1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive IEXPLORE.EXE keeps coming up on my task manager

Discussion in 'Malware and Virus Removal Archive' started by nikhilthelegend, 2010/07/08.

Thread Status:
Not open for further replies.
  1. 2010/07/08
    nikhilthelegend

    nikhilthelegend Inactive Thread Starter

    Joined:
    2010/07/08
    Messages:
    3
    Likes Received:
    0
    [Inactive] IEXPLORE.EXE keeps coming up on my task manager

    Hi,
    There is a process IEXPLORE.EXE which keeps coming up again and again on my task manager under the user name SYSTEM. Even after i end the process, it comes back in a few seconds.
    Moreover IE window keeps popping up all the time with some silly advert. I use Mozilla Firefox and Google Chrome to surf and have hardly ever used IE.
    Please help me out with this. PFB the hijackthis log:

    *********************************************************
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:05:29 PM, on 7/8/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\vsnp2uvc.exe
    C:\WINDOWS\tsnp2uvc.exe
    D:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\Installer\MSIEA.tmp
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Family Tree Builder Installer] "D:\Program Files\MyHeritage\Install MyHeritage Family Tree Builder.lnk "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
    O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
    O4 - HKLM\..\Run: [tsnp2uvc] C:\WINDOWS\tsnp2uvc.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKLM\..\Policies\Explorer\Run: [1eHRSd2b2y] C:\Documents and Settings\All Users\Application Data\onsdujcp\yvspshkh.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2C3EA82E-9A63-4DA5-82E1-C99DD31B8E15}: NameServer = 203.94.227.70,203.94.243.70
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6128958B-E4D7-4AA0-9F88-50816787D2D8}: NameServer = 203.94.227.70,203.94.243.70
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Joulemeter Service - Unknown owner - D:\Program Files\Microsoft Research\Joulemeter\JoulemeterService.exe (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: OracleOraHome92TNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe (file missing)
    O23 - Service: OracleServiceITP - Unknown owner - d:\oracle\ora92\bin\ORACLE.EXE (file missing)
    O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSIEA.tmp
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 8238 bytes

    *********************************************************

    Please help me out with this. I dont want to format my PC now. I use ESET NOD 32 antivirus which isnt capable of finding this!:mad:

    Thanks a lot in anticipation. :)
     
    nikhilthelegend,
    #1
  2. 2010/07/08
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Welcome to WindowsBBS :)

    Please read this as indicated at the head of the forum and post the logs requested in this thread.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2010/07/08
    nikhilthelegend

    nikhilthelegend Inactive Thread Starter

    Joined:
    2010/07/08
    Messages:
    3
    Likes Received:
    0
    Hi Pete,
    Thanks for the prompt response.
    PFB the logs:
    ==================================================================
    Attach.txt:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/7/2005 8:54:05 PM
    System Uptime: 7/8/2010 9:37:58 PM (2 hours ago)

    Motherboard: Intel Corporation | | D945GCCR
    Processor: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz | LGA 775 | 1995/200mhz
    Processor: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz | LGA 775 | 1995/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (FAT32) - 20 GiB total, 4.258 GiB free.
    D: is FIXED (FAT32) - 20 GiB total, 0.54 GiB free.
    E: is FIXED (NTFS) - 39 GiB total, 0.235 GiB free.
    F: is FIXED (NTFS) - 39 GiB total, 0.283 GiB free.
    G: is FIXED (FAT32) - 32 GiB total, 4.857 GiB free.
    H: is CDROM (CDFS)
    J: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP418: 6/30/2010 2:13:24 PM - System Checkpoint
    RP419: 7/4/2010 4:48:29 PM - System Checkpoint
    RP420: 7/6/2010 8:01:47 AM - System Checkpoint
    RP421: 7/7/2010 8:56:25 PM - Removed Ask Toolbar.
    RP422: 7/8/2010 10:29:12 PM - System Checkpoint

    ==== Installed Programs ======================

    µTorrent
    ABBYY PDF Transformer 2.0
    Abrosoft FantaMorph 3.5
    ACDSee
    Adobe Audition 1.5
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe PageMaker 7.0
    Adobe Photoshop 7.0
    Adobe Reader 8.2.3
    Adobe Shockwave Player
    Alex Kidd in the Enchanted Castle
    AMPHIOTIK ENHANCER 2.04
    Apple Software Update
    Ares 2.0.9
    AutoCAD 2010 - English
    AutoCAD 2010 Language Pack - English
    backburner 2.1
    BitTorrent
    BitTorrent DNA
    BookWorm Deluxe 1.02
    C-Dilla Licence Management System
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Celestia 1.4.1
    CircuitMaker 6 Student
    cladDVD .NET v3.5.6
    CueClub
    DAEMON Tools Toolbar
    Debut Video Capture Software
    DirectVobSub (remove only)
    Download Accelerator Plus Beta
    DVD Cutter 1.0
    DVD to VCD AVI DivX Converter v3.2 (build 069)
    EA Download Manager
    EA SPORTS online 2007
    Facebook Plug-In
    ffdshow (remove only)
    FIFA 08
    FIFA 09
    FLV Player 1.3.3
    Free iPod Video Converter 1.34
    Free PS Convert driver 8.15
    Free Video Joiner 1.1
    Free Video to Flash Converter version 4.2
    Freez FLV to AVI/MPEG/WMV Converter
    Google Chrome
    Google Talk (remove only)
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    GTASA-Ultimate Editor
    Guitar Pro 5.2
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hitman 2 Silent Assassin
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB954550-v5)
    iBall Face2Face Webcam C12.0
    InFlac 1.1.1
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections 11.2.0.69
    Java 2 Runtime Environment, SE v1.4.2_13
    Java 2 SDK, SE v1.4.2_13
    Java(TM) 6 Update 16
    JCreator LE 4.50
    Juniper Networks Setup Client
    Juniper Networks Setup Client Activex Control
    Learn to Speak German Deluxe 10
    Learning Essentials for Microsoft Office
    Lernout & Hauspie TruVoice American English TTS Engine
    LingoPad 2.6 (Build 360)
    Lizardtech DjVu Control
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Macromedia Flash 8
    Macromedia Flash 8 Video Encoder
    MAGIX music maker V2000
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Math
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Student 2007 for Learning Essentials
    Microsoft Student with Encarta Premium 2008
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox (3.6.6)
    MP3 Player Utilities
    MP3 Remix for Winamp
    MSVC80_x86
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser
    Nero Suite
    NetMeter 0.9.9.9 (beta 2)
    NOD32 antivirus system
    NOD32 FiX
    Nokia Connectivity Cable Driver
    Nokia Lifeblog 2.1
    Nokia MTP driver
    Nokia N73 highlights
    Nokia Nseries Skin for Microsoft Windows Media Player
    Nokia PC Suite
    Nokia themes for your device
    NVIDIA Drivers
    OJOsoft Total Video Converter
    OpenAL
    Oxin's Style! VirtuallyJenna K17 560 MOD
    PC Connectivity Solution
    PC Inspector File Recovery
    Pool 'm Up
    Power MP3 WMA Converter 2005, (ver 2.0)
    PowerDVD
    Prism Video Converter
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    S.W.A.T. 4
    Scrabble
    setup1
    Shape Collage
    SmartMovie Converter
    Solid Converter PDF
    Sothink SWF Decompiler
    Stereo Pictures 1.0
    SuperCopier2
    Total Recorder 5.1
    Uninstall 1.0.0.1
    Uninstall MysticalDemo
    Uninstall PGE7Demo
    VCDCutter
    VideoPad Video Editor
    Virtual DJ - Atomix Productions
    VLC media player 0.9.8a
    Watermark Image software version 1.6.9.2
    WebFldrs XP
    Winamp (remove only)
    Windows Driver Package - Nokia Modem (03/05/2008 3.7)
    Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
    Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    WinRAR archiver
    WinX AVI to FLV Converter 4.1.1
    WinZip
    WWF Smack Down
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    7/8/2010 9:31:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips HFSYS intelppm IPSec MRxSmb NetBIOS NetBT nod32drv RasAcd Rdbss Tcpip WS2IFSL
    7/8/2010 9:31:18 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    7/8/2010 9:31:18 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/8/2010 9:31:18 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/8/2010 9:31:18 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    7/8/2010 9:30:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    7/8/2010 9:30:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/8/2010 9:30:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    7/3/2010 8:25:59 PM, error: Service Control Manager [7000] - The OracleServiceITP service failed to start due to the following error: The system cannot find the path specified.
    7/3/2010 8:25:59 PM, error: Service Control Manager [7000] - The OracleOraHome92TNSListener service failed to start due to the following error: The system cannot find the path specified.
    7/3/2010 8:25:59 PM, error: Service Control Manager [7000] - The MySQL service failed to start due to the following error: The system cannot find the path specified.
    7/3/2010 8:25:59 PM, error: Service Control Manager [7000] - The Joulemeter Service service failed to start due to the following error: The system cannot find the file specified.
    7/1/2010 10:51:53 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.

