Results 1 to 2 of 2

Thread: Virtumonde.dll Bootsector Help to remove

  1. #1
    Junior Member
    Join Date
    May 2009
    Posts
    7

    Angry Virtumonde.dll Bootsector Help to remove

    Hi guys, I need a help to remove the Virtumonde.dll, the Spybot find it at the time scan in bootsector, in the file gzrhmkkm.dll plus another file ckjddte.dll is a problem and I can't delete then, I had try many ways.

    --- Search result list ---
    Virtumonde.Dll: [SBI $5DC45B99] Library (File, fixed)
    C:\WINDOWS\system32\gzrhmkkm.dll
    Properties.size=143872
    Properties.md5=C708046C1DB5CC1FAAF251D6C2A8FF92
    Properties.filedate=1239082964
    Properties.filedatetext=2009-04-07 02:42:43


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-04-28 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-01-26 advcheck.dll (1.6.2.15)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2009-03-25 Includes\Adware.sbi (*)
    2009-04-28 Includes\AdwareC.sbi (*)
    2009-01-22 Includes\Cookies.sbi (*)
    2009-03-31 Includes\Dialer.sbi (*)
    2009-04-21 Includes\DialerC.sbi (*)
    2009-01-22 Includes\HeavyDuty.sbi (*)
    2009-04-21 Includes\Hijackers.sbi (*)
    2009-04-28 Includes\HijackersC.sbi (*)
    2009-03-17 Includes\Keyloggers.sbi (*)
    2009-04-28 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2009-04-07 Includes\Malware.sbi (*)
    2009-04-28 Includes\MalwareC.sbi (*)
    2009-03-25 Includes\PUPS.sbi (*)
    2009-04-28 Includes\PUPSC.sbi (*)
    2009-01-22 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2009-04-21 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-04-07 Includes\Spyware.sbi (*)
    2009-04-28 Includes\SpywareC.sbi (*)
    2009-04-07 Includes\Tracks.uti
    2009-04-29 Includes\Trojans.sbi (*)
    2009-04-29 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
    / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
    / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494)
    / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
    / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
    / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
    / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
    / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
    / Windows / SP1: Microsoft National Language Support Downlevel APIs
    / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
    / Windows Media Player: Security Update for Windows Media Player (KB952069)
    / Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
    / Windows Media Player 10: Update for Windows Media Player 10 (KB926251)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
    / Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
    / Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
    / Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
    / Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
    / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
    / Windows XP: Security Update for Windows XP (KB923689)
    / Windows XP: Security Update for Windows XP (KB941569)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB963027)
    / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
    / Windows XP / SP3: Windows XP Service Pack 3
    / Windows XP / SP4: Security Update for Windows XP (KB923561)
    / Windows XP / SP4: Security Update for Windows XP (KB938464)
    / Windows XP / SP4: Security Update for Windows XP (KB946648)
    / Windows XP / SP4: Security Update for Windows XP (KB950760)
    / Windows XP / SP4: Security Update for Windows XP (KB950762)
    / Windows XP / SP4: Security Update for Windows XP (KB950974)
    / Windows XP / SP4: Security Update for Windows XP (KB951066)
    / Windows XP / SP4: Update for Windows XP (KB951072-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951376)
    / Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951698)
    / Windows XP / SP4: Security Update for Windows XP (KB951748)
    / Windows XP / SP4: Update for Windows XP (KB951978)
    / Windows XP / SP4: Security Update for Windows XP (KB952004)
    / Windows XP / SP4: Hotfix for Windows XP (KB952287)
    / Windows XP / SP4: Security Update for Windows XP (KB952954)
    / Windows XP / SP4: Security Update for Windows XP (KB953839)
    / Windows XP / SP4: Security Update for Windows XP (KB954211)
    / Windows XP / SP4: Security Update for Windows XP (KB954459)
    / Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
    / Windows XP / SP4: Security Update for Windows XP (KB954600)
    / Windows XP / SP4: Security Update for Windows XP (KB955069)
    / Windows XP / SP4: Update for Windows XP (KB955839)
    / Windows XP / SP4: Security Update for Windows XP (KB956391)
    / Windows XP / SP4: Security Update for Windows XP (KB956572)
    / Windows XP / SP4: Security Update for Windows XP (KB956802)
    / Windows XP / SP4: Security Update for Windows XP (KB956803)
    / Windows XP / SP4: Security Update for Windows XP (KB956841)
    / Windows XP / SP4: Security Update for Windows XP (KB957095)
    / Windows XP / SP4: Security Update for Windows XP (KB957097)
    / Windows XP / SP4: Security Update for Windows XP (KB958644)
    / Windows XP / SP4: Security Update for Windows XP (KB958687)
    / Windows XP / SP4: Security Update for Windows XP (KB958690)
    / Windows XP / SP4: Security Update for Windows XP (KB959426)
    / Windows XP / SP4: Security Update for Windows XP (KB960225)
    / Windows XP / SP4: Security Update for Windows XP (KB960715)
    / Windows XP / SP4: Security Update for Windows XP (KB960803)
    / Windows XP / SP4: Hotfix for Windows XP (KB961118)
    / Windows XP / SP4: Security Update for Windows XP (KB961373)
    / Windows XP / SP4: Update for Windows XP (KB967715)


    --- Startup entries list ---
    Located: HK_LM:Run, Cpqset
    command: C:\Program Files\HPQ\Default Settings\cpqset.exe
    file: C:\Program Files\HPQ\Default Settings\cpqset.exe
    size: 40960
    MD5: 6D00C852F991883F7A5873C018D1C8C4

    Located: HK_LM:Run, High Definition Audio Property Page Shortcut
    command: CHDAudPropShortcut.exe
    file: C:\WINDOWS\system32\CHDAudPropShortcut.exe
    size: 61952
    MD5: 8EAC49BF89C0FE814EC4E7F404211839

    Located: HK_LM:Run, hpWirelessAssistant
    command: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    file: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    size: 454656
    MD5: 3EC8642B4920A072F75358EEDD43587D

    Located: HK_LM:Run, igfxhkcmd
    command: C:\WINDOWS\system32\hkcmd.exe
    file: C:\WINDOWS\system32\hkcmd.exe
    size: 77824
    MD5: D9F3DB62D1B361D82CD82A347EA6218D

    Located: HK_LM:Run, igfxpers
    command: C:\WINDOWS\system32\igfxpers.exe
    file: C:\WINDOWS\system32\igfxpers.exe
    size: 118784
    MD5: 32FB9368F485A7FE944EB6678B61734B

    Located: HK_LM:Run, igfxtray
    command: C:\WINDOWS\system32\igfxtray.exe
    file: C:\WINDOWS\system32\igfxtray.exe
    size: 94208
    MD5: 54F1F98C4AD8F99BBBE8FBB62B38733F

    Located: HK_LM:Run, ISUSScheduler
    command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    size: 81920
    MD5: 7D58C9BDF9C0A3955BDCDE7387AD12AC

    Located: HK_LM:Run, mcagent_exe
    command: C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    file: C:\Program Files\McAfee.com\Agent\mcagent.exe
    size: 582992
    MD5: 9405B452064BFA6A0F78E2F177A988A4

    Located: HK_LM:Run, QlbCtrl
    command: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    file: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    size: 131072
    MD5: 426A15F5621B4B0864E227FC19958F04

    Located: HK_LM:Run, SynTPEnh
    command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 1015808
    MD5: CF76682825BA63D4527DE57DA469D325

    Located: HK_LM:Run, SynTPStart
    command: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    file: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    size: 102400
    MD5: A3418E4D4A5EE636D44922DC2567FA18

    Located: HK_LM:RunOnce, Spybot - Search & Destroy
    command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89

    Located: HK_LM:RunOnce, SpybotDeletingA7879
    command: command.com /c del "C:\WINDOWS\system32\gzrhmkkm.dll"
    file: command.com /c del "C:\WINDOWS\system32\gzrhmkkm.dll"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:RunOnce, SpybotDeletingC1750
    command: cmd.exe /c del "C:\WINDOWS\system32\gzrhmkkm.dll"
    file: C:\WINDOWS\system32\cmd.exe
    size: 389120
    MD5: 6D778E0F95447E6546553EEEA709D03C

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-322578404-3515157543-1235953213-1005...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:Run, SpybotSD TeaTimer
    where: S-1-5-21-322578404-3515157543-1235953213-1005...
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2260480
    MD5: 390679F7A217A5E73D756276C40AE887

    Located: HK_CU:RunOnce, SpybotDeletingB596
    where: S-1-5-21-322578404-3515157543-1235953213-1005...
    command: command.com /c del "C:\WINDOWS\system32\gzrhmkkm.dll"
    file: command.com /c del "C:\WINDOWS\system32\gzrhmkkm.dll"
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:RunOnce, SpybotDeletingD5387
    where: S-1-5-21-322578404-3515157543-1235953213-1005...
    command: cmd.exe /c del "C:\WINDOWS\system32\gzrhmkkm.dll"
    file: C:\WINDOWS\system32\cmd.exe
    size: 389120
    MD5: 6D778E0F95447E6546553EEEA709D03C

    Located: HK_CU:Run, ctfmon.exe
    where: S-1-5-21-322578404-3515157543-1235953213-500...
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

    Located: HK_CU:Run, MSMSGS
    where: S-1-5-21-322578404-3515157543-1235953213-500...
    command: "C:\Program Files\Messenger\msmsgs.exe" /background
    file: C:\Program Files\Messenger\msmsgs.exe
    size: 1695232
    MD5: 3E930C641079443D4DE036167A69CAA2

    Located: WinLogon, GbPluginCef
    command: C:\Program Files\GbPlugin\gbiehcef.dll
    file: C:\Program Files\GbPlugin\gbiehcef.dll
    size: 374856
    MD5: 0CA49C0A6B509660BDC207AC5FB8ED5A

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, dimsntfy
    command: %SystemRoot%\System32\dimsntfy.dll
    file: %SystemRoot%\System32\dimsntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, igfxcui
    command: igfxdev.dll
    file: igfxdev.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!



    --- Browser helper object list ---
    {0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: HP Print Enhancer
    CLSID name: HP Print Enhancer
    Path: C:\Program Files\HP\Smart Web Printing\
    Long name: hpswp_printenhancer.dll
    Short name: HPSWP_~1.DLL
    Date (created): 3/2/2007 4:52:24 PM
    Date (last access): 5/1/2009 2:43:00 PM
    Date (last write): 3/2/2007 4:52:24 PM
    Filesize: 1298024
    Attributes: readonly archive
    MD5: 1062E80907867BFC14EB844241391331
    CRC32: 4B194A34
    Version: 2.15.7.0

    {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: HP Print Clips
    Path: C:\Program Files\HP\Smart Web Printing\
    Long name: hpswp_framework.dll
    Short name: HPSWP_~4.DLL
    Date (created): 3/2/2007 4:52:08 PM
    Date (last access): 5/1/2009 2:43:00 PM
    Date (last write): 3/2/2007 4:52:08 PM
    Filesize: 177768
    Attributes: readonly archive
    MD5: A40456DE4EF7E318104955361C72AC9D
    CRC32: 6F06AAE2
    Version: 2.15.7.0

    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: AcroIEHelperStub
    CLSID name: Adobe PDF Link Helper
    Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
    Long name: AcroIEHelperShim.dll
    Short name: ACROIE~2.DLL
    Date (created): 2/27/2009 12:07:26 PM
    Date (last access): 5/1/2009 2:43:00 PM
    Date (last write): 2/27/2009 12:07:26 PM
    Filesize: 75128
    Attributes: archive
    MD5: 5CF6190CD875DA6B35256FEE573E7908
    CRC32: 764BA81B
    Version: 9.1.0.163

    {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
    Path: C:\Program Files\Real\RealPlayer\
    Long name: rpbrowserrecordplugin.dll
    Short name: RPBROW~1.DLL
    Date (created): 11/22/2008 9:18:18 PM
    Date (last access): 5/1/2009 2:43:00 PM
    Date (last write): 11/22/2008 9:18:18 PM
    Filesize: 304736
    Attributes: archive
    MD5: BA0B225D8FDA9B22F22F5816873EB9FE
    CRC32: 777276E9
    Version: 1.0.1.85

    {4E6F8FF7-8011-4AB7-B21F-28D8C8C94FA0} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:
    Path: c:\windows\system32\
    Long name: ckjddte.dll
    Short name:
    Date (created): 8/10/2004 7:00:00 PM
    Date (last access): 4/28/2009 1:54:52 PM
    Date (last write): 8/10/2004 7:00:00 PM
    Filesize: 102400
    Attributes: archive
    MD5: 51EA999F3461CE711BF7484979A1F894
    CRC32: 72AFBEFE

    {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: scriptproxy
    CLSID name: scriptproxy
    Path: C:\Program Files\McAfee\VirusScan\
    Long name: scriptsn.dll
    Short name:
    Date (created): 4/19/2009 4:28:32 PM
    Date (last access): 5/1/2009 3:55:10 PM
    Date (last write): 11/9/2007 12:09:08 PM
    Filesize: 58688
    Attributes: archive
    MD5: 5B9FCB73F5A4A000C55AFF08B639A07C
    CRC32: C78C7E89
    Version: 14.0.0.366

    {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live Sign-in Helper
    Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 8/31/2006 9:33:06 PM
    Date (last access): 5/1/2009 2:43:00 PM
    Date (last write): 8/31/2006 9:33:06 PM
    Filesize: 322368
    Attributes: archive
    MD5: E43F7CFDEE2B00A22C96C168147B20D3
    CRC32: 2AEACC43
    Version: 4.100.313.1

    {C41A1C0E-EA6C-11D4-B1B8-444553540003} (G-Buster Browser Defense CEF)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: G-Buster Browser Defense CEF
    CLSID name: GbIehObj Class
    Path: C:\Program Files\GbPlugin\
    Long name: gbiehcef.dll
    Short name:
    Date (created): 9/23/2008 5:47:12 PM
    Date (last access): 5/1/2009 3:55:12 PM
    Date (last write): 9/1/2008 5:12:20 PM
    Filesize: 374856
    Attributes:
    MD5: 0CA49C0A6B509660BDC207AC5FB8ED5A
    CRC32: 5FF882DF
    Version: 3.6.39.16

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 4/14/2009 8:15:10 PM
    Date (last access): 5/1/2009 2:43:00 PM
    Date (last write): 4/14/2009 8:15:10 PM
    Filesize: 35840
    Attributes: archive
    MD5: 96A225C7F5346A9E81FC3DFA89A900C0
    CRC32: BAD5D2EF
    Version: 6.0.130.3

    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: JQSIEStartDetectorImpl
    CLSID name: JQSIEStartDetectorImpl Class
    Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
    Long name: jqs_plugin.dll
    Short name: JQS_PL~1.DLL
    Date (created): 4/14/2009 8:15:12 PM
    Date (last access): 5/1/2009 2:43:00 PM
    Date (last write): 4/14/2009 8:15:12 PM
    Filesize: 73728
    Attributes: archive
    MD5: 53F8B53918C839F76367B7E612B742B1
    CRC32: 735F7F91
    Version: 6.0.130.3

    {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} (WinAVI FLVSense)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: WinAVI FLVSense
    CLSID name:



    --- ActiveX list ---
    {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
    DPF name:
    CLSID name: Windows Genuine Advantage Validation Tool
    Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
    Codebase: http://download.microsoft.com/downlo...eckControl.cab
    description:
    classification: Legitimate
    known filename: LegitCheckControl.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: LegitCheckControl.DLL
    Short name: LEGITC~1.DLL
    Date (created): 4/24/2007 12:32:06 PM
    Date (last access): 5/1/2009 2:43:00 PM
    Date (last write): 2/6/2009 12:35:56 PM
    Filesize: 1486208
    Attributes: archive
    MD5: 937A55210D8B8B75F017C79958ECE7D3
    CRC32: CA9CD645
    Version: 1.9.9.1

    {49232000-16E4-426C-A231-62846947304B} (SysData Class)
    DPF name:
    CLSID name: SysData Class
    Installer: C:\WINDOWS\Downloaded Program Files\sysinfo.inf
    Codebase: https://wimpro.cce.hp.com/ChatEntry/...ds/sysinfo.cab
    description:
    classification: Legitimate
    known filename: SysInfo.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\DOWNLO~1\
    Long name: SysInfo.dll
    Short name:
    Date (created): 5/15/2007 4:33:20 PM
    Date (last access): 5/1/2009 2:43:00 PM
    Date (last write): 5/15/2007 4:33:20 PM
    Filesize: 251448
    Attributes: archive
    MD5: 55E8A05DDA26E8C455A7730721DCAF60
    CRC32: 38BB3B52
    Version: 2.4.0.0

    {5ED80217-570B-4DA9-BF44-BE107C0EC166} ()
    DPF name:
    CLSID name:
    Installer:
    Codebase:
    description:
    classification: Legitimate
    known filename: wlscBase.dll
    info link:
    info source: Safer Networking Ltd.

    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
    DPF name:
    CLSID name: MUWebControl Class
    Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
    Codebase: http://update.microsoft.com/microsof...?1240944689718
    description:
    classification: Legitimate
    known filename: muweb.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\system32\
    Long name: muweb.dll
    Short name:
    Date (created): 10/16/2008 2:07:48 PM
    Date (last access): 5/1/2009 3:54:02 PM
    Date (last write): 10/16/2008 2:07:48 PM
    Filesize: 208744
    Attributes: archive
    MD5: 90058C2AD9FC43A3B3D59F82FFC6AEA7
    CRC32: 7D5F90FA
    Version: 7.2.6001.788

    {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
    Codebase: http://h20270.www2.hp.com/ediags/gmn...Detection2.cab

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_13
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla

    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/get.../ultrashim.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_13
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_13.dll
    Short name: NPJPI1~1.DLL
    Date (created): 4/14/2009 8:15:10 PM
    Date (last access): 5/1/2009 2:43:00 PM
    Date (last write): 4/14/2009 8:15:10 PM
    Filesize: 136600
    Attributes: archive
    MD5: 20188EB1790C5EB9057DDFE3EA138FC7
    CRC32: 2EA1ACCF
    Version: 6.0.130.3

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_13
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_13.dll
    Short name: NPJPI1~1.DLL
    Date (created): 4/14/2009 8:15:10 PM
    Date (last access): 5/1/2009 4:07:16 PM
    Date (last write): 4/14/2009 8:15:10 PM
    Filesize: 136600
    Attributes: archive
    MD5: 20188EB1790C5EB9057DDFE3EA138FC7
    CRC32: 2EA1ACCF
    Version: 6.0.130.3



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 904 ( 4) \SystemRoot\System32\smss.exe
    size: 50688
    PID: 956 ( 904) \??\C:\WINDOWS\system32\csrss.exe
    size: 6144
    PID: 988 ( 904) \??\C:\WINDOWS\system32\winlogon.exe
    size: 507904
    PID: 1032 ( 988) C:\WINDOWS\system32\services.exe
    size: 110592
    MD5: 65DF52F5B8B6E9BBD183505225C37315
    PID: 1044 ( 988) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: BF2466B3E18E970D8A976FB95FC1CA85
    PID: 1216 (1032) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1284 (1032) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1324 (1032) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1420 (1032) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1476 (1032) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 1712 (1032) C:\Program Files\GbPlugin\GbpSv.exe
    size: 46656
    MD5: 223A8070779AC9A187D86AE733B2E90C
    PID: 1824 (1032) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
    PID: 1868 (1032) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    size: 137752
    MD5: B2D04E813BA12AB179DAF0B9FDECBA3D
    PID: 1884 (1032) C:\WINDOWS\System32\SCardSvr.exe
    size: 95744
    MD5: 86D007E7A654B9A71D1D7D856B104353
    PID: 256 (1032) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 308 (1032) C:\WINDOWS\eHome\ehRecvr.exe
    size: 237568
    MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9
    PID: 332 (1032) C:\WINDOWS\eHome\ehSched.exe
    size: 102912
    MD5: A53243709439AC2A4C216B817F8D7411
    PID: 404 (1032) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 512 (1032) C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    size: 1440552
    MD5: 44203081689F3A33FC7CC09218E78E69
    PID: 736 ( 668) C:\WINDOWS\Explorer.EXE
    size: 1033728
    MD5: 12896823FB95BFB3DC9B46BCAEDC9923
    PID: 796 (1032) C:\Program Files\Java\jre6\bin\jqs.exe
    size: 152984
    MD5: 890369AED0DDE1A98F09F7DC239CA2BD
    PID: 964 (1032) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    size: 73728
    MD5: AB8134127F786C9603817B5318DCEEAA
    PID: 1456 (1032) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    size: 186904
    MD5: 14E4CC4D46169759D874F57604EA6BE5
    PID: 1580 (1032) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    size: 767976
    MD5: CB3A8976DE2F65349322DA7627CEA223
    PID: 1604 (1032) c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    size: 2458128
    MD5: C69E71E00B30B60556D3E096699BD423
    PID: 1768 (1032) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    size: 359248
    MD5: 8CF3DA0BE6094C34D7C4A85493E60547
    PID: 1928 (1032) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    size: 144704
    MD5: 33734ABFA52EC8D096A1254D645E9B4F
    PID: 2008 (1032) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    size: 322120
    MD5: 11F714F85530A2BD134074DC30E99FCA
    PID: 2024 (1032) C:\Program Files\McAfee\MPF\MPFSrv.exe
    size: 856864
    MD5: 346F30F1FF73553AA466F4AE7948DA00
    PID: 2208 (1032) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    size: 853288
    MD5: 6D4028D458EAAA1782099750790DC8C9
    PID: 2288 (1032) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 2316 (1032) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 2368 (1032) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 2452 (1032) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 2504 (1032) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    size: 1247600
    MD5: 477A47C10C4B2E79DD52D74BAA9ED716
    PID: 2568 (1032) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    size: 135168
    MD5: 2C565B24C56577E824436427DF01B4E2
    PID: 2596 (1032) C:\WINDOWS\ehome\mcrdsvc.exe
    size: 99328
    MD5: DF0A511F38F16016BF658FCA0090CB87
    PID: 2912 ( 736) C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    size: 454656
    MD5: 3EC8642B4920A072F75358EEDD43587D
    PID: 2920 ( 736) C:\WINDOWS\system32\hkcmd.exe
    size: 77824
    MD5: D9F3DB62D1B361D82CD82A347EA6218D
    PID: 2940 ( 736) C:\WINDOWS\system32\igfxpers.exe
    size: 118784
    MD5: 32FB9368F485A7FE944EB6678B61734B
    PID: 3004 ( 736) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 1015808
    MD5: CF76682825BA63D4527DE57DA469D325
    PID: 3076 ( 736) C:\Program Files\McAfee.com\Agent\mcagent.exe
    size: 582992
    MD5: 9405B452064BFA6A0F78E2F177A988A4
    PID: 3116 ( 736) C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
    PID: 3128 ( 736) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2260480
    MD5: 390679F7A217A5E73D756276C40AE887
    PID: 3384 (1216) C:\WINDOWS\system32\wbem\wmiprvse.exe
    size: 227840
    MD5: 798A9E6828997EEF4517ADA8A2259831
    PID: 3484 (1032) C:\WINDOWS\system32\dllhost.exe
    size: 5120
    MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
    PID: 3740 (1456) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    size: 186904
    MD5: 14E4CC4D46169759D874F57604EA6BE5
    PID: 3796 (1032) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: 8C515081584A38AA007909CD02020B3D
    PID: 4076 (1216) C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    size: 491606
    MD5: DDB133A6703D96643EC799DB84004BDC
    PID: 2792 (1032) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    size: 695624
    MD5: FD47DF2BCC3544DF65B01AD6B6062430
    PID: 2068 (1032) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
    PID: 2960 ( 716) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    size: 185872
    MD5: C681F347514CC8671977FCBD2B7D001A
    PID: 4336 ( 736) C:\Program Files\Mozilla Firefox\firefox.exe
    size: 307704
    MD5: CA2AC84AA6C67F742D9785E553848927
    PID: 608 ( 736) C:\Program Files\uTorrent\uTorrent.exe
    size: 273200
    MD5: 7DD43E90EBD6F553631EEA0C098098E5
    PID: 3112 ( 736) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 5396 (1216) c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    size: 361800
    MD5: 954AE4CBF9D03DAE20EAE00F66AC2A72
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 5/1/2009 4:07:25 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.com.br/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,544
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •