Tech Support Forum - View Single Post - How to remove "trojan.Win32.monder.gen" virus

Nicky Lindberg · 05-14-2008, 01:52 PM

Ooops forgot to send the new HJT log-file.

Here it is:

__________________________________

Deckard's System Scanner v20071014.68
Run by Nicky Lindberg on 2008-05-14 22:44:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-14 22:45:28
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\system32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
D:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\Nicky Lindberg\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://69.50.191.139/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.50.191.139/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.50.191.139/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.191.139/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.50.191.139/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://69.50.191.139/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://69.50.191.139/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.139/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: sgoblxtm - {10BDE5C9-141F-4536-86D4-56883348BBA1} - (no file)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [WpsRePsw] D:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [igfxtray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [540f97b6] rundll32.exe "D:\WINDOWS\system32\qlpnnpud.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] D:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Packard Bell Software Suite] D:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [MRC] "D:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - HKLM\..\Policies\Explorer\Run: [BOW0zI4P3f] D:\Documents and Settings\All Users\Application Data\rynuxezs\vkjgryri.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sd...-prod-1.20.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/.../e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - D:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: mlJdAsPH - D:\WINDOWS\system32\mlJdAsPH.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - D:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - D:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm

--
End of file - 13348 bytes

-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 21:45:26 68096 --a------ D:\WINDOWS\zip.exe
2008-05-14 21:45:26 49152 --a------ D:\WINDOWS\VFind.exe
2008-05-14 21:45:26 212480 --a------ D:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-14 21:45:26 136704 --a------ D:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-14 21:45:26 161792 --a------ D:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-14 21:45:26 98816 --a------ D:\WINDOWS\sed.exe
2008-05-14 21:45:26 80412 --a------ D:\WINDOWS\grep.exe
2008-05-14 21:45:26 73728 --a------ D:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-09 06:10:14 8 --a------ D:\WINDOWS\system32\540f8538
2008-05-01 13:34:33 0 d-------- D:\Documents and Settings\Nicky Lindberg\Application Data\MailFrontier
2008-05-01 12:57:52 0 d-------- D:\Program Files\PC Tune-Up
2008-04-15 19:32:44 0 d-------- D:\Documents and Settings\Nicky Lindberg\Application Data\AdwareAlert
2008-04-15 09:21:01 0 d-------- D:\Documents and Settings\Nicky Lindberg\Application Data\PC-Cleaner
2008-04-15 07:30:29 0 d-------- D:\Documents and Settings\Rebecca Holst\Application Data\MailFrontier
2008-04-15 00:01:33 4723744 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2008-04-14 23:38:19 0 d-------- D:\Program Files\ZoneAlarmSB
2008-04-14 23:31:46 0 d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-14 23:30:52 11264 --a------ D:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-04-14 23:28:24 0 d-------- D:\WINDOWS\system32\ZoneLabs
2008-04-14 22:18:08 0 d-------- D:\Documents and Settings\Nicky Lindberg\Application Data\Help
2008-04-14 20:36:09 0 d-------- D:\WINDOWS\system32\appmgmt
2008-04-14 17:03:05 0 d-------- D:\Program Files\SPYWAREfighter
2008-04-14 16:48:54 0 d-------- D:\Documents and Settings\Nicky Lindberg\Application Data\TmpRecentIcons
2008-04-14 07:55:20 0 d-------- D:\Program Files\XoftSpySE
2008-04-14 07:36:10 0 d-------- D:\Documents and Settings\All Users\Application Data\rynuxezs

-- Find3M Report ---------------------------------------------------------------

2008-05-14 22:43:06 0 d-------- D:\Program Files\Plaxo
2008-05-14 07:40:05 4212 --ah----- D:\WINDOWS\system32\zllictbl.dat
2008-05-01 13:45:36 0 d-------- D:\Program Files\Common Files
2008-04-14 20:35:40 0 d-------- D:\Program Files\Microsoft ActiveSync
2008-04-14 16:49:31 0 d-------- D:\Program Files\Mariasearch
2008-03-15 17:33:24 0 d-------- D:\Program Files\Packard Bell
2008-03-15 17:25:01 0 d-------- D:\Program Files\Packard Bell External HDD

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
14-04-2008 23:38 262144 --a------ D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WpsRePsw"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE" [21-01-2000 00:00]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03-06-2005 19:59]
"Adobe Version Cue CS2"="D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04-04-2005 18:58]
"Acrobat Assistant 7.0"="D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [12-01-2006 20:52]
"igfxtray"="D:\WINDOWS\system32\igfxtray.exe" [20-09-2005 09:35]
"igfxhkcmd"="D:\WINDOWS\system32\hkcmd.exe" [20-09-2005 09:32]
"igfxpers"="D:\WINDOWS\system32\igfxpers.exe" [20-09-2005 09:36]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 05:25]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11-05-2005 23:12]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [01-02-2008 00:13]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [04-02-2008 15:18]
"540f97b6"="D:\WINDOWS\system32\qlpnnpud.dll" []
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [02-04-2008 21:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [04-08-2004 09:56]
"PlaxoUpdate"="D:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe" [11-12-2007 18:21]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [19-01-2007 12:55]
"Packard Bell Software Suite"="D:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe" [09-01-2008 17:14]
"MRC"="D:\Program Files\PC Tune-Up\PCTuneUp.exe" [12-10-2007 09:57]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - D:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [28-08-2005 13:47:50]
Adobe Gamma.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16-03-2005 19:16:50]
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11-05-2005 23:23:26]
HP Image Zone Hurtig start.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [12-05-2005 00:49:24]
NkbMonitor.exe.lnk - D:\Program Files\Nikon\PictureProject\NkbMonitor.exe [02-01-2005 13:53:13]
WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE [05-07-2004 18:19:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"BOW0zI4P3f"=D:\Documents and Settings\All Users\Application Data\rynuxezs\vkjgryri.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///D:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJdAsPH]
mlJdAsPH.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d266c014-f2a3-11dc-8e7e-000d5697cbdd}]
AutoRun\command- F:\ClickMe.exe

-- End of Deckard's System Scanner: finished at 2008-05-14 22:46:01 ------------

05-14-2008, 01:52 PM	#6 (permalink)
Nicky Lindberg Registered User Join Date: May 2008 Posts: 7 OS: XP	Re: How to remove "trojan.Win32.monder.gen" virus Ooops forgot to send the new HJT log-file. Here it is: __________________________________ Deckard's System Scanner v20071014.68 Run by Nicky Lindberg on 2008-05-14 22:44:49 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 510 MiB (512 MiB recommended). -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-05-14 22:45:28 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16640) Boot mode: Normal Running processes: D:\WINDOWS\system32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe D:\WINDOWS\explorer.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe D:\WINDOWS\system32\hkcmd.exe D:\WINDOWS\system32\igfxpers.exe D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe D:\Program Files\HP\HP Software Update\hpwuSchd2.exe D:\Program Files\iTunes\iTunesHelper.exe D:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe D:\Program Files\MSN Messenger\msnmsgr.exe D:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe D:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe D:\Program Files\Nikon\PictureProject\NkbMonitor.exe D:\Program Files\WinZip\WZQKPICK.EXE D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\iPod\bin\iPodService.exe D:\WINDOWS\system32\wscntfy.exe D:\Documents and Settings\Nicky Lindberg\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://69.50.191.139/search.php R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.50.191.139/search.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.50.191.139/search.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.191.139/search.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.50.191.139/search.php R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://69.50.191.139/search.php R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://69.50.191.139/search.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.139/search.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\GoogleToolbar3.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\GoogleToolbar3.dll O3 - Toolbar: sgoblxtm - {10BDE5C9-141F-4536-86D4-56883348BBA1} - (no file) O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [WpsRePsw] D:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Version Cue CS2] "D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [igfxtray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] D:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [540f97b6] rundll32.exe "D:\WINDOWS\system32\qlpnnpud.dll",b O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PlaxoUpdate] D:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Packard Bell Software Suite] D:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run O4 - HKCU\..\Run: [MRC] "D:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART O4 - HKLM\..\Policies\Explorer\Run: [BOW0zI4P3f] D:\Documents and Settings\All Users\Application Data\rynuxezs\vkjgryri.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Hurtig start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: NkbMonitor.exe.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sd...-prod-1.20.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/.../e-Safekey.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - D:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: mlJdAsPH - D:\WINDOWS\system32\mlJdAsPH.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - D:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - D:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm -- End of file - 13348 bytes -- Files created between 2008-04-14 and 2008-05-14 ----------------------------- 2008-05-14 21:45:26 68096 --a------ D:\WINDOWS\zip.exe 2008-05-14 21:45:26 49152 --a------ D:\WINDOWS\VFind.exe 2008-05-14 21:45:26 212480 --a------ D:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-05-14 21:45:26 136704 --a------ D:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-05-14 21:45:26 161792 --a------ D:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-05-14 21:45:26 98816 --a------ D:\WINDOWS\sed.exe 2008-05-14 21:45:26 80412 --a------ D:\WINDOWS\grep.exe 2008-05-14 21:45:26 73728 --a------ D:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-05-09 06:10:14 8 --a------ D:\WINDOWS\system32\540f8538 2008-05-01 13:34:33 0 d-------- D:\Documents and Settings\Nicky Lindberg\Application Data\MailFrontier 2008-05-01 12:57:52 0 d-------- D:\Program Files\PC Tune-Up 2008-04-15 19:32:44 0 d-------- D:\Documents and Settings\Nicky Lindberg\Application Data\AdwareAlert 2008-04-15 09:21:01 0 d-------- D:\Documents and Settings\Nicky Lindberg\Application Data\PC-Cleaner 2008-04-15 07:30:29 0 d-------- D:\Documents and Settings\Rebecca Holst\Application Data\MailFrontier 2008-04-15 00:01:33 4723744 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat 2008-04-14 23:38:19 0 d-------- D:\Program Files\ZoneAlarmSB 2008-04-14 23:31:46 0 d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier 2008-04-14 23:30:52 11264 --a------ D:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System> 2008-04-14 23:28:24 0 d-------- D:\WINDOWS\system32\ZoneLabs 2008-04-14 22:18:08 0 d-------- D:\Documents and Settings\Nicky Lindberg\Application Data\Help 2008-04-14 20:36:09 0 d-------- D:\WINDOWS\system32\appmgmt 2008-04-14 17:03:05 0 d-------- D:\Program Files\SPYWAREfighter 2008-04-14 16:48:54 0 d-------- D:\Documents and Settings\Nicky Lindberg\Application Data\TmpRecentIcons 2008-04-14 07:55:20 0 d-------- D:\Program Files\XoftSpySE 2008-04-14 07:36:10 0 d-------- D:\Documents and Settings\All Users\Application Data\rynuxezs -- Find3M Report --------------------------------------------------------------- 2008-05-14 22:43:06 0 d-------- D:\Program Files\Plaxo 2008-05-14 07:40:05 4212 --ah----- D:\WINDOWS\system32\zllictbl.dat 2008-05-01 13:45:36 0 d-------- D:\Program Files\Common Files 2008-04-14 20:35:40 0 d-------- D:\Program Files\Microsoft ActiveSync 2008-04-14 16:49:31 0 d-------- D:\Program Files\Mariasearch 2008-03-15 17:33:24 0 d-------- D:\Program Files\Packard Bell 2008-03-15 17:25:01 0 d-------- D:\Program Files\Packard Bell External HDD -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 14-04-2008 23:38 262144 --a------ D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WpsRePsw"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE" [21-01-2000 00:00] "TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03-06-2005 19:59] "Adobe Version Cue CS2"="D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04-04-2005 18:58] "Acrobat Assistant 7.0"="D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [12-01-2006 20:52] "igfxtray"="D:\WINDOWS\system32\igfxtray.exe" [20-09-2005 09:35] "igfxhkcmd"="D:\WINDOWS\system32\hkcmd.exe" [20-09-2005 09:32] "igfxpers"="D:\WINDOWS\system32\igfxpers.exe" [20-09-2005 09:36] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 05:25] "HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11-05-2005 23:12] "QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [01-02-2008 00:13] "iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [04-02-2008 15:18] "540f97b6"="D:\WINDOWS\system32\qlpnnpud.dll" [] "ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [02-04-2008 21:07] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [04-08-2004 09:56] "PlaxoUpdate"="D:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe" [11-12-2007 18:21] "MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [19-01-2007 12:55] "Packard Bell Software Suite"="D:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe" [09-01-2008 17:14] "MRC"="D:\Program Files\PC Tune-Up\PCTuneUp.exe" [12-10-2007 09:57] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe D:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - D:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [28-08-2005 13:47:50] Adobe Gamma.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16-03-2005 19:16:50] HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11-05-2005 23:23:26] HP Image Zone Hurtig start.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [12-05-2005 00:49:24] NkbMonitor.exe.lnk - D:\Program Files\Nikon\PictureProject\NkbMonitor.exe [02-01-2005 13:53:13] WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE [05-07-2004 18:19:53] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "BOW0zI4P3f"=D:\Documents and Settings\All Users\Application Data\rynuxezs\vkjgryri.exe [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///D:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJdAsPH] mlJdAsPH.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d266c014-f2a3-11dc-8e7e-000d5697cbdd}] AutoRun\command- F:\ClickMe.exe -- End of Deckard's System Scanner: finished at 2008-05-14 22:46:01 ------------