Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: Packed.win32.monder.gen


  • Please log in to reply
1 reply to this topic

#1 fabiio

fabiio

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 08 April 2008 - 04:00 AM

My browsers (IE7 & firefox) are hijacked, a js script is injected into every html page i view which randomally pops up new windows containing spyware removal ads. Other than that my PC seems to be running fine.

DSS main.txt

Deckard's System Scanner v20071014.68
Run by fabiio on 2008-04-08 20:05:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
108: 2008-04-08 08:05:43 UTC - RP258 - Deckard's System Scanner Restore Point
107: 2008-04-07 23:38:00 UTC - RP257 - System Checkpoint
106: 2008-04-06 23:15:24 UTC - RP256 - Printer Driver CutePDF Writer Installed
105: 2008-04-05 23:51:06 UTC - RP255 - System Checkpoint
104: 2008-04-04 10:03:36 UTC - RP254 - System Checkpoint


-- First Restore Point --
1: 2008-03-31 07:47:55 UTC - RP151 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-08 20:08:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ati2evxx.exe
C:WINDOWSexplorer.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMySQLMySQL Server 4.1binmysqld-nt.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesTortoiseSVNbinTSVNCache.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Program FilesWindows LiveMessengerusnsvc.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Documents and SettingsfabiioDesktopdss.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {08A8068E-53D1-42B2-B197-6D568843721F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:installsappsMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: (no name) - {D397A443-C745-4732-8BF6-555AF84AA10D} - C:WINDOWSsystem32mlJAqrQh.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:Program FilesFlashFXPIEFlash.dll
O4 - HKLM..Run: [BM2f41fbad] Rundll32.exe "C:WINDOWSsystem32jabqwjlk.dll",s
O4 - HKCU..Run: [StartCCC] C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Uniblue SpyEraser] "C:Program FilesUniblueSpyEraserSpyEraser.exe" -m
O4 - HKCU..Run: [Uniblue SpeedUpMyPC] C:Program FilesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe -s
O4 - HKCU..Run: [Uniblue RegistryBooster 2] C:Program FilesUniblueRegistryBooster 2RegistryBooster.exe /S
O4 - HKUSS-1-5-19..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:installsappsMICROS~1Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:installsappsMicrosoft OfficeOffice12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:installsappsMicrosoft OfficeOffice12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSnetwork diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSnetwork diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLMSYSTEMCCSServicesTcpip..{2407D85A-AD26-462B-86CB-2111BE6391FE}: NameServer = 60.234.1.1,60.234.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:installsappsMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:Program FilesWindows LiveMessengermsgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:Program FilesCommon FilesMicrosoft SharedInformation RetrievalMSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:Program FilesWindows LiveMessengermsgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program FilesCommon FilesSkypeSkype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.DLL
O20 - Winlogon Notify: tuvULCVo - C:WINDOWSsystem32tuvULCVo.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:Program FilesGrisoftAVG7avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:Program FilesGrisoftAVG7avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:Program FilesIVT CorporationBlueSoleilBTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:Program FilesMySQLMySQL Server 4.1binmysqld-nt


--
End of file - 9118 bytes

-- File Associations -----------------------------------------------------------

.ini - UltraEdit.ini - DefaultIcon - unable to read value
.ini - UltraEdit.ini - shellopencommand - "C:installsappsUltraEdit-32uedit32.exe" "%1"
.js - UltraEdit.js - DefaultIcon - unable to read value
.js - UltraEdit.js - shellopencommand - "C:installsappsUltraEdit-32uedit32.exe" "%1"
.txt - UltraEdit.txt - DefaultIcon - unable to read value
.txt - UltraEdit.txt - shellopencommand - "C:installsappsUltraEdit-32uedit32.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:windowssystem32driversbthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R1 SCDEmu - c:windowssystem32driversscdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 BrPar - c:windowssystem32driversbrpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver>
R3 BlueletAudio (Bluetooth Audio Service) - c:windowssystem32driversblueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:windowssystem32driversblueletscoaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:windowssystem32driversbtnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:windowssystem32driversbtcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:windowssystem32driversvbtenum.sys
R3 VComm (Virtual Serial port driver) - c:windowssystem32driversvcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:windowssystem32driversvcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:windowssystem32driversnsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:program filescommon filesapplemobile device supportbinapplemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BlueSoleil Hid Service - c:program filesivt corporationbluesoleilbtntservice.exe
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:program filesbonjourmdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 MySQL - "c:program filesmysqlmysql server 4.1binmysqld-nt" --defaults-file="c:program filesmysqlmysql server 4.1my.ini" mysql (file missing)

