Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

msddll.exe


  • Please log in to reply
1 reply to this topic

#1 jiwa

jiwa

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 07 April 2009 - 12:32 AM

msddll.exe


DDS (Ver_09-03-16.01) - NTFSx86
Run by wagnj94o at 7:21:56,28 on Łt 07.04.2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.510.78 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fighters\configservice.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Fighters\updateservice.exe
C:\Program Files\Fighters\ScannerService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\AnyDATA\EasyWirelessNet\EasyWirelessNet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Instal\viry\dds.scr
C:\WINDOWS\system\msddll.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.cz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.op99.vzp.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.op99.vzp.cz/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\dell\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: s09926
Trusted Zone: s09927
Trusted Zone: s099vepm
Trusted Zone: vzp.cz\auditsw
Trusted Zone: vzp.cz\ca
Trusted Zone: vzp.cz\iwww
Trusted Zone: vzp.cz\portal
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {0FCF0341-54AC-4EF2-A3CC-27051C4262FF} - hxxp://s099vepm:8082/projectserver/objects/1029/pjcintl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} - hxxp://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://s099vepm:8082/projectserver/objects/pjclient.cab
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.ca.com/securityadvisor/pestscan/pestscan.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145617716259
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6CE541A8-22F4-4FAE-9618-71D0F3A00CC2} - hxxp://epm.vzp.cz/PWA/_layouts/pwa/objects/1029/pjcintl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145617702640
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} - hxxp://www.nanoscan.com/cabs/nanoinst.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=24931
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} - hxxp://support.f-secure.com/ols3beta/fscax.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF}
DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF}
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} - hxxp://epm.vzp.cz/PWA/_layouts/pwa/objects/pjclient.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5125/mcfscan.cab
TCP: {426C8756-3A4C-40A1-8167-66D7DAEF1711} = 160.218.10.200 160.218.43.200
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: systems.txt

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-3 28544]
R2 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\fighters\LicenseService.exe [2008-11-18 283272]
R2 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\fighters\UpdateService.exe [2008-11-18 307848]
R2 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\fighters\ScannerService.exe [2008-11-18 311944]
R2 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\fighters\ConfigService.exe [2008-11-18 139912]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [2007-9-8 64896]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [2007-9-8 64896]
R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [2007-9-12 11464]
R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [2007-9-12 17928]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-8-4 69120]
R3 Vfscan;Vfscan;c:\windows\system32\drivers\vffilter.sys [2008-11-18 15496]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 elexo;elexo;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 fmpwhg;fmpwhg;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 iemasqj;iemasqj;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951120]
S2 msddll;msddll;c:\windows\system\msddll.exe [2009-4-5 91136]
S2 rvyfopsy;rvyfopsy;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 siaudi;siaudi;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 uhhypwbqw;uhhypwbqw;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 vlugak;Config Image;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [2007-9-12 18536]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

============= FINISH: 7:23:10,08 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8.9.2007 11:34:03
System Uptime: 4.7.2009 6:10:15 (-2111 hours ago)

Motherboard: Dell Inc. | | 0H2049
Processor: Intel® Pentium® M processor 1.70GHz | Microprocessor | 1698/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 2,234 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\20B1C30364FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\20B1C30364FC000
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bezdrátová karta Dell 1350 WLAN Mini-PCI
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00031028&REV_03\4&39A85202&0&18F0
Manufacturer: Broadcom
Name: Bezdrátová karta Dell 1350 WLAN Mini-PCI
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00031028&REV_03\4&39A85202&0&18F0
Service: BCM43XX

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP33: 3.4.2009 3:26:18 - System Checkpoint
RP34: 3.4.2009 7:16:32 - Removed Adobe® Photoshop® Album Starter Edition 3.0
RP35: 3.4.2009 7:21:22 - TrueCrypt uninstallation
RP36: 5.4.2009 10:20:22 - System Checkpoint
RP37: 6.4.2009 20:22:12 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP38: 6.4.2009 20:30:26 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP39: 6.4.2009 21:22:00 - Spyware Terminator - restore point

==== Installed Programs ======================


==== Event Viewer Messages From Past Week ========

5.4.2009 20:39:47, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the msddll service to connect.
5.4.2009 20:04:11, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
5.4.2009 20:03:49, error: Service Control Manager [7023] - The Config Image service terminated with the following error: The specified module could not be found.
5.4.2009 20:03:49, error: Service Control Manager [7023] - The siaudi service terminated with the following error: The specified module could not be found.
5.4.2009 20:03:49, error: Service Control Manager [7023] - The uhhypwbqw service terminated with the following error: The specified module could not be found.
5.4.2009 20:03:49, error: Service Control Manager [7023] - The rvyfopsy service terminated with the following error: The specified module could not be found.
5.4.2009 20:03:49, error: Service Control Manager [7023] - The iemasqj service terminated with the following error: The specified module could not be found.
5.4.2009 20:03:49, error: Service Control Manager [7023] - The fmpwhg service terminated with the following error: The specified module could not be found.
5.4.2009 20:03:49, error: Service Control Manager [7023] - The elexo service terminated with the following error: The specified module could not be found.
5.4.2009 20:03:42, error: NETLOGON [5719] - No Domain Controller is available for domain VZP due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
5.4.2009 11:33:09, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

==== End Of File ===========================

Edited by jiwa, 07 April 2009 - 12:39 AM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,684 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:50 PM

Posted 18 April 2009 - 03:10 PM

hi,

Sorry for delay, no shortage of posters. If you still need help post back.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users