Error loading
-
Error loading
NEAL Sir,
Thanks for your help. As guided by u I send u the scan reports as follows:
SDFix: Version 1.109
Run by SATISH KUMAR on Wed 10/17/2007 at 10:21 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Indexingbox
ImagePath:
%WINDIR%\system\svchest.exe
Indexingbox - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\myDelm.bat - Deleted
C:\WINDOWS\system\svchest.exe - Deleted
C:\WINDOWS\system\svchest.reg - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"="C:\\Progra m Files\\Pinnacle\\MediaCenter\\PMC.exe:LocalSubNet: Enabled:Pmc.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.M ain.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.M ain.exe:LocalSubNet:Enabled:PMC.Service.Main.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe"= "C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe:L ocalSubNet:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe"="C:\\Progr am Files\\Pinnacle\\MediaCenter\\PSST.exe:LocalSubNet :Enabled:PSST.exe"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Rediff Bol\\RediffMessenger.exe"="C:\\Program Files\\Rediff Bol\\RediffMessenger.exe:*:Enabled:Rediff Bol 8.0 "
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Progr am Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:t vprunner"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 13 Jun 2007 355 ...H. --- "C:\Boot.BAK"
Fri 12 Oct 2007 466,944 ..SHR --- "C:\WINDOWS\system32\AlxRes061230.exe"
Wed 17 Oct 2007 77,312 ..SHR --- "C:\WINDOWS\system32\winsys32_061230.dll"
Tue 16 Oct 2007 338,944 ..SHR --- "C:\WINDOWS\system32\winsys16_061230.dll"
Wed 10 Oct 2007 39,424 ..SH. --- "C:\WINDOWS\system32\xydzyh.exe"
Tue 16 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fe95c915 e785c18bf9cc0792fb5a73df\BIT3.tmp"
Finished!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:36 AM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\CD EJECT TOOL v2.6 CRACK tSRH\CD Eject Tool.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://server.toolbar.rediff.com/too...l?mode=toolbar
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,rundll32 .exe C:\WINDOWS\system32\winsys16_061230.dll start
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TataIndicomStartUp] C:\Program Files\Tata Indicom Wireless Internet Service\TataIndicomStartUp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.mp3dancer.com!StatsMP3Dancer
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.mp3dancer.com!StatsMP3Dancer
O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\system32\xydzyh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [CD Eject Tool] E:\CD EJECT TOOL v2.6 CRACK tSRH\CD Eject Tool.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RediffBOL] C:\Program Files\rediff.com\messenger\Bol.exe hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O16 - DPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} (BolDownloader Control) - http://messenger.rediff.com/newbol/Bol.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AEF8484-298C-44D3-A2B8-606D2ECB3269}: NameServer = 202.54.12.164,202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{56B0F16C-9A76-4365-8259-BD85BE64D6FC}: NameServer = 202.54.12.164 202.54.29.5
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 7698 bytes
Please help me. Thank you!
Bye!
-
Please do not start anymore new threads, post in this one now as I have deleted the other three.
1. Download this file - COMBOFIX
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Post a new hijackthis log also please.
-
ComboFix 07-10-18.6 - SATISH KUMAR 2007-10-18 21:20:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.145 [GMT 5.5:30]
Running from: E:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\dup2.exe
C:\mydelm.bat
C:\WINDOWS\mywinsys.ini
C:\WINDOWS\system32\AlxRes061230.exe
C:\WINDOWS\system32\scrsys061230.scr
C:\WINDOWS\system32\scrsys16_061230.scr
C:\WINDOWS\system32\scrsys16_061230.scr
C:\WINDOWS\system32\winsys16_061230.dll
C:\WINDOWS\system32\winsys16_061230.dll
C:\WINDOWS\system32\xydzyh.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 )))))))))))))))))))))))))))))))
.
2007-10-18 21:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-17 22:29 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-17 22:19 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-16 10:30 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-15 08:47 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-15 08:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-15 08:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-15 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-14 12:26 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-11 08:30 <DIR> d-------- C:\Program Files\Rediff Toolbar
2007-10-11 08:30 <DIR> d-------- C:\Documents and Settings\SATISH KUMAR\Application Data\Rediff.com
2007-10-10 21:55 <DIR> d-------- C:\Program Files\rediff.com
2007-10-08 23:26 <DIR> d-------- C:\Documents and Settings\SATISH KUMAR\Application Data\Joost
2007-10-07 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-07 15:06 <DIR> d-------- C:\Documents and Settings\SATISH KUMAR\Application Data\AdobeUM
2007-10-07 13:09 <DIR> d-------- C:\Temp
2007-10-07 13:08 <DIR> d-------- C:\Program Files\QuickTime
2007-10-07 13:07 <DIR> d-------- C:\Program Files\Xilisoft
2007-10-07 00:28 18,704 -ra------ C:\WINDOWS\system32\drivers\se46nd5.sys
2007-10-07 00:27 90,800 -ra------ C:\WINDOWS\system32\drivers\se46unic.sys
2007-10-07 00:27 88,624 -ra------ C:\WINDOWS\system32\drivers\se46mgmt.sys
2007-10-07 00:27 86,432 -ra------ C:\WINDOWS\system32\drivers\se46obex.sys
2007-10-07 00:27 4,128 -ra------ C:\WINDOWS\system32\drivers\se46cr.sys
2007-10-07 00:26 97,088 -ra------ C:\WINDOWS\system32\drivers\se46mdm.sys
2007-10-07 00:26 9,360 -ra------ C:\WINDOWS\system32\drivers\se46mdfl.sys
2007-10-07 00:26 6,240 -ra------ C:\WINDOWS\system32\drivers\se46cmnt.sys
2007-10-07 00:26 6,240 -ra------ C:\WINDOWS\system32\drivers\se46cm.sys
2007-10-07 00:25 61,536 -ra------ C:\WINDOWS\system32\drivers\se46bus.sys
2007-10-07 00:25 5,872 -ra------ C:\WINDOWS\system32\drivers\se46whnt.sys
2007-10-07 00:25 5,872 -ra------ C:\WINDOWS\system32\drivers\se46wh.sys
2007-10-06 23:47 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-06 23:47 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-02 23:41 <DIR> d-------- C:\Documents and Settings\SATISH KUMAR\Application Data\Yahoo!
2007-10-02 23:39 <DIR> d-------- C:\WINDOWS\cache
2007-09-22 21:55 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-09-22 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-09-22 21:11 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-09-18 22:30 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-16 02:25 --------- d-----w C:\Program Files\Google
2007-10-15 04:09 --------- d-----w C:\Program Files\a-squared Free
2007-10-07 11:21 --------- d-----w C:\Program Files\Common Files\Real
2007-10-07 11:17 --------- d-----w C:\Program Files\VideoLAN
2007-10-02 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-02 15:55 --------- d-----w C:\Program Files\Advanced GIF Animator
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-02 04:52 --------- d-----w C:\Program Files\Real
2007-09-02 01:29 94,208 ----a-w C:\WINDOWS\system32\ScrUnZip.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-07 16:40 164,352 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-30 13:49 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 13:49 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 13:49 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 13:49 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 13:49 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 13:49 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 13:49 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 13:48 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-06-13 03:13 7,246,848 ----a-w C:\Program Files\HTML Guardian 7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 22:53 C:\WINDOWS\RTHDCPL.exe]
"TataIndicomStartUp"="C:\Program Files\Tata Indicom Wireless Internet Service\TataIndicomStartUp.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-09-06 15:36]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50]
"Uninstall0001"="C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" []
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2005-11-07 18:43]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCh eck.exe" [2003-11-10 16:06]
"Uninstall0002"="C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-16 07:56]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CD Eject Tool"="E:\CD EJECT TOOL v2.6 CRACK tSRH\CD Eject Tool.exe" [2004-04-28 23:25]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-09-15 20:23]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]
"RediffBOL"="C:\Program Files\rediff.com\messenger\Bol.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~ 1.DLL
R3 3xHybrid;Pinnacle PCTV 110i service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
AutoRun\command - d:\mplay.com
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{787042a5-73d4-11dc-b164-001676c0f6a3}]
Auto\command - H:\MicrosoftPowerPoint.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
.
************************************************** ************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-18 21:29:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
************************************************** ************************
.
Completion time: 2007-10-18 21:31:46 - machine was rebooted
.
--- E O F ---
Sir,
Thanks for your reply. I post here the log report after scanning with COMBOFIX. Please help me.
-
Thanks for that.
After some research these two items below should be uninstalled:add/remove program
Rediff Bol
Rediff Toolbar
Did you install them?
Read about it below:
http://www.fbmsoftware.com/spyware-n...lbar_dll/3788/
http://www.symantec.com/avcenter/att...gs/s22576.html
Please post a new hijackthis log and tell me what your computer is doing now.
-
Dear Neal,
My sincere thanks to u. U have been very helpful for me all the way to cure my pc. I have deleted Rediff TB. Now, Iam sending u the latest HJT scan log as follows.Also I want install Rediff TB. I request u 2 tell me about a genuine site to download that with its latest version. How can I test whether it is safe or not; free from spy and malware.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:26 PM, on 10/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\CD EJECT TOOL v2.6 CRACK tSRH\CD Eject Tool.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TataIndicomStartUp] C:\Program Files\Tata Indicom Wireless Internet Service\TataIndicomStartUp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.mp3dancer.com!StatsMP3Dancer
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.mp3dancer.com!StatsMP3Dancer
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [CD Eject Tool] E:\CD EJECT TOOL v2.6 CRACK tSRH\CD Eject Tool.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RediffBOL] C:\Program Files\rediff.com\messenger\Bol.exe hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O16 - DPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} (BolDownloader Control) - http://messenger.rediff.com/newbol/Bol.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AEF8484-298C-44D3-A2B8-606D2ECB3269}: NameServer = 202.54.12.164,202.54.29.5
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 6544 bytes
Bye Bye!
-
If you want to keep Rediff, just make sure it is downloaded from the manufactorers site, it is adware but not really harmfull.
How is your computer behaving now, log is clean.