S3 FLEXnet Licensing Service - "c:program filescommon filesmacrovision sharedflexnet publisherfnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-04 13:39:47 340 --a------ C:WINDOWSTasksUniblue SpyEraser.job
2008-04-03 08:30:02 272 --a------ C:WINDOWSTasksUniblue SpeedUpMyPC Nag.job
2008-04-03 08:30:01 394 --a------ C:WINDOWSTasksUniblue SpeedUpMyPC.job


-- Files created between 2008-03-08 and 2008-04-08 -----------------------------

2008-04-08 15:23:48 0 d-------- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2008-04-08 15:23:44 0 d-------- C:WINDOWSsystem32Kaspersky Lab
2008-04-08 15:23:42 0 d-------- C:WINDOWSLastGood
2008-04-08 11:35:05 88128 --a------ C:WINDOWSsystem32jabqwjlk.dll
2008-04-07 11:32:36 87104 --a------ C:WINDOWSsystem32vwfapoll.dll
2008-04-07 11:16:38 0 d-------- C:Program FilesGPLGS
2008-04-06 11:32:11 87104 --a------ C:WINDOWSsystem32vyedcnlr.dll
2008-04-05 10:08:47 87104 --a------ C:WINDOWSsystem32mgsfhljw.dll
2008-04-04 12:23:44 0 d-------- C:Documents and SettingsAll UsersApplication DataUniblue
2008-04-04 10:01:26 88640 --a------ C:WINDOWSsystem32qudldlph.dll
2008-04-03 09:39:10 88128 --a------ C:WINDOWSsystem32xfknivky.dll
2008-04-03 09:11:25 0 dr-h----- C:Documents and SettingsfabiioRecent
2008-04-03 07:46:55 0 d-------- C:Documents and SettingsfabiioApplication DataUniblue
2008-04-03 07:46:45 0 d-------- C:Program FilesUniblue
2008-04-03 07:04:22 0 d-------- C:Program FilesLavasoft
2008-04-03 07:04:19 0 d-------- C:Documents and SettingsAll UsersApplication DataLavasoft
2008-04-03 07:01:23 0 d-------- C:Program FilesCommon FilesWise Installation Wizard
2008-04-02 09:37:50 88128 --a------ C:WINDOWSsystem32vskdhemv.dll
2008-03-31 20:17:33 0 dr-h----- C:$VAULT$.AVG
2008-03-31 20:04:29 0 d-------- C:Documents and SettingsfabiioApplication DataAVG7
2008-03-31 20:04:21 0 d-------- C:Documents and SettingsLocalServiceApplication DataAVG7
2008-03-31 20:03:47 0 d-------- C:Documents and SettingsAll UsersApplication DataGrisoft
2008-03-31 20:03:47 0 d-------- C:Documents and SettingsAll UsersApplication Dataavg7
2008-03-31 19:47:45 215493 --ahs---- C:WINDOWSsystem32hQrqAJlm.ini2
2008-03-31 19:47:20 268288 --a------ C:WINDOWSsystem32mlJAqrQh.dll
2008-03-31 19:46:03 147456 --a------ C:WINDOWSsystem32vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-03-31 19:43:15 0 d-------- C:Documents and SettingsLocalServiceApplication DataNetMon
2008-03-31 19:43:13 1989 --a------ C:WINDOWSuninstall_nmon.vbs
2008-03-31 19:42:41 0 d-------- C:WINDOWSsystem32xm
2008-03-31 19:42:41 0 d-------- C:WINDOWSsystem32ev
2008-03-31 19:42:31 0 d-------- C:Temp
2008-03-30 12:35:57 33429504 --a------ C:Documents and SettingsfabiioBlueSoleil
2008-03-28 18:14:10 0 d-------- C:Documents and SettingsAll UsersApplication DataBluetooth
2008-03-28 18:10:13 0 d-------- C:Program FilesIVT Corporation
2008-03-14 11:35:02 0 d-------- C:Documents and SettingsfabiioApplication DataTortoiseSVN
2008-03-13 20:26:24 0 d-------- C:Documents and SettingsfabiioApplication DataSubversion
2008-03-13 20:20:41 0 d-------- C:Program FilesTortoiseSVN
2008-03-12 14:15:32 0 d-------- C:rails
2008-03-12 14:10:56 0 d-------- C:Documents and SettingsfabiioApplication DataMySQL
2008-03-12 14:04:32 0 d-------- C:Program FilesMySQL
2008-03-12 13:53:08 0 d-------- C:ruby


-- Find3M Report ---------------------------------------------------------------

2008-04-08 14:53:30 0 d-------- C:Documents and SettingsfabiioApplication DataSkype
2008-04-07 11:15:15 0 d-------- C:Program FilesAcro Software
2008-04-06 22:46:12 0 d-------- C:Documents and SettingsfabiioApplication DatauTorrent
2008-04-04 16:20:59 0 d-------- C:Documents and SettingsfabiioApplication DataAdobe
2008-04-04 13:15:53 0 d-------- C:Documents and SettingsfabiioApplication DataLimeWire
2008-04-03 08:37:48 0 d-------- C:Program FilesMozilla Thunderbird
2008-04-03 08:37:48 0 d-------- C:Program FilesMozilla Sunbird
2008-04-03 07:01:23 0 d-------- C:Program FilesCommon Files
2008-04-02 10:44:59 0 d-------- C:Program FilesCommon FilesAdobe
2008-04-02 10:44:33 0 d-------- C:Program FilesEPSON
2008-04-02 10:34:32 0 d--h----- C:Program FilesInstallShield Installation Information
2008-03-05 13:10:11 0 d-------- C:Documents and SettingsfabiioApplication DataMozilla
2008-03-05 13:10:09 0 d-------- C:Documents and SettingsfabiioApplication DataThunderbird
2008-02-29 19:24:16 0 d-------- C:Program FilesWindows Live
2008-02-29 19:23:42 0 d--hs--c- C:Program FilesCommon FilesWindowsLiveInstaller
2008-02-12 19:59:26 0 d-------- C:Documents and SettingsfabiioApplication DataMacromedia
2008-02-12 19:58:23 802 --a------ C:WINDOWSmozver.dat
2008-02-09 16:42:08 0 d-------- C:Program FilesBonjour
2008-02-09 16:31:01 0 d-------- C:Program FilesCommon FilesMacrovision Shared
2008-02-09 14:23:33 0 d-------- C:Program FilesPowerISO
2008-02-08 13:14:53 0 dr------- C:Documents and SettingsfabiioApplication DataBrother
2008-01-25 18:49:26 34 --a------ C:WINDOWSsystem32BD2040.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE~Browser Helper Objects{08A8068E-53D1-42B2-B197-6D568843721F}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{D397A443-C745-4732-8BF6-555AF84AA10D}]
31/03/2008 07:47 p.m. 268288 --a------ C:WINDOWSsystem32mlJAqrQh.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"BM2f41fbad"="C:WINDOWSsystem32jabqwjlk.dll" [08/04/2008 11:35 a.m.]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"StartCCC"="C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [11/11/2006 07:35 a.m.]
"MsnMsgr"="C:Program FilesWindows LiveMessengerMsnMsgr.exe" [18/10/2007 10:34 a.m.]
"Skype"="C:Program FilesSkypePhoneSkype.exe" [03/07/2007 12:10 p.m.]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [04/08/2004 01:07 p.m.]
"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [14/10/2004 04:24 a.m.]
"Uniblue SpyEraser"="C:Program FilesUniblueSpyEraserSpyEraser.exe" [08/01/2008 08:14 a.m.]
"Uniblue SpeedUpMyPC"="C:Program FilesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe" [07/12/2007 08:42 a.m.]
"Uniblue RegistryBooster 2"="C:Program FilesUniblueRegistryBooster 2RegistryBooster.exe" [14/08/2007 03:52 p.m.]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Gamma Loader.lnk - C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [19/07/2007 3:17:44 p.m.]
BlueSoleil.lnk - C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe [3/11/2005 12:41:04 p.m.]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifytuvULCVo]
tuvULCVo.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
"Authentication Packages"= msv1_0 C:WINDOWSsystem32mlJAqrQh

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
@="Service"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:WINDOWSpssAdobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=C:WINDOWSpssAdobe Acrobat Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Gamma Loader.lnk
backup=C:WINDOWSpssAdobe Gamma Loader.lnkCommon Startup


[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAcrobat Assistant 8.0]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
"C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGrooveMonitor]
"C:installsappsMicrosoft OfficeOffice12GrooveMonitor.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
"C:installsappsiTunesiTunesHelper.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroCheck]
C:WINDOWSsystem32NeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPWRISOVM.EXE]
C:Program FilesPowerISOPWRISOVM.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
"C:Program FilesQuickTimeQTTask.exe" -atboottime

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregrunner1]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSteam]
"c:installsappssteamsteam.exe" -silent

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUniblue RegistryBooster 2]
C:Program FilesUniblueRegistryBooster 2RegistryBooster.exe /S

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUniblue SpeedUpMyPC]
C:Program FilesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe -s

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs BthServ


[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e6aa55b6-3326-11dc-b239-00301bb83d94}]
Autocommand- Start.exe
AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe


[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:Program FilesCommon FilesLightScribeLSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-04-08 20:09:26 ------------




DSS extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3500+
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1023.48 MiB / 513 MiB
Pagefile Memory (total/avail): 2460.49 MiB / 1910.85 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.68 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 11.28 GiB free.
D: is Fixed (NTFS) - 48.83 GiB total, 4.41 GiB free.
E: is Fixed (NTFS) - 186.3 GiB total, 1.74 GiB free.
F: is Fixed (NTFS) - 137.48 GiB total, 33.89 GiB free.
G: is CDROM (No Media)
H: is CDROM (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Fixed (NTFS) - 74.53 GiB total, 5.51 GiB free.

.PHYSICALDRIVE1 - ST3200822AS - 186.31 GiB - 2 partitions
PARTITION0 - Installable File System - 48.83 GiB - D:
PARTITION1 - Installable File System - 137.48 GiB - F:

.PHYSICALDRIVE2 - ST3200822AS - 186.31 GiB - 1 partition
PARTITION0 - Installable File System - 186.3 GiB - E:

.PHYSICALDRIVE0 - ST380021A - 74.53 GiB - 1 partition
PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

.PHYSICALDRIVE5 - FUJITSU MHV2080AH USB Device - 74.53 GiB - 1 partition
PARTITION0 - Installable File System - 74.53 GiB - K:

