Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Generic.dx and D3dr.dll file! [RESOLVED]


  • This topic is locked This topic is locked

#1
scorpio sting

scorpio sting

    Member

  • Member
  • PipPip
  • 15 posts
Hello,

Please can someone help me get rid of this Generic.dx trojan which has infected a d3dr.dll file in the System32 folder. I have a feeling this is not a microsoft file. I cannot delete it and nor can I rename it. I have tried deleting it via using HiJackThis. Still doesnt work!

I have had it for 2 weeks and am getting frustrated now :)

The anti virus software is deleting it but its annoying as I keep getting pop ups every 5 mins. When I click on Internet Explorer - that file gets infected.. so i have noticed.

Will someone guide me so I can get rid of it once and for all?

Thanks inadvance
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
scorpio sting

scorpio sting

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello,

Many thanks for your reply. Below is what you requested;

MAIN.TXT

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-07 20:45:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\McAfee.com\VSO\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\Common Files\AOL\1168107872\ee\aolsoftware.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Common Files\AOL\1168107872\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1168107872\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Documents and Settings\Nisha P\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {70a11354-1dd2-11b2-bbfd-886d3c8d7e37} - C:\WINDOWS\derovona.dll
O2 - BHO: eXplorerZ - {A8A52F72-A465-55DC-8314-0845523C9DA5} - C:\Program Files\eXplorerZ\ie-improver.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C95503F0-801A-4EB4-99C3-DBD4523B4F85} - C:\WINDOWS\system32\d3dr.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [AOL_Demo] C:\Applications\Tool\AOL Demo\DSGDemo.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168107872\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [{2E-E9-96-6A-ZN}] C:\Documents and Settings\Nisha P\Local Settings\Temp\TIP2D002.exe P2D002
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [ChkDsk32] C:\DOCUME~1\NISHAP~1\LOCALS~1\Temp\hpzsd234b
O4 - HKLM\..\Run: [wvilyfer] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\wvilyfer.dll"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Philips Media Manager.lnk = C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Nisha P\Local Settings\Temp\TIP2D002.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: FreeventsSchedule.lnk = C:\Freevents\FreeventsSchedule.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZRxdm103YYGB
O8 - Extra context menu item: Baixar com o Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: Baixar tudo com o Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Checkers () - http://download2.gam...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Literati () - http://download2.gam...nts/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 () - http://download2.gam...ts/y/poti_x.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly Here and Now\Images\stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,21/mcgdmgr.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly Here and Now\Images\armhelper.ocx
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{665CC952-1442-4791-A160-2545EF0C2C2F}: NameServer = 205.188.146.145
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ljjiijk - C:\WINDOWS\system32\ljjiijk.dll (file missing)
O21 - SSODL: Business Contact Manager for Outlook 2007 - {99EFF169-E212-4D9D-B656-A5AADD5A3B6C} - C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\ggnak32.dll
O21 - SSODL: E404Helper - {95bdb064-397e-4cf9-9c67-06a6322389e4} - C:\WINDOWS\system32\e404d.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - C:\Program Files\McAfee.com\VSO\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPcservice.exe


--
End of file - 18805 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080205-214915-692 O4 - Startup: Rapidown.lnk = C:\Program Files\Rapidown\rapidown.exe
backup-20080205-215029-884 O2 - BHO: (no name) - {C95503F0-801A-4EB4-99C3-DBD4523B4F85} - C:\WINDOWS\system32\d3dr.dll
backup-20080205-215106-603 O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\PROGRA~1\Rapidown\rapi310.dll
backup-20080205-215150-786 O2 - BHO: (no name) - {C95503F0-801A-4EB4-99C3-DBD4523B4F85} - C:\WINDOWS\system32\d3dr.dll
backup-20080205-215457-805 O2 - BHO: (no name) - {C95503F0-801A-4EB4-99C3-DBD4523B4F85} - C:\WINDOWS\system32\d3dr.dll
backup-20080205-215611-281 O2 - BHO: (no name) - {C95503F0-801A-4EB4-99C3-DBD4523B4F85} - C:\WINDOWS\system32\d3dr.dll
backup-20080205-215926-565 O2 - BHO: (no name) - {C95503F0-801A-4EB4-99C3-DBD4523B4F85} - C:\WINDOWS\system32\d3dr.dll
backup-20080205-220113-602 O2 - BHO: TW_BHO Class - {1E1B2879-88FF-11D2-8D96-FFFFAC95951F} - C:\Program Files\Perfect Keyboard PRO\mtwbho.dll (file missing)
backup-20080205-220139-608 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk
backup-20080205-220215-316 O2 - BHO: (no name) - {C95503F0-801A-4EB4-99C3-DBD4523B4F85} - C:\WINDOWS\system32\d3dr.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ubnrywvo - c:\windows\system32\drivers\mezrrawf.dat
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S2 DgiVecp - c:\windows\system32\drivers\dgivecp.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
S2 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrempr5.sys (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 O2Flash (O2Micro Flash Memory) - c:\windows\system32\o2flash.exe
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>

S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-07 20:43:00 510 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (NISHA-Miscellaneous).job
2008-02-07 18:14:17 498 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (NISHA-Nisha P).job
2008-02-07 18:05:42 418 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (NISHA-Nisha P).job


-- Files created between 2008-01-07 and 2008-02-07 -----------------------------

2008-02-05 19:28:31 0 d-------- C:\WINDOWS\pss
2008-01-22 20:38:33 0 d-------- C:\Program Files\Kontiki
2008-01-22 20:38:32 0 d-------- C:\Program Files\Channel4
2008-01-22 20:38:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-01-22 20:36:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2008-01-08 18:26:18 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-07 19:11:21 0 d-------- C:\Program Files\Spyware Doctor
2008-01-07 19:11:21 0 d-------- C:\Documents and Settings\Nisha P\Application Data\PC Tools


-- Find3M Report ---------------------------------------------------------------

2008-02-07 18:06:13 0 d-------- C:\Documents and Settings\Nisha P\Application Data\OpenOffice.org2
2008-02-06 07:46:00 0 d-------- C:\Program Files\AOL 9.0
2008-02-05 21:35:44 0 d-------- C:\Program Files\Common Files
2008-02-05 21:10:00 0 d-------- C:\Program Files\Google
2008-01-31 22:41:19 0 d-------- C:\Program Files\Common Files\AOL
2008-01-23 21:06:36 0 d-------- C:\Program Files\AOL Games
2008-01-23 20:49:57 0 d-------- C:\Program Files\Literati Station
2008-01-05 17:37:17 0 d-------- C:\Program Files\WinLemm
2007-12-23 11:41:20 0 d-------- C:\Program Files\LimeWire
2007-12-19 20:43:16 0 d--h----- C:\Program Files\eXplorerZ
2007-12-16 13:02:50 0 d-------- C:\Documents and Settings\Nisha P\Application Data\Adobe
2007-12-13 20:05:33 0 dr-h----- C:\Documents and Settings\Nisha P\Application Data\yahoo!
2007-12-08 11:44:34 51712 --a------ C:\WINDOWS\system32\e404d.dll <Not Verified; Melkosoft Corporation; avp>
2007-12-01 13:50:38 61952 --a------ C:\WINDOWS\derovona.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70a11354-1dd2-11b2-bbfd-886d3c8d7e37}]
01/12/2007 13:50 61952 --a------ C:\WINDOWS\derovona.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8A52F72-A465-55DC-8314-0845523C9DA5}]
13/10/2007 18:06 95232 --a------ C:\Program Files\eXplorerZ\ie-improver.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C95503F0-801A-4EB4-99C3-DBD4523B4F85}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [29/09/2005 22:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 22:42]
"@"="" []
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [07/01/2005 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"SMSERIAL"="sm56hlpr.exe" [25/04/2006 09:33 C:\WINDOWS\sm56hlpr.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [25/04/2006 09:43]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [29/06/2006 13:17]
"AOL_Demo"="C:\Applications\Tool\AOL Demo\DSGDemo.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [25/04/2006 09:53]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [25/04/2006 09:51]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [25/04/2006 09:52]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [25/04/2006 09:16]
"RTHDCPL"="RTHDCPL.EXE" [11/01/2006 16:23 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 17:43 C:\WINDOWS\Alcmtr.exe]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [28/06/2003 16:10]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [19/08/2003 13:47]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [06/05/2003 09:28]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [07/12/2007 15:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/01/2007 00:07]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [08/08/2003 18:02]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [17/08/2003 21:50]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [27/08/2003 11:00]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [21/08/2003 18:10]
"HostManager"="C:\Program Files\Common Files\AOL\1168107872\ee\AOLSoftware.exe" [17/11/2006 13:21]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [18/08/2003 18:57]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [07/01/2007 00:20]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [07/01/2007 00:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25/01/2007 18:36]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [09/12/2003 12:03]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"WMAAD"="C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe" [16/02/2007 17:41]
"{2E-E9-96-6A-ZN}"="C:\Documents and Settings\Nisha P\Local Settings\Temp\TIP2D002.exe" []
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [29/06/2006 23:54]
"VX1000"="C:\WINDOWS\vVX1000.exe" [29/06/2006 23:42]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" []
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [07/06/2006 11:25]
"ChkDsk32"="C:\DOCUME~1\NISHAP~1\LOCALS~1\Temp\hpzsd234b" []
"wvilyfer"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\wvilyfer.dll" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [02/10/2007 16:27]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="" []
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [07/01/2007 00:20]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 19:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [30/08/2007 17:43]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]

C:\Documents and Settings\Nisha P\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [17/08/2007 21:57:56]
Philips Media Manager.lnk - C:\Program Files\Philips\Media Manager\Philips Media Manager.exe [12/08/2006 10:51:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Business Contact Manager for Outlook 2007"= {99EFF169-E212-4D9D-B656-A5AADD5A3B6C} - c:\program files\microsoft small business\business contact manager\setupbootstrap\ggnak32.dll [26/11/2007 13:50 100831]
"E404Helper"= {95bdb064-397e-4cf9-9c67-06a6322389e4} - e404d.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjiijk]
ljjiijk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919a1391-9333-11da-bf07-806d6172696f}]
AutoRun\command- E:\Launch.exe

*Newly Created Service* - ATWPKT2



-- End of Deckard's System Scanner: finished at 2008-02-07 20:46:29 ------------
  • 0

#4
scorpio sting

scorpio sting

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
EXTRA.TXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5500 @ 1.66GHz
CPU 1: Intel® Core™2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 1015.36 MiB / 458.86 MiB
Pagefile Memory (total/avail): 2440.63 MiB / 1611.15 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.83 MiB

C: is Fixed (NTFS) - 69.82 GiB total, 31.96 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2100BH PL - 93.16 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 69.82 GiB - C:
\PARTITION1 - Unknown - 4.7 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Philips\\Media Manager\\Philips Media Manager.exe"="C:\\Program Files\\Philips\\Media Manager\\Philips Media Manager.exe:*:Enabled:Philips Media Management for your Media Devices"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\eXplorerZ\\uninstall.exe"="C:\\Program Files\\eXplorerZ\\uninstall.exe:*:Enabled:BHO"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Common Files\\AOL\\1168107872\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1168107872\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nisha P\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NISHA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nisha P
LOGONSERVER=\\NISHA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\AOL 9.0;C:\Program Files\Common Files\AOL\1168107872\ee;C:\Program Files\AOL 9.0;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PortMagicSDKIsRunning=1
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\NISHAP~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\NISHAP~1\LOCALS~1\Temp
USERDOMAIN=NISHA
USERNAME=Nisha P
USERPROFILE=C:\Documents and Settings\Nisha P
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Nisha P (admin)
Miscellaneous (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> Dummy
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AOL Coach Version 1.0(Build:20040229.1 uk) --> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
BT Voyager 105 ADSL Modem --> C:\Program Files\BT Voyager 105 ADSL Modem\uninstall.exe
BT Voyager Modem AOL Test --> C:\WINDOWS\AppRun.exe C:\PROGRA~1\VOYAGE~1
BT Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Business Contact Manager for Outlook 2007 --> "c:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 --> MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Image Converter 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE013D72-CF3D-41A8-BC09-C38070FDE2CB}\setup.exe" -l0x9 /CONPANE -removeonly
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® Matrix Storage Manager --> C:\WINDOWS\System32\Imsmudlg.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
McAfee Personal Firewall Plus --> C:\PROGRA~1\McAfee.com\PERSON~1\UNWISE.EXE /U C:\PROGRA~1\McAfee.com\PERSON~1\INSTALL.LOG
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=1 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
MetaFrame Presentation Server Web Client for Win32 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft LifeCam --> MsiExec.exe /X{4DEE75B1-B201-4DA3-A50F-007CDB00DA23}
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motorola SM56 Data Fax Modem --> rundll32.exe sm56co.dll,SM56UnInstaller
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
My Web Search (Popular Screensavers) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
O2Micro Flash Memory Card Windows Driver V1.9 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{1AB0745A-FB6D-4E0F-8121-2D9FAB399F3A} /l1033
OCA Client history tool install --> "C:\WINDOWS\$UninstallOCA-X86Fre-ENU$\spuninst\spuninst.exe"
OpenMG Limited Patch 4.7-07-14-05-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
OpenOffice.org 2.3 --> MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}
PDF Manual NW-A800 Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99B9FAF2-33FD-4DC7-9087-5BC2EE4CBB9E}\setup.exe" -l0x9 UNINSTALL -removeonly
Philips Media Manager 3.3.11.0041 --> C:\Program Files\Philips\Media Manager\uninstall.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Samsung CLP-300 Series --> C:\Program Files\Samsung\Samsung CLP-300 Series\Install\Setup.exe /R
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
SonicStage 4.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x9 -removeonly /nos
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Video Downloader --> C:\Program Files\InstallShield Installation Information\{F1D891A7-2BAF-4033-9A20-DBB78F86BF0C}\setup.exe -runfromtemp -l0x0009UNINSTALL -removeonly
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Voyager USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1D2E8198-25CE-4901-B8EB-8587185C5776}\setup.exe" -l0x9 FORCE_UNINSTALL
WALKMAN Launcher --> C:\Program Files\InstallShield Installation Information\{C20B3C31-28CD-4732-AE45-A30F401AF91F}\setup.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB911061 --> "C:\WINDOWS\$NtUninstallKB911061$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP SP2 LIP update --> C:\WINDOWS\$NtUninstallLIPSP2QFE$\spuninst\spuninst.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Photos Easy Upload Tool 1v7 --> C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropperUK.dll"


-- Application Event Log -------------------------------------------------------

Event Record #/Type10921 / Error
Event Submitted/Written: 02/07/2008 06:06:20 PM
Event ID/Source: 4689 / COM+
Event Description:
The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041f: InitEventCollector failed

Event Record #/Type10883 / Error
Event Submitted/Written: 02/06/2008 09:54:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application yahoomessenger.exe, version 8.1.0.421, faulting module mshtml.dll, version 6.0.2900.3243, fault address 0x0007e759.
Processing media-specific event for [yahoomessenger.exe!ws!]

Event Record #/Type10844 / Warning
Event Submitted/Written: 02/06/2008 07:55:52 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type10803 / Error
Event Submitted/Written: 02/05/2008 10:10:36 PM
Event ID/Source: 4689 / COM+
Event Description:
The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041f: InitEventCollector failed

Event Record #/Type10641 / Error
Event Submitted/Written: 02/05/2008 06:22:16 PM
Event ID/Source: 4689 / COM+
Event Description:
The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041f: InitEventCollector failed



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5571 / Error
Event Submitted/Written: 02/07/2008 07:59:27 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type5569 / Error
Event Submitted/Written: 02/07/2008 06:08:36 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type5568 / Error
Event Submitted/Written: 02/07/2008 06:08:36 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type5560 / Error
Event Submitted/Written: 02/07/2008 06:06:32 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type5559 / Error
Event Submitted/Written: 02/07/2008 06:06:32 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)



-- End of Deckard's System Scanner: finished at 2008-02-07 20:46:29 ------------
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you paste the extra.txt as well

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#6
scorpio sting

scorpio sting

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks. Im doing this right now.

I have pasted the Extra.txt in a separate post above.
  • 0

#7
scorpio sting

scorpio sting

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi again,

I ran Combofix and there was no log at the end. From what i saw - it was deleting files. At the end it said that its re booting the system. I let it do that.

I just looked in my system32 folder and the d3dr.dll has disappeared!

Does this mean that the nightmare is over?
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
More than likely but lets be 100% sure

The log should be in the folder C:\ComboFix


If not run DSS again and post the log
  • 0

#9
scorpio sting

scorpio sting

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello again,

Here are the results after running DSS.



Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-08 20:59:22
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee.com\VSO\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\AOL\1168107872\ee\aolsoftware.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\Common Files\AOL\1168107872\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1168107872\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Documents and Settings\Nisha P\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: eXplorerZ - {A8A52F72-A465-55DC-8314-0845523C9DA5} - C:\Program Files\eXplorerZ\ie-improver.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [AOL_Demo] C:\Applications\Tool\AOL Demo\DSGDemo.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168107872\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [{2E-E9-96-6A-ZN}] C:\Documents and Settings\Nisha P\Local Settings\Temp\TIP2D002.exe P2D002
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Philips Media Manager.lnk = C:\Program Files\Philips\Media Manager\Philips Media Manager.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: FreeventsSchedule.lnk = C:\Freevents\FreeventsSchedule.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZRxdm103YYGB
O8 - Extra context menu item: Baixar com o Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: Baixar tudo com o Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe (file missing)
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Checkers () - http://download2.gam...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Literati () - http://download2.gam...nts/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 () - http://download2.gam...ts/y/poti_x.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly Here and Now\Images\stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,21/mcgdmgr.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly Here and Now\Images\armhelper.ocx
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{665CC952-1442-4791-A160-2545EF0C2C2F}: NameServer = 205.188.146.145
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ljjiijk - C:\WINDOWS\system32\ljjiijk.dll (file missing)
O21 - SSODL: Business Contact Manager for Outlook 2007 - {99EFF169-E212-4D9D-B656-A5AADD5A3B6C} - C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\ggnak32.dll
O21 - SSODL: E404Helper - {95bdb064-397e-4cf9-9c67-06a6322389e4} - e404d.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - C:\Program Files\McAfee.com\VSO\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPcservice.exe


--
End of file - 17326 bytes

-- Files created between 2008-01-08 and 2008-02-08 -----------------------------

2008-02-07 21:51:40 60416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys
2008-02-07 21:37:15 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-07 21:37:14 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-07 21:37:14 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-07 21:37:14 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-07 21:37:11 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-02-05 19:28:31 0 d-------- C:\WINDOWS\pss
2008-01-22 20:38:33 0 d-------- C:\Program Files\Kontiki
2008-01-22 20:38:32 0 d-------- C:\Program Files\Channel4
2008-01-22 20:38:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-01-22 20:36:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2008-01-08 18:26:18 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee


-- Find3M Report ---------------------------------------------------------------

2008-02-08 20:50:19 0 d-------- C:\Documents and Settings\Nisha P\Application Data\OpenOffice.org2
2008-02-07 18:27:05 0 d-------- C:\Program Files\Spyware Doctor
2008-02-06 07:46:00 0 d-------- C:\Program Files\AOL 9.0
2008-02-05 21:35:44 0 d-------- C:\Program Files\Common Files
2008-02-05 21:10:00 0 d-------- C:\Program Files\Google
2008-01-31 22:41:19 0 d-------- C:\Program Files\Common Files\AOL
2008-01-23 21:06:36 0 d-------- C:\Program Files\AOL Games
2008-01-23 20:49:57 0 d-------- C:\Program Files\Literati Station
2008-01-07 19:11:21 0 d-------- C:\Documents and Settings\Nisha P\Application Data\PC Tools
2008-01-05 17:37:17 0 d-------- C:\Program Files\WinLemm
2007-12-23 11:41:20 0 d-------- C:\Program Files\LimeWire
2007-12-19 20:43:16 0 d--h----- C:\Program Files\eXplorerZ
2007-12-16 13:02:50 0 d-------- C:\Documents and Settings\Nisha P\Application Data\Adobe
2007-12-13 20:05:33 0 dr-h----- C:\Documents and Settings\Nisha P\Application Data\yahoo!
2007-12-01 13:50:38 61952 --a------ C:\WINDOWS\derovona.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8A52F72-A465-55DC-8314-0845523C9DA5}]
2007-10-13 18:06 95232 --a------ C:\Program Files\eXplorerZ\ie-improver.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 22:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"SMSERIAL"="sm56hlpr.exe" [2006-04-25 09:33 C:\WINDOWS\sm56hlpr.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-25 09:43]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-06-29 13:17]
"AOL_Demo"="C:\Applications\Tool\AOL Demo\DSGDemo.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-04-25 09:53]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-04-25 09:51]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-04-25 09:52]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-04-25 09:16]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 16:23 C:\WINDOWS\RTHDCPL.exe]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 16:10]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 13:47]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 09:28]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 15:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-07 00:07]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 18:02]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 21:50]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-08-27 11:00]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-21 18:10]
"HostManager"="C:\Program Files\Common Files\AOL\1168107872\ee\AOLSoftware.exe" [2006-11-17 13:21]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2003-08-18 18:57]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-25 18:36]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 12:03]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"WMAAD"="C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 17:41]
"{2E-E9-96-6A-ZN}"="C:\Documents and Settings\Nisha P\Local Settings\Temp\TIP2D002.exe" []
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 23:54]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-06-29 23:42]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" []
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2006-06-07 11:25]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23]
"combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-10 19:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 19:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23]

C:\Documents and Settings\Nisha P\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56]
Philips Media Manager.lnk - C:\Program Files\Philips\Media Manager\Philips Media Manager.exe [2006-08-12 10:51:09]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-01-07 00:06:55]
FreeventsSchedule.lnk - C:\Freevents\FreeventsSchedule.exe [2006-08-12 11:07:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Business Contact Manager for Outlook 2007"= {99EFF169-E212-4D9D-B656-A5AADD5A3B6C} - c:\program files\microsoft small business\business contact manager\setupbootstrap\ggnak32.dll [2007-11-26 13:50 100831]
"E404Helper"= {95bdb064-397e-4cf9-9c67-06a6322389e4} - e404d.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjiijk]
ljjiijk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{919a1391-9333-11da-bf07-806d6172696f}]
AutoRun\command- E:\Launch.exe

*Newly Created Service* - ATWPKT2



-- End of Deckard's System Scanner: finished at 2008-02-08 21:00:10 ------------
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\ggnak32.dll

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.



Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

MyWebSearch
MyWebSA
eXplorerZ



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: eXplorerZ - {A8A52F72-A465-55DC-8314-0845523C9DA5} - C:\Program Files\eXplorerZ\ie-improver.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [{2E-E9-96-6A-ZN}] C:\Documents and Settings\Nisha P\Local Settings\Temp\TIP2D002.exe P2D002
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZRxdm103YYGB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfar...tup1.0.0.15.cab
O20 - Winlogon Notify: ljjiijk - C:\WINDOWS\system32\ljjiijk.dll (file missing)
O21 - SSODL: E404Helper - {95bdb064-397e-4cf9-9c67-06a6322389e4} - e404d.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\eXplorerZ
    C:\WINDOWS\derovona.dll
    C:\Program Files\MyWebSearch
    C:\Documents and Settings\Nisha P\Local Settings\Temp\TIP2D002.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and post a new DSS log
  • 0

Advertisements


#11
scorpio sting

scorpio sting

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks.

Here are the results after scanning the ggnak32.dll file;

File ggnak32.dll received on 02.09.2008 13:22:46 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 15/32 (46.88%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 54 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.2.6.10 2008.02.05 Win-Trojan/Pigeon.100003
AntiVir 7.6.0.62 2008.02.08 DR/Pigeon.AXR
Authentium 4.93.8 2008.02.08 -
Avast 4.7.1098.0 2008.02.08 Win32:Hupigon-GHB
AVG 7.5.0.516 2008.02.08 Generic5.FUX
BitDefender 7.2 2008.02.09 Dropped:Backdoor.Pigeon.AXR
CAT-QuickHeal None 2008.02.08 -
ClamAV 0.92 2008.02.09 -
DrWeb 4.44.0.09170 2008.02.09 Trojan.Packed.181
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5522 2008.02.08 -
Ewido 4.0 2008.02.08 -
FileAdvisor 1 2008.02.09 -
Fortinet 3.14.0.0 2008.02.09 -
F-Prot 4.4.2.54 2008.02.08 -
F-Secure 6.70.13260.0 2008.02.08 W32/Hupigon.BHDH
Ikarus T3.1.1.20 2008.02.09 DroppedBackdoor.Pigeon.AXR
Kaspersky 7.0.0.125 2008.02.09 Rootkit.Win32.Agent.fi
McAfee 5226 2008.02.08 -
Microsoft 1.3204 2008.02.09 -
NOD32v2 2861 2008.02.09 probably a variant of Win32/Genetik
Norman 5.80.02 2008.02.08 W32/Hupigon.BHDH
Panda 9.0.0.4 2008.02.09 Suspicious file
Prevx1 V2 2008.02.09 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.09 -
Sunbelt 2.2.907.0 2008.02.09 -
Symantec 10 2008.02.09 Infostealer.Gampass
TheHacker 6.2.9.213 2008.02.09 -
VBA32 3.12.6.0 2008.02.09 Trojan.Packed.181
VirusBuster 4.3.26:9 2008.02.08 -
Webwasher-Gateway 6.6.2 2008.02.09 Trojan.Dropper.Pigeon.AXR
Additional information
File size: 100831 bytes
MD5: 46689e0c4d85199c0d620219df658588
SHA1: 4e66c9bf86fb8e920f6752876ecb683908489aef
PEiD: -
  • 0

#12
scorpio sting

scorpio sting

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I have to go right now so I will download OTMOveit on my return. Many thanks.
  • 0

#13
scorpio sting

scorpio sting

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Below are the results from Moveit:

File/Folder C:\Program Files\eXplorerZ not found.
File/Folder C:\Program Files\MyWebSearch not found.
File/Folder C:\Documents and Settings\Nisha P\Local Settings\Temp\TIP2D002.exe not found.

OTMoveIt2 v1.0.19 log created on 02092008_215211



The following file just would not move - I have it running for a good 15 minutes and gave up;

C:\WINDOWS\derovona.dll
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "C:\WINDOWS\derovona.dll"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:


    • C:\WINDOWS\derovona.dll

  • Click Open.
  • Click Post.
Thank you!

Repeat it for this file

C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\ggnak32.dll




Please run the OTMoveIt2 by OldTimer again.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\ggnak32.dll
    C:\WINDOWS\derovona.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and post a new DSS log
  • 0

#15
scorpio sting

scorpio sting

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello,

I posted the links on spy killer, as instructed.


Below are the results of Moveit...again the derovona file just would not move.

File/Folder C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\ggnak32.dll not found.
[Custom Input]
< purity >

OTMoveIt2 v1.0.19 log created on 02092008_231207
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP