Thread: Trojan.Win32.Monder and variants - Automatic Updates Can't Be Turned on, PC runs slow
View Single Post
Old 08-04-2008, 12:30 PM   #1 (permalink)
MovieGuru
Registered User
 
Join Date: Aug 2008
Location: Egypt
Posts: 8
OS: Windows XP


Trojan.Win32.Monder and variants - Automatic Updates Can't Be Turned on, PC runs slow
Hello, I'm a first time user of your website, and first of all, let me applaud you for your efforts in helping out average joes like us in cleaning up our PCs. Your efforts are very much appreciated.

Second, I know you receive no less than a 100 posts per day, most of which are similar to my problem, so please bear with me and I'll be more than willing to cooperate with you. I have already followed the first 5 steps as listed in your sticky post as closely as I could.

Here goes;
For three days now, I've been suffering from some vicious malware that has corrupted my defenses and slowed down my PC processing capabilities. Windows automatic updates refuses to be turned on (automatically or manually through the control panel), most Windows applications like Microsoft Word or Windows Media Player either freeze or crash only seconds within their activation, and my Internet browsing keeps slowing down especially if I'm using Internet Explorer. And I keep getting these pop-up ads and pop-up windows that announce a antivirus software or games like Gladiatus or BiteFight (which I'm guessing is another trojan ploy). Whenever my antivirus detects an infected file (mostly Monder trojan alerts), whenever I try to disinfect the file, the file itself disappears and the anti-virus announces the file being undetected or missing.

I'm using Kaspersky 7, which hasn't been able to track any viruses or trojans only except for a handful of traces. Here's an extract of some reports I've got from my recent PC scans:
  • Trojan.Win32.Monder.cmm File: C:\Documents and Settings\Hossam Nasser\Local Settings\Temporary Internet Files\Content.IE5\UIMUYT88\kb671231[1]
  • deleted: Trojan program Trojan.Win32.Monder.cmm File: C:\WINDOWS\system32\tgvgmrme.dll
  • deleted: adware not-a-virus:AdWare.Win32.BHO.cgs File: C:\WINDOWS\system32\gbhynxqo.dll
  • deleted: adware not-a-virus:AdWare.Win32.BHO.cgs File: c:\windows\system32\mbxostfm.dll
    deleted: Trojan program Trojan.Win32.Pakes.jwy File: C:\DOCUME~1\HOSSAM~1\LOCALS~1\Temp\IXP000.TMP\is160351.exe

Two items worthy of note:
  1. The computer administrator name is Hossam Nasser, so all scans and logs were made with administrator priveliges.
  2. While I realize you are not advocates of P2P or torrent downloading software, I've had BitComet installed for over a year now and I've not had any problems with trojans or adware/malware until very recently. So I highly doubt that the problem originated from BitComet. However if you insist, I will delete it if you instruct me to do so.

Here is the Panda Active Scan log:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-04 19:58:20
PROTECTIONS: 1
MALWARE: 19
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Anti-Virus 7.0 7.0.1.325 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\wuse.1
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\wusn.1
00027660 adware/savenow Adware No 0 Yes No hkey_classes_root\wusn.1
00040735 adware/whenusearch Adware No 0 Yes No hkey_classes_root\wuse.1
00040735 adware/whenusearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}
00040735 adware/whenusearch Adware No 0 Yes No c:\program files\common files\whenu
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Hossam Nasser\Cookies\hossam_nasser@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Hossam Nasser\Cookies\hossam_nasser@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Hossam Nasser\Cookies\hossam_nasser@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Hossam Nasser\Cookies\hossam_nasser@tradedoubler[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Hossam Nasser\Cookies\hossam_nasser@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Hossam Nasser\Cookies\hossam_nasser@tribalfusion[1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Hossam Nasser\Cookies\hossam_nasser@linksynergy[1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Hossam Nasser\Cookies\hossam_nasser@linksynergy[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Hossam Nasser\Cookies\hossam_nasser@com[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Hossam Nasser\Cookies\hossam_nasser@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Hossam Nasser\Cookies\hossam_nasser@apmebf[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Hossam Nasser\Cookies\hossam_nasser@ads.pointroll[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Hossam Nasser\Cookies\hossam_nasser@questionmarket[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Hossam Nasser\Cookies\hossam_nasser@adrevolver[2].txt
01895149 Malicious Packer SecRisk No 0 Yes No L:\WDSync.zip[WDSync_v6_3_102.exe]
01895149 Malicious Packer SecRisk No 0 Yes No L:\WDSync.exe
01895149 Malicious Packer SecRisk No 0 Yes No L:\WDSync_v6_3_102.exe
02884116 W32/Perlovga.A.worm Virus/Worm No 0 Yes Yes L:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP269\A0230114.INF
03273985 Trj/Lineage.BZE Virus/Trojan No 1 Yes Yes E:\unzipped\The Crims Calculator.exe
03431560 Adware/ErrClean Adware No 0 No No C:\Documents and Settings\Hossam Nasser\Local Settings\Temporary Internet Files\Content.IE5\EA6MRWA9\setup_en[1].cab[UGES_0001_N122M2603NetInstaller.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location )
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description )
;===================================================================================================================================================================================
;===================================================================================================================================================================================

And here is the DSS's log

Deckard's System Scanner v20071014.68
Run by Hossam Nasser on 2008-08-04 20:08:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
83: 2008-08-04 17:08:49 UTC - RP310 - Deckard's System Scanner Restore Point
82: 2008-08-04 16:26:05 UTC - RP309 - System Checkpoint
81: 2008-08-02 09:55:36 UTC - RP308 - Installed Adobe Photoshop
80: 2008-08-01 19:57:42 UTC - RP307 - Last known good configuration
79: 2008-08-01 19:57:37 UTC - RP306 - System Checkpoint


-- First Restore Point --
1: 2008-08-01 19:57:21 UTC - RP228 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-04 20:10:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\Orange Box\steam.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Downloads\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://quicktimepro.apple.com/?count...rsion=07048000
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {4DB5EED6-0537-4375-9D0B-D6330E2F7B49} - C:\WINDOWS\system32\xxywXoNG.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C} - C:\WINDOWS\system32\ljJYQgde.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [308d3088] rundll32.exe "C:\WINDOWS\system32\gnftqblp.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Steam] "F:\Orange Box\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WNW.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) - http://sdlc-esd.sun.com/ESD39/JSCDL/...ws-i586-jc.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ljJYQgde - C:\WINDOWS\system32\ljJYQgde.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


--
End of file - 12041 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-29 19:07:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 20:01:03 0 d-------- C:\Program Files\SpywareBlaster
2008-08-04 18:58:26 0 d-------- C:\WINDOWS\LastGood
2008-08-04 18:58:26 0 d-------- C:\Program Files\Panda Security
2008-08-03 01:51:25 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 05:03:41 80896 --a------ C:\WINDOWS\system32\gnftqblp.dll
2008-08-01 22:58:13 90624 --a------ C:\WINDOWS\system32\qopfxunj.dll
2008-08-01 22:57:11 390902 --ahs---- C:\WINDOWS\system32\GNoXwyxx.ini2
2008-08-01 22:56:44 247296 --a------ C:\WINDOWS\system32\xxywXoNG.dll
2008-08-01 22:51:40 36352 --a------ C:\WINDOWS\system32\ljJYQgde.dll
2008-08-01 22:51:40 36352 --a------ C:\WINDOWS\system32\efcYPjkk.dll
2008-07-27 21:20:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-12 15:19:07 0 d-------- C:\Program Files\iPod
2008-07-12 15:18:25 0 d-------- C:\Program Files\Bonjour


-- Find3M Report ---------------------------------------------------------------

2008-08-02 13:58:40 0 d-------- C:\Documents and Settings\Hossam Nasser\Application Data\Adobe
2008-08-02 12:57:38 0 d-------- C:\Program Files\Common Files\Adobe
2008-08-02 12:55:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-27 21:26:22 0 d-------- C:\Program Files\Google
2008-07-12 15:19:20 0 d-------- C:\Program Files\iTunes
2008-07-12 02:43:33 0 d-------- C:\Program Files\Safari
2008-07-01 22:38:38 0 d-------- C:\Program Files\Creative
2008-06-20 13:26:56 0 d-------- C:\Program Files\BitComet
2008-06-19 19:32:29 0 d-------- C:\Program Files\QuickTime
2008-06-15 20:47:16 0 d-------- C:\Program Files\Kaspersky Lab


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DB5EED6-0537-4375-9D0B-D6330E2F7B49}]
08/01/2008 10:57 PM 247296 --a------ C:\WINDOWS\system32\xxywXoNG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C}]
08/01/2008 10:51 PM 36352 --a------ C:\WINDOWS\system32\ljJYQgde.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [04/12/2007 12:33 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 01:43 PM C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/20/2007 01:05 AM]
"nwiz"="nwiz.exe" [04/20/2007 01:05 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/20/2007 01:05 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [07/10/2002 05:30 PM]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [06/07/2005 12:31 PM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [06/29/2005 04:29 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/22/2008 09:40 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"308d3088"="C:\WINDOWS\system32\gnftqblp.dll" [08/02/2008 05:03 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 02:39 PM]
"Steam"="F:\Orange Box\Steam.exe" [04/10/2008 05:08 PM]

C:\Documents and Settings\Hossam Nasser\Start Menu\Programs\Startup\
WNW.lnk - C:\Program Files\Accent\WNW\WNW.EXE [10/25/2007 1:53:28 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [8/2/2008 12:57:38 PM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 4:40:46 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 04:39 PM 294400]
"{E5646F36-145E-4F1D-B6D1-87C5EFC5BA1C}"= C:\WINDOWS\system32\ljJYQgde.dll [08/01/2008 10:51 PM 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJYQgde]
ljJYQgde.dll 08/01/2008 10:51 PM 36352 C:\WINDOWS\system32\ljJYQgde.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxywXoNG


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f509ebf-1838-11dd-8928-001a4d9dff50}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Sys.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c4d5ad3-948b-11dc-8823-001a4d9dff50}]
AutoRun\command- K:\automenu.exe




-- End of Deckard's System Scanner: finished at 2008-08-04 20:18:21 ------------

Eagerly awaiting your reply. Hope I get assistance as soon as possible.
Thank you so much!
Attached Files
File Type: txt extra.txt (24.7 KB, 2 views)
MovieGuru is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here