.PHYSICALDRIVE4 - USB2.0 CBO CardReader USB Device

.PHYSICALDRIVE3 - USB2.0 CF CardReader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesFlashFXPFlashFXP.exe"="C:Program FilesFlashFXPFlashFXP.exe:*:Enabled:FlashFXP v3"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesWindows LiveMessengermsnmsgr.exe"="C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:Program FilesWindows LiveMessengerlivecall.exe"="C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:installsappsuTorrentutorrent.exe"="C:installsappsuTorrentutorrent.exe:*:Enabled:µTorrent"
"C:installsappsLimeWireLimeWire.exe"="C:installsappsLimeWireLimeWire.exe:*:Enabled:LimeWire"
"C:installsappsiTunesiTunes.exe"="C:installsappsiTunesiTunes.exe:*:Enabled:iTunes"
"C:Program FilesSteamSteam.exe"="C:Program FilesSteamSteam.exe:*:Enabled:Steam"
"C:Program FilesFlashFXPFlashFXP.exe"="C:Program FilesFlashFXPFlashFXP.exe:*:Enabled:FlashFXP v3"
"C:installsappsSteamSteam.exe"="C:installsappsSteamSteam.exe:*:Enabled:Steam"
"C:installsappsSteamsteamappslithium@orcon.net.nzcounter-strike sourcehl2.exe"="C:installsappsSteamsteamappslithium@orcon.net.nzcounter-strike sourcehl2.exe:*:Enabled:hl2"
"C:installsappsMicrosoft OfficeOffice12OUTLOOK.EXE"="C:installsappsMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:installsappsMicrosoft OfficeOffice12GROOVE.EXE"="C:installsappsMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:installsappsMicrosoft OfficeOffice12ONENOTE.EXE"="C:installsappsMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:Program FilesBonjourmDNSResponder.exe"="C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesMusicBrainz Picardpicard.exe"="C:Program FilesMusicBrainz Picardpicard.exe:*:Enabled:The next generation MusicBrainz tagger"
"C:Program FilesWindows LiveMessengermsnmsgr.exe"="C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:Program FilesWindows LiveMessengerlivecall.exe"="C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:rubybinruby.exe"="C:rubybinruby.exe:*:Enabled:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]"
"C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe"="C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe:*:Enabled:BlueSoleil"
"C:WINDOWSsystem32dpvsetup.exe"="C:WINDOWSsystem32dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:WINDOWSsystem32rundll32.exe"="C:WINDOWSsystem32rundll32.exe:*:Enabled:Run a DLL as an App"
"C:Program FilesGrisoftAVG7avginet.exe"="C:Program FilesGrisoftAVG7avginet.exe:*:Enabled:avginet.exe"
"C:Program FilesGrisoftAVG7avgamsvr.exe"="C:Program FilesGrisoftAVG7avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:Program FilesGrisoftAVG7avgcc.exe"="C:Program FilesGrisoftAVG7avgcc.exe:*:Enabled:avgcc.exe"
"C:Program FilesSkypePhoneSkype.exe"="C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsfabiioApplication Data
CLASSPATH=.;C:Program FilesJavajre1.6.0_02libextQTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=FABILO
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and Settingsfabiio
LOGONSERVER=FABILO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=c:rubybin;C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:Program FilesATI TechnologiesATI.ACECore-Static;C:installsappsUltraEdit-32;C:Program FilesQuickTimeQTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.RB;.RBW
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 7 Stepping 10, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=070a
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesJavajre1.6.0_02libextQTJava.zip
RUBYOPT=-rubygems
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1fabiioLOCALS~1Temp
TMP=C:DOCUME~1fabiioLOCALS~1Temp
USERDOMAIN=FABILO
USERNAME=fabiio
USERPROFILE=C:Documents and Settingsfabiio
windir=C:WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

fabiio (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:WINDOWSIsUninst.exe -f"C:Program FilesAudio DeckUninst.isu"
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{798CA202-699B-49CC-95EE-BD01411A42E4}setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
µTorrent --> "C:installsappsuTorrentuninstall.exe"
Acoustica CD/DVD Label Maker --> C:Program FilesAcoustica CD Label Makercdlabel.exe UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> C:Program FilesCommon FilesAdobeInstallers6c8e2cb4fd241c55406016127a6ab2eSetup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 9 ActiveX --> C:WINDOWSsystem32MacromedFlashFlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> C:Program FilesCommon FilesAdobeInstallersa04a925a57548091300ada368235fc6Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign 2.0 --> C:WINDOWSISUNINST.EXE -f"C:Program FilesAdobeInDesign 2.0Uninst.isu" -c"C:Program FilesAdobeInDesign 2.0Uninst.dll"
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{EFB21DE7-8C19-4A88-BB28-A766E16493BC}setup.exe" -l0x9
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Shockwave Player --> C:WINDOWSsystem32MacromedSHOCKW~1UNWISE.EXE C:WINDOWSsystem32MacromedSHOCKW~1Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Ahead Nero Burning ROM --> C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
Apple Mobile Device Support --> MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ATI - Software Uninstall Utility --> C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime�9�1Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{055EE59D-217B-43A7-ABFF-507B966405D8}setup.exe" -l0x0
ATI Display Driver --> rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:Program FilesGrisoftAVG7setup.exe /UNINSTALL
BlueSoleil --> MsiExec.exe /X{38F0F8B4-3786-42D6-A82C-DF1FEB010C46}
Brother HL-2040 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{5A6E05E7-780A-46E0-9539-4BCFECD48091}SETUP.exe" -l0x9 -removeonly /uninst
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Counter-Strike: Source --> "C:installsappsSteamsteam.exe" steam://uninstall/240
Crystal Player Professional 1.97 --> C:Program FilesCrystal PlayerUninstall.exe
CutePDF Writer 2.7 --> C:Program FilesAcro SoftwareCutePDF Writeruninscpw.exe /uninstall
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
FileZilla (remove only) --> "C:installsappsFileZillauninstall.exe"
FlashFXP v3 --> "C:Program FilesFlashFXPUninstall.exe" "C:Program FilesFlashFXPinstall.log" -u
HijackThis 2.0.0 --> "C:Documents and SettingsfabiioDesktopHijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 2.85 Full --> "C:Program FilesK-Lite Codec Packunins000.exe"
Kaspersky Online Scanner --> C:WINDOWSsystem32Kaspersky LabKaspersky Online Scannerkavuninstall.exe
LightScribe Applications --> MsiExec.exe /X{7373184D-8E8F-4308-912A-3901071FA1AD}
LimeWire PRO 4.14.12 --> "C:installsappsLimeWireuninstall.exe"
Magic ISO Maker v5.4 (build 0239) --> C:PROGRA~1MagicISOUNWISE.EXE C:PROGRA~1MagicISOINSTALL.LOG
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project MUI (English) 2007 --> MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007 --> "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007 --> MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{91510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (2.0.0.13) --> C:Program FilesMozilla Firefoxuninstallhelper.exe
Mozilla Sunbird (0.7) --> C:Program FilesMozilla Sunbirduninstalluninst.exe
Mozilla Thunderbird (2.0.0.12) --> C:Program FilesMozilla Thunderbirduninstallhelper.exe
MSN --> C:Program FilesMSNMsnInstallermsninst.exe /Action:ARP
MySQL Server 4.1 --> MsiExec.exe /I{063DFF87-7F52-4A39-89C0-BFF7E9B7BA8E}
MySQL Tools for 5.0 --> MsiExec.exe /I{EC561602-C0B9-4FAA-A175-1B3273639AC3}
NVIDIA Drivers --> C:WINDOWSsystem32NVUNINST.EXE UninstallGUI
PC Wizard 2008.1.81 --> "C:Program FilesPC Wizard 2008unins000.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerISO --> "C:Program FilesPowerISOuninstall.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Ruby-186-26 --> c:rubyuninstall.exe
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Skypeâ„¢ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TortoiseSVN 1.4.8.12137 (32 bit) --> MsiExec.exe /X{1E010E57-0453-4A84-A899-47EEA104661C}
UltraEdit-32 --> "C:installsappsUltraEdit-32Uninstall.exe" "C:installsappsUltraEdit-32ueinstall.log" -u
Uniblue RegistryBooster 2 --> "C:Program FilesUniblueRegistryBooster 2unins000.exe"
Uniblue SpeedUpMyPC 3 --> "C:Program FilesUniblueSpeedUpMyPC 3unins000.exe"
Uniblue SpyEraser --> "C:Program FilesUniblueSpyEraserunins000.exe"
UnInstall Envy24 Family Audio Device Driver --> RunDll32.exe UnEnvyNT.dll,UninstallAudio C:WINDOWSIsUninst.exe -y-f"C:PROGRA~1AUDIOD~1/Uninst.isu"
Update for Outlook 2007 Junk Email Filter (kb947945) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E397056B-7AE5-4FF1-8B13-276BF8201847}
VideoLAN VLC media player 0.8.6c --> C:Program FilesVideoLANVLCuninstall.exe
Winamp --> "C:installsappsWinampUninstWA.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver --> C:installsappsWinRARuninstall.exe
WinSCP 4.0.5 --> "C:Program FilesWinSCPunins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type5431 / Error
Event Submitted/Written: 04/08/2008 02:53:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module ieui.dll, version 7.0.5730.13, fault address 0x000061b5.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type5409 / Success
Event Submitted/Written: 04/08/2008 06:51:26 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type5403 / Error
Event Submitted/Written: 04/07/2008 05:51:38 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.31114, faulting module mljaqrqh.dll, version 0.0.0.0, fault address 0x00048bd5.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type5402 / Error
Event Submitted/Written: 04/07/2008 11:32:49 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.31114, faulting module unknown, version 0.0.0.0, fault address 0x0119140a.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type5393 / Success
Event Submitted/Written: 04/07/2008 10:00:36 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20644 / Error
Event Submitted/Written: 04/08/2008 04:27:22 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The AVG7 Update Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type20643 / Error
Event Submitted/Written: 04/08/2008 04:27:21 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The AVG7 Alert Manager Server service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type20637 / Error
Event Submitted/Written: 04/08/2008 06:55:20 AM / 04/08/2008 06:55:21 AM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on DeviceHarddisk0D.

Event Record #/Type20618 / Error
Event Submitted/Written: 04/08/2008 06:49:58 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Dsboec service failed to start due to the following error:
%%2

Event Record #/Type20617 / Error
Event Submitted/Written: 04/08/2008 06:49:58 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Clprmgrsi-5rk service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-04-08 20:09:26 ------------




Kasperskycritical area scan:
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 08, 2008 5:14:27 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/04/2008
Kaspersky Anti-Virus database records: 689148
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\fabiio\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 15444
Number of viruses found 3
Number of infected objects 8
Number of suspicious objects 0
Duration of the scan process 00:12:19

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{1F929FDF-249D-4584-BFFD-51C2A3C2199D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\mgsfhljw.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\mlJAqrQh.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\qudldlph.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\vskdhemv.dll Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\WINDOWS\system32\vwfapoll.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\WINDOWS\system32\vyedcnlr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xfknivky.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\Temp\ib14 Object is locked skipped
C:\WINDOWS\Temp\ib15 Object is locked skipped
C:\WINDOWS\Temp\ib16 Object is locked skipped
C:\WINDOWS\Temp\ib17 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\DOCUME~1\fabiio\LOCALS~1\Temp\ajax_email_search.000 Object is locked skipped
C:\DOCUME~1\fabiio\LOCALS~1\Temp\index.000 Object is locked skipped
C:\DOCUME~1\fabiio\LOCALS~1\Temp\login.000 Object is locked skipped
C:\DOCUME~1\fabiio\LOCALS~1\Temp\register.000 Object is locked skipped
C:\DOCUME~1\fabiio\LOCALS~1\Temp\s_footer.000 Object is locked skipped
C:\DOCUME~1\fabiio\LOCALS~1\Temp\s_header.000 Object is locked skipped
Scan process completed.




Kaspersky memory scan
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 08, 2008 5:00:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/04/2008
Kaspersky Anti-Virus database records: 689148
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Memory
Scan Statistics
Total number of scanned objects 2141
Number of viruses found 1
Number of infected objects 21
Number of suspicious objects 0
Duration of the scan process 00:00:30

Infected Object Name Virus Name Last Action
[0] [System Process] => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
[0] [System Process] => C:\WINDOWS\system32\mlJAqrQh.dll Infected: Packed.Win32.Monder.gen skipped
[1072] lsass.exe => C:\WINDOWS\system32\mlJAqrQh.dll Infected: Packed.Win32.Monder.gen skipped
[1888] explorer.exe => C:\WINDOWS\system32\mlJAqrQh.dll Infected: Packed.Win32.Monder.gen skipped
[1888] explorer.exe => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
[1308] TSVNCache.exe => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
[1456] ctfmon.exe => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
[1388] msmsgs.exe => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
[1560] MOM.exe => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
[2548] CCC.exe => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
[3800] wuauclt.exe => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
[564] rundll32.exe => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
[3552] taskmgr.exe => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
[608] firefox.exe => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
[608] firefox.exe => C:\WINDOWS\system32\mlJAqrQh.dll Infected: Packed.Win32.Monder.gen skipped
[4004] uedit32.exe => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
[3480] iexplore.exe => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
[3480] iexplore.exe => C:\WINDOWS\system32\mlJAqrQh.dll Infected: Packed.Win32.Monder.gen skipped
[1764] WLLoginProxy.exe => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
[3336] FileZilla.exe => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
[1500] WinRAR.exe => C:\WINDOWS\system32\jabqwjlk.dll Infected: Packed.Win32.Monder.gen skipped
Scan process completed.



Thank you to anyone who takes the time to read this, its really appreciated _b

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 19 April 2008 - 03:33 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
As you can probably see our HijackThis Team is incredibly busy at the moment, but I apologise for the delay you have experienced. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:
Preparation Guide For Use Before Posting A HijackThis Log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users