    ==== End Of File ===========================
    ==================================================================
    DDS.txt:

    DDS (Ver_10-03-17.01) - FAT32x86
    Run by Administrator at 23:14:37.46 on Thu 07/08/2010
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1013.398 [GMT 5.5:30]

    AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe 4
    SVCHOST.EXE
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    SVCHOST.EXE
    SVCHOST.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\vsnp2uvc.exe
    C:\WINDOWS\tsnp2uvc.exe
    D:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    svchost.exe 4
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\Installer\MSIEA.tmp
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Administrator\Desktop\dds.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.orkut.com/
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    mWinlogon: Taskman=c:\recycler\s-1-5-21-8099605956-5129128188-241525694-9711\czzi.exe
    BHO: DAPHelper Class: {0000cc75-acf3-4cac-a0a9-dd3868e06852} - c:\program files\dap\DAPBHO.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
    mRun: [Family Tree Builder Installer] "d:\program files\myheritage\Install MyHeritage Family Tree Builder.lnk "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [FixCamera] c:\windows\FixCamera.exe
    mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
    mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe
    mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
    mExplorerRun: [1eHRSd2b2y] c:\documents and settings\all users\application data\onsdujcp\yvspshkh.exe
    IE: &Download with &DAP - c:\progra~1\dap\dapextie.htm
    IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
    IE: Download &all with DAP - c:\progra~1\dap\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
    IE: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - c:\progra~1\dap\DAP.EXE
    IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
    LSP: c:\windows\system32\imon.dll
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: {2C3EA82E-9A63-4DA5-82E1-C99DD31B8E15} = 203.94.227.70,203.94.243.70
    TCP: {6128958B-E4D7-4AA0-9F88-50816787D2D8} = 203.94.227.70,203.94.243.70
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
    Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
    Notify: igfxcui - igfxdev.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\wjvxfni2.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_0.dll
    FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\bittorrent_dna\npbtdna.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R1 HFSYS;HFSYS;c:\windows\system32\drivers\hfsys.sys [2004-1-12 19732]
    R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-3-11 15424]
    R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2008-3-11 552064]
    R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2008-9-11 4544]
    R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\installer\MSIEA.tmp [2009-4-28 189696]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-7 135664]
    S2 Joulemeter Service;Joulemeter Service; "d:\program files\microsoft research\joulemeter\joulemeterservice.exe" --> d:\program files\microsoft research\joulemeter\JoulemeterService.exe [?]
    S2 OracleServiceITP;OracleServiceITP;d:\oracle\ora92\bin\oracle.exe itp --> d:\oracle\ora92\bin\ORACLE.EXE ITP [?]

    ============== File Associations ===============

    regfile= "regedit.exe" "%1 "
    .scr=AutoCADScriptFile

    =============== Created Last 30 ================

    2010-07-08 16:13:04 0 d-----w- c:\program files\Trend Micro
    2010-07-07 15:35:28 51 ----a-w- c:\windows\wininit.ini
    2010-07-03 16:30:42 0 d-sh--w- C:\FOUND.025
    2010-06-27 04:27:38 0 d-sh--w- C:\FOUND.024

    ==================== Find3M ====================

    2010-05-12 14:11:48 700928 ---h--w- c:\windows\system32\wodfamoh.dll
    2008-01-11 14:53:28 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2007-12-21 09:33:42 8 --sh--r- c:\windows\system32\6912C0E55C.sys
    2007-09-01 08:40:26 56 --sh--r- c:\windows\system32\48B8404988.sys

    ============= FINISH: 23:14:46.00 ===============
     
    nikhilthelegend,
    #3
  5. 2010/07/08
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #4
  6. 2010/07/08
    nikhilthelegend

    nikhilthelegend Inactive Thread Starter

    Joined:
    2010/07/08
    Messages:
    3
    Likes Received:
    0
    Thanks a lot Arie for ur advise. I'll uninstall these softwares right away.
    Never knew that it wud be dangerous... :(
    Please advise me on what i shud be doing after that! :)
     
    nikhilthelegend,
    #5
  7. 2010/07/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
    broni,
    #6
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...