virtumonde showing up in Spybot scan please help [Archive]

View Full Version : virtumonde showing up in Spybot scan please help

loganski

2010-04-22, 06:24

Hi here is my HJT log. Everytime I run Spybot I get virtumonde.dll showing up. Can you help me? When I surf via IE I get random pages (virus) and when I surf Firefox most of the time I am ok. Sometimes however I do get the good ol virus search page. Anyway I hope you can help me. This comp belonged to my younger brother who I KNOW was downloading things he should not have been. I think I have removed all of them. Any help would be great!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:19:49 PM, on 4/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\PCSecurityShield\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Owner\Application Data\svchosts.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Cj1.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=101912&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: The Shield Deluxe 2009 Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\PCSecurityShield\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Corp] C:\Documents and Settings\Owner\Application Data\svchosts.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA7730] command.com /c del "C:\WINDOWS\system32\avtapic.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2478] cmd.exe /c del "C:\WINDOWS\system32\avtapic.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7622] command.com /c del "C:\WINDOWS\system32\avtapic.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4324] cmd.exe /c del "C:\WINDOWS\system32\avtapic.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\DOCUME~1\Owner\LOCALS~1\Temp\Cj1.exe
O4 - HKCU\..\Run: [Microsoft Corp] C:\Documents and Settings\Owner\Application Data\svchosts.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4195] command.com /c del "C:\WINDOWS\system32\avtapic.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2711] cmd.exe /c del "C:\WINDOWS\system32\avtapic.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9110] command.com /c del "C:\WINDOWS\system32\avtapic.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5832] cmd.exe /c del "C:\WINDOWS\system32\avtapic.dll"
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Corp] C:\Documents and Settings\Owner\Application Data\svchosts.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253929452687
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: PCSecurityShield Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PCSecurityShield Desktop Update Service (LIVESRV) - PCSecurityShield - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: PCSecurityShield Virus Shield (VSSERV) - PCSecurityShield - C:\Program Files\PCSecurityShield\BitDefender 2009\vsserv.exe

--
End of file - 10620 bytes

loganski

2010-04-22, 07:20

Also here is my Spybot log. I had to split it up because it was to long for a forum post:

--- Search result list ---
Win32.Agent.ieu: [SBI $39018BD3] Data (File, nothing done)
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Properties.size=282
Properties.md5=6E850C6D97E69CAD4E6407D0ECCCAEFB
Properties.filedate=1271906281
Properties.filedatetext=2010-04-21 20:18:01

Win32.Parsi.z: [SBI $808D973A] Autorun settings (Microsoft Corp) (Registry value, nothing done)
HKEY_USERS\S-1-5-21-861567501-1844823847-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Corp

Win32.Parsi.z: [SBI $808D973A] Program file (File, nothing done)
C:\Documents and Settings\Owner\Application Data\svchosts.exe
Properties.size=77824
Properties.md5=F8FCC5E8932286B66340C5C8A1444654
Properties.filedate=1270541528
Properties.filedatetext=2010-04-06 01:12:08

Win32.Parsi.z: [SBI $808D973A] Autorun settings (Microsoft Corp) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Corp

Virtumonde.dll: [SBI $2F4068FC] Library (File, nothing done)
C:\WINDOWS\system32\avtapic.dll
Properties.size=70656
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Properties.filedate=1271863977
Properties.filedatetext=2010-04-21 08:32:57

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-09-29 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-09-07 advcheck.dll (1.6.4.18)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware.sbi (*)
2010-04-20 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-04-13 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-04-13 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-04-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-03-02 Includes\Malware.sbi (*)
2010-04-20 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-04-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-04-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-03-02 Includes\Spyware.sbi (*)
2010-04-20 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-03-03 Includes\Trojans.sbi (*)
2010-04-13 Includes\TrojansC-02.sbi (*)
2010-04-20 Includes\TrojansC-03.sbi (*)
2010-04-20 Includes\TrojansC-04.sbi (*)
2010-04-20 Includes\TrojansC-05.sbi (*)
2010-04-20 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

loganski

2010-04-22, 07:22

--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB953297)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB954155)
/ Windows Media Player: Security Update for Windows Media Player (KB968816)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127-v2)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB969897)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB972260)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB975364)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB976325)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB976325)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB976662)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB978207)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB980182)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB980302)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB981332)
/ Windows XP / SP10: Update for Microsoft Windows (KB971513)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Windows PowerShell(TM) 1.0
/ Windows XP / SP4: Hotfix for Windows XP (KB915800-v4)
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955759)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956844)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958869)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Update for Windows XP (KB968389)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969059)
/ Windows XP / SP4: Security Update for Windows XP (KB969947)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Security Update for Windows XP (KB970430)
/ Windows XP / SP4: Hotfix for Windows XP (KB970653-v3)
/ Windows XP / SP4: Security Update for Windows XP (KB971468)
/ Windows XP / SP4: Security Update for Windows XP (KB971486)
/ Windows XP / SP4: Security Update for Windows XP (KB971557)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Update for Windows XP (KB971737)
/ Windows XP / SP4: Security Update for Windows XP (KB971961)
/ Windows XP / SP4: Security Update for Windows XP (KB972270)
/ Windows XP / SP4: Security Update for Windows XP (KB973346)
/ Windows XP / SP4: Security Update for Windows XP (KB973354)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Security Update for Windows XP (KB973525)
/ Windows XP / SP4: Update for Windows XP (KB973687)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ Windows XP / SP4: Security Update for Windows XP (KB973904)
/ Windows XP / SP4: Security Update for Windows XP (KB974112)
/ Windows XP / SP4: Security Update for Windows XP (KB974318)
/ Windows XP / SP4: Security Update for Windows XP (KB974392)
/ Windows XP / SP4: Security Update for Windows XP (KB974571)
/ Windows XP / SP4: Security Update for Windows XP (KB975025)
/ Windows XP / SP4: Security Update for Windows XP (KB975467)
/ Windows XP / SP4: Security Update for Windows XP (KB975560)
/ Windows XP / SP4: Security Update for Windows XP (KB975561)
/ Windows XP / SP4: Security Update for Windows XP (KB975713)
/ Windows XP / SP4: Hotfix for Windows XP (KB976098-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB977165)
/ Windows XP / SP4: Security Update for Windows XP (KB977816)
/ Windows XP / SP4: Security Update for Windows XP (KB977914)
/ Windows XP / SP4: Security Update for Windows XP (KB978037)
/ Windows XP / SP4: Security Update for Windows XP (KB978251)
/ Windows XP / SP4: Security Update for Windows XP (KB978262)
/ Windows XP / SP4: Security Update for Windows XP (KB978338)
/ Windows XP / SP4: Security Update for Windows XP (KB978601)
/ Windows XP / SP4: Security Update for Windows XP (KB978706)
/ Windows XP / SP4: Hotfix for Windows XP (KB979306)
/ Windows XP / SP4: Security Update for Windows XP (KB979309)
/ Windows XP / SP4: Security Update for Windows XP (KB979683)
/ Windows XP / SP4: Security Update for Windows XP (KB980232)

--- Startup entries list ---
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 178712
MD5: F770104B0640417B2499E93BDD38D7E6

Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\WINDOWS\KHALMNPR.EXE
size: 55824
MD5: E42A642E162B0468B2C4E9D803079C7F

Located: HK_LM:Run, Microsoft Corp
command: C:\Documents and Settings\Owner\Application Data\svchosts.exe
file: C:\Documents and Settings\Owner\Application Data\svchosts.exe
size: 77824
MD5: F8FCC5E8932286B66340C5C8A1444654

Located: HK_LM:Run, OM2_Monitor
command: "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
file: C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
size: 54672
MD5: D81A88049DD6BAF96D330C71CDBAAF35

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 421888
MD5: ED7A6D40B20DC34BE06F4AE196AE7D50

Located: HK_LM:Run, SoundMAXPnP
command: C:\Program Files\Analog Devices\Core\smax4pnp.exe
file: C:\Program Files\Analog Devices\Core\smax4pnp.exe
size: 1036288
MD5: 0C5F9D4D8EA3F2ABC0FE916FE43CE2BB

Located: HK_LM:RunOnce, SpybotDeletingA7622
command: command.com /c del "C:\WINDOWS\system32\avtapic.dll"
file: command.com /c del "C:\WINDOWS\system32\avtapic.dll"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA7730
command: command.com /c del "C:\WINDOWS\system32\avtapic.dll"
file: command.com /c del "C:\WINDOWS\system32\avtapic.dll"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingC2478
command: cmd.exe /c del "C:\WINDOWS\system32\avtapic.dll"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_LM:RunOnce, SpybotDeletingC4324
command: cmd.exe /c del "C:\WINDOWS\system32\avtapic.dll"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_LM:Run, BDAgent (DISABLED)
command: "C:\Program Files\PCSecurityShield\BitDefender 2009\bdagent.exe"
file: C:\Program Files\PCSecurityShield\BitDefender 2009\bdagent.exe
size: 778240
MD5: CD57F17A4FB1BE027E617B219F7B295E

Located: HK_LM:Run, BitDefender Antiphishing Helper (DISABLED)
command: "C:\Program Files\PCSecurityShield\BitDefender 2009\IEShow.exe"
file: C:\Program Files\PCSecurityShield\BitDefender 2009\IEShow.exe
size: 73728
MD5: CD76D4A20515D857AB05D7A11BA4B97B

Located: HK_CU:RunOnce, _nltide_2
where: .DEFAULT...
command: regsvr32 /s /n /i:U shell32
file: regsvr32 /s /n /i:U shell32
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, _nltide_2
where: S-1-5-19...
command: regsvr32 /s /n /i:U shell32
file: regsvr32 /s /n /i:U shell32
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, _nltide_2
where: S-1-5-20...
command: regsvr32 /s /n /i:U shell32
file: regsvr32 /s /n /i:U shell32
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-861567501-1844823847-1177238915-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, Microsoft Corp
where: S-1-5-21-861567501-1844823847-1177238915-1003...
command: C:\Documents and Settings\Owner\Application Data\svchosts.exe
file: C:\Documents and Settings\Owner\Application Data\svchosts.exe
size: 77824
MD5: F8FCC5E8932286B66340C5C8A1444654

Located: HK_CU:Run, OM2_Monitor
where: S-1-5-21-861567501-1844823847-1177238915-1003...
command: "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
file: C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
size: 95632
MD5: F22DCB3A5697D0A372C529585E629AD2

Located: HK_CU:Run, YVIBBBHA8C
where: S-1-5-21-861567501-1844823847-1177238915-1003...
command: C:\DOCUME~1\Owner\LOCALS~1\Temp\Cj1.exe
file: C:\DOCUME~1\Owner\LOCALS~1\Temp\Cj1.exe
size: 146432
MD5: FB4A58449BC3B97BF074CB98B9926391

Located: HK_CU:RunOnce, SpybotDeletingB4195
where: S-1-5-21-861567501-1844823847-1177238915-1003...
command: command.com /c del "C:\WINDOWS\system32\avtapic.dll"
file: command.com /c del "C:\WINDOWS\system32\avtapic.dll"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB9110
where: S-1-5-21-861567501-1844823847-1177238915-1003...
command: command.com /c del "C:\WINDOWS\system32\avtapic.dll"
file: command.com /c del "C:\WINDOWS\system32\avtapic.dll"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingD2711
where: S-1-5-21-861567501-1844823847-1177238915-1003...
command: cmd.exe /c del "C:\WINDOWS\system32\avtapic.dll"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_CU:RunOnce, SpybotDeletingD5832
where: S-1-5-21-861567501-1844823847-1177238915-1003...
command: cmd.exe /c del "C:\WINDOWS\system32\avtapic.dll"
file: C:\WINDOWS\system32\cmd.exe
size: 389120
MD5: 6D778E0F95447E6546553EEEA709D03C

Located: HK_CU:RunOnce, _nltide_2
where: S-1-5-18...
command: regsvr32 /s /n /i:U shell32
file: regsvr32 /s /n /i:U shell32
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (common), Adobe Gamma Loader.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A

Located: Startup (common), Logitech SetPoint.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 813584
MD5: B624202660474516E73AA95238FD9843

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, LBTWlgn
command: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
file: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
size: 72208
MD5: A589D4BD91C15A0112E2F5DEF235DD67

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

loganski

2010-04-22, 07:22

--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name:
Date (created): 4/3/2010 4:36:42 PM
Date (last access): 6/15/2010 7:18:14 AM
Date (last write): 4/3/2010 4:36:42 PM
Filesize: 75200
Attributes: archive
MD5: E5EF96D01F3B696817DB909B732D9BB2
CRC32: E2F79FBD
Version: 9.3.2.163

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name:
Date (created): 3/30/2009 4:31:54 PM
Date (last access): 6/16/2010 6:12:38 AM
Date (last write): 3/30/2009 4:31:54 PM
Filesize: 403824
Attributes: archive
MD5: 9144D1A2D7AC4CE489C863E11FC5E478
CRC32: 55343708
Version: 6.500.3146.0

{D4027C7F-154A-4066-A1AD-4243D8127440} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 4/12/2010 6:44:26 PM
Date (last access): 6/15/2010 4:57:48 PM
Date (last write): 4/12/2010 6:44:26 PM
Filesize: 41760
Attributes: archive
MD5: 385BD69743EA92E76CDF07B3345A25D5
CRC32: D47CB5BA
Version: 6.0.200.2

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name:
Date (created): 4/12/2010 6:44:26 PM
Date (last access): 6/15/2010 4:57:48 PM
Date (last write): 4/12/2010 6:44:26 PM
Filesize: 79648
Attributes: archive
MD5: 4E2BB6D2677B42AD04BE18A6E9817B68
CRC32: 2F05ABD7
Version: 6.0.200.2

--- ActiveX list ---
{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Installer: C:\WINDOWS\Downloaded Program Files\ieawsdc.inf
Codebase: http://office.microsoft.com/templates/ieawsdc.cab
description:
classification: Legitimate
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: IEAWSDC.DLL
Short name:
Date (created): 6/30/2007 8:09:06 PM
Date (last access): 2/17/2010 5:47:36 AM
Date (last write): 6/30/2007 8:09:06 PM
Filesize: 175968
Attributes: archive
MD5: BCD0A5C3C1715C363CB3F321ABE31514
CRC32: DB757059
Version: 12.0.6028.0

{233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description:
classification: Legitimate
known filename: SwDir.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 1/18/2010 12:24:44 AM
Date (last access): 2/17/2010 5:43:40 AM
Date (last write): 1/18/2010 12:24:44 AM
Filesize: 213272
Attributes: archive
MD5: 9E6DEA101212D0244FA3F08945482413
CRC32: E3B3F3BE
Version: 11.5.6.606

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253929452687
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 10/16/2008 2:07:48 PM
Date (last access): 2/18/2010 8:56:30 PM
Date (last write): 8/6/2009 7:23:46 PM
Filesize: 215920
Attributes: archive
MD5: A1350D646EF6E57E8F4F33EBE7320D08
CRC32: AB3CA24F
Version: 7.4.7600.226

{6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager)
DPF name:
CLSID name: HP Download Manager
Installer: C:\WINDOWS\Downloaded Program Files\HPDEXAXO.inf
Codebase: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HPDEXAXO.dll
Short name:
Date (created): 10/18/2007 10:04:16 AM
Date (last access): 2/17/2010 5:47:36 AM
Date (last write): 10/18/2007 10:04:16 AM
Filesize: 341296
Attributes: archive
MD5: CDE357CD3FC047F5C7D8B8345B6A42BF
CRC32: 7ABDC22F
Version: 1.0.5.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_20
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_20.dll
Short name:
Date (created): 4/12/2010 3:19:06 PM
Date (last access): 4/12/2074 5:30:28 PM
Date (last write): 4/12/2010 5:29:22 PM
Filesize: 136992
Attributes: archive
MD5: E06930C34F16C8AD24AD79502F40026A
CRC32: 529E0B62
Version: 6.0.200.2

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} ()
DPF name:
CLSID name:
Installer:
Codebase:

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_20
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_20.dll
Short name:
Date (created): 4/12/2010 3:19:06 PM
Date (last access): 4/12/2074 5:30:28 PM
Date (last write): 4/12/2010 5:29:22 PM
Filesize: 136992
Attributes: archive
MD5: E06930C34F16C8AD24AD79502F40026A
CRC32: 529E0B62
Version: 6.0.200.2

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_20
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_20.dll
Short name:
Date (created): 4/12/2010 3:19:06 PM
Date (last access): 4/12/2074 5:30:28 PM
Date (last write): 4/12/2010 5:29:22 PM
Filesize: 136992
Attributes: archive
MD5: E06930C34F16C8AD24AD79502F40026A
CRC32: 529E0B62
Version: 6.0.200.2

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

--- Process list ---
PID: 0 ( 0) [System]
PID: 416 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 476 ( 416) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 500 ( 416) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 544 ( 500) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 556 ( 500) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 724 ( 544) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 792 ( 544) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 832 ( 544) C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
size: 413696
MD5: AFF707F4A2D27323E310CBC79B8095E3
PID: 844 ( 544) C:\Program Files\PCSecurityShield\BitDefender 2009\vsserv.exe
size: 1626112
MD5: 4D61701FC268C4C78736BD11487F1816
PID: 916 ( 544) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 972 ( 544) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1260 ( 544) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 1328 ( 544) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1368 ( 544) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
size: 144672
MD5: ACB095E7E1663F1B83A41C22C5D75F90
PID: 1380 ( 544) C:\Program Files\Bonjour\mDNSResponder.exe
size: 345376
MD5: A065F048E9E23E6C026A7BB548D126A7
PID: 1484 ( 544) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
size: 935208
MD5: 7D2633295EB6FF2B938185874884059D
PID: 1600 ( 544) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1904 ( 544) C:\WINDOWS\system32\SearchIndexer.exe
size: 439808
MD5: 7778BDFA3F6F6FBA0E75B9594098F737
PID: 2020 ( 916) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: 037B1E7798960E0420003D05BB577EE6
PID: 280 ( 184) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 704 ( 544) C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
size: 118784
MD5: A275231308C84683C5EA7F874E3B97F0
PID: 2064 ( 280) C:\WINDOWS\system32\hkcmd.exe
size: 178712
MD5: F770104B0640417B2499E93BDD38D7E6
PID: 2104 ( 280) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 2272 ( 280) C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 813584
MD5: B624202660474516E73AA95238FD9843
PID: 2296 (2272) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
size: 55824
MD5: E96BC31E0114F0999FB0F92FC65D61CA
PID: 2548 ( 500) C:\WINDOWS\system32\taskmgr.exe
size: 135680
MD5: 2CD1C3506A85B38E2D17E61ADED175C4
PID: 3560 (2600) C:\Documents and Settings\Owner\Application Data\svchosts.exe
size: 77824
MD5: F8FCC5E8932286B66340C5C8A1444654
PID: 2676 ( 280) C:\Program Files\Mozilla Firefox\firefox.exe
size: 910296
MD5: 49958506B773E40D31832E3EEDA522E7
PID: 3724 ( 280) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 2460 ( 280) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System

loganski

2010-04-22, 07:26

:oops: ok, so I did not realize how big the log would be. I have saved a copy. Please let me know if I should post the rest so I don't waste your time. Thanks! :oops:

tashi

2010-04-22, 09:54

Hello loganski,

Due to the volume of posts to your own topic, it would appear to volunteer analysts that you are already being assisted as they look for topics with no response. :eek:

Please see the forum FAQ "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) then start a new topic providing the HJT log only and a link back to this thread.

Best regards.