Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

O24 - Desktop Component 0: (no name) - (no file)


  • This topic is locked This topic is locked
2 replies to this topic

#1 John_b

John_b

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 14 July 2009 - 11:21 AM

Hi all,

When I run windows task manager only

"System Idle process" is shown with user name as SYSTEM,

All other process running has no username.

Also I get following entry when I run Hijackthis.

O24 - Desktop Component 0: (no name) - (no file)


Output of DDS.SCR


DDS (Ver_09-06-26.01) - NTFSx86
Run by john_b at 21:26:17.67 on 14/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = 192.168.10.10:3128
uInternet Settings,ProxyOverride = 192.168.1.3;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Pegtop WaterWall] c:\program files\pegtop\waterwall\WaterWall.exe /s
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [Biomenu] "c:\program files\protector suite ql\menusw.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [JobHisInit] c:\program files\rmclient\JobHisInit.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
uPolicies-explorer: NoActiveDesktop = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
uPolicies-explorer: NoSMHelp = 01000000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Mit WGet herunterladen - c:\utils\wget\wgie.htm
IE: Save Flash - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll/210
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12

\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12

\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} -

hxxp://tky09.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {2645C09D-D035-4E70-B1BA-B97776BB6F19} = 202.142.88.8,202.142.88.7
TCP: {5D8D1E89-EA16-4D34-96E7-55A338EE00B2} = 192.168.1.10
TCP: {6F25F83A-7F76-498C-A0C5-DB438C9D7AB9} = 192.168.1.10,125.22.47.125,202.142.88.7
TCP: {D3C3BA33-32E9-4EDC-8A19-011AA7DD5B13} = 192.168.10.10,202.142.88.8
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - c:\qlikview9\qvprotocol\Qvp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: MIT_KFW - kfwlogon.dll
Notify: psfus - fusstub.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli fusstub

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\deepak\applic~1\mozilla\firefox\profiles\e0smu0iu.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\deepak\application

data\mozilla\firefox\profiles\e0smu0iu.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\winnt_x86-

msvc\components\libchm.dll
FF - component: c:\documents and settings\deepak\application

data\mozilla\firefox\profiles\e0smu0iu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-

msvc\components\ipc.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-

0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-

0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-

0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-

0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-14 11:07 <DIR> --d----- c:\program files\Trend Micro
2009-07-14 08:31 3,245 a------- c:\windows\system32\wbem\Outlook_01ca042f5d9ff5fe.mof
2009-07-12 15:52 0 a------- C:\tmp.xml
2009-07-12 15:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nokia
2009-07-12 15:46 91,136 a------- c:\windows\system32\nmwcdcls.dll
2009-07-12 15:45 <DIR> --d----- c:\program files\common files\Nokia
2009-07-12 15:45 <DIR> --d----- c:\program files\Nokia
2009-07-12 07:56 3,245 a------- c:\windows\system32\wbem\Outlook_01ca02982e333d78.mof
2009-07-11 23:42 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-07-11 11:42 <DIR> --d----- c:\program files\Moritz_WIN32
2009-07-11 11:40 <DIR> --d----- c:\program files\doxygen
2009-07-11 09:37 <DIR> --d----- c:\docume~1\deepak\applic~1\EditEx
2009-07-10 23:41 <DIR> --d----- c:\program files\F.Developers
2009-07-10 17:25 3,245 a------- c:\windows\system32\wbem\Outlook_01ca0155446a769a.mof
2009-07-09 22:12 <DIR> --d----- C:\RecoveredFiles
2009-07-09 18:57 0 a------- c:\windows\system32\MSWINSCK.OCX
2009-07-08 14:29 <DIR> --d----- c:\docume~1\deepak\applic~1\YMEC
2009-07-08 14:29 <DIR> --d----- c:\program files\DSSF5E
2009-07-08 14:08 <DIR> --d----- c:\program files\RADE
2009-07-07 22:34 4,106,311 a------- c:\windows\pfirewall.log.old
2009-07-02 10:48 <DIR> --d----- c:\program files\Safer Networking
2009-06-29 14:19 <DIR> --d----- c:\documents and settings\deepak\.netbeans
2009-06-29 14:19 <DIR> --d----- c:\docume~1\deepak\applic~1\.thinkingrock
2009-06-28 13:26 <DIR> --d----- c:\program files\SmartDCT4Calc
2009-06-27 14:37 877,200 a------- c:\temp\FileZilla_3.2.5_win32-setup.exe
2009-06-26 13:57 326 a------- c:\windows\pdf2word.INI
2009-06-24 20:48 <DIR> --d----- c:\docume~1\deepak\applic~1\SQL Developer
2009-06-24 20:46 <DIR> --d----- c:\program files\Sun
2009-06-24 20:46 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-24 20:25 <DIR> --d----- C:\j2sdk
2009-06-24 19:46 <DIR> --d----- c:\documents and settings\deepak\.dbvis
2009-06-24 19:42 <DIR> --d----- c:\program files\Advanced Query Tool
2009-06-24 19:27 <DIR> --d----- c:\temp\orclview
2009-06-24 15:30 <DIR> --d----- C:\QlikView9
2009-06-24 15:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\QlikTech
2009-06-22 23:14 164,112 a------- c:\windows\system32\wnaspi32-nero.dll
2009-06-22 23:14 45,056 a------- c:\windows\system32\wnaspi32.dll
2009-06-22 23:05 45,056 a------- c:\windows\system32\winaspi32.dll
2009-06-19 14:15 <DIR> --d----- C:\Sizer
2009-06-18 16:21 <DIR> --d----- c:\program files\Megaupload Downloader
2009-06-18 11:17 <DIR> --d----- c:\docume~1\deepak\applic~1\QlikTech
2009-06-17 11:40 626 a------- C:\sw2009.reg
2009-06-17 11:01 <DIR> --d----- c:\program files\common files\SolidWorks Shared
2009-06-17 11:00 <DIR> --d----- c:\program files\SolidWorks Corp
2009-06-17 10:43 <DIR> --d----- c:\program files\common files\SolidWorks Installation Manager
2009-06-15 17:15 70 a------- c:\windows\StvSW99_3D.ini
2009-06-15 17:15 <DIR> --d----- C:\_insert

==================== Find3M ====================

2009-07-13 14:26 256 a------- c:\documents and settings\deepak\pool.bin
2009-05-13 10:45 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 21:02 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 17:56 1,847,168 a------- c:\windows\system32\win32k.sys
2009-03-27 15:59 0 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLbz.DAT
2009-02-08 23:22 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-06-08 17:51 24,192 a------- c:\documents and settings\deepak\usbsermptxp.sys
2007-06-08 17:51 22,768 a------- c:\documents and settings\deepak\usbsermpt.sys
1999-08-29 06:44 73,184 a------- c:\program files\common files\Dao2535.tlb
1999-06-10 09:34 570,128 a------- c:\program files\common files\dao350.dll
2008-08-27 11:27 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5

\mshist012008082720080828\index.dat

============= FINISH: 21:27:05.89 ===============

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:12 AM

Posted 25 July 2009 - 12:06 AM

Hello John_b,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:12 AM

Posted 01 August 2009 - 08:25 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users