected: Trojan.Win32.Monder.dkx 1
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\OU9XG5DT\kb456456[1] Infected: Trojan.Win32.Monder.dun 1
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\STYRSD2V\CAES07PH Infected: not-a-virus:AdWare.Win32.Virtumonde.afbd 1
C:\RECYCLER\S-1-5-21-301497866-448638352-2860170572-1005\Dc671.rar Infected: Trojan-Dropper.Win32.VB.bix 1
C:\RECYCLER\S-1-5-21-301497866-448638352-2860170572-1005\Dc677\Cold War Kids - Robbers & Cowards (2006)\Bonus Tracks.exe Infected: Trojan-Dropper.Win32.VB.bix 1
C:\WINDOWS\system32\bccpkj.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cde 1
C:\WINDOWS\system32\bjzdeg.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cgi 1
C:\WINDOWS\system32\bYoNecYR.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmr 1
C:\WINDOWS\system32\inauxayj.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cgi 1
C:\WINDOWS\system32\pjkkqrwx.dll Infected: Trojan.Win32.Monder.dun 1
C:\WINDOWS\system32\qngkbxdx.dll Infected: Trojan.Win32.Monder.dug 1
C:\WINDOWS\system32\tjdqimtq.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cde 1
The selected area was scanned.