1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows XP dll

Discussion in 'Windows XP' started by apexmortgage, Jan 27, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. apexmortgage

    apexmortgage Thread Starter

    Joined:
    Jan 27, 2006
    Messages:
    2
    I seem to get an error message C:Windows\dsr.dll when windows is running and I attempt to change or login with a specific desktop user profile. Does anyone have any thoughts??

    I also noticed that the virus software, althought up-to-date with subscription and definitions, was disabled. This is an additional backup work station at the office of my employment and is used by many different people. One of those individuals must have disabled Norton about 45 days ago.
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Welcome to TSG :)

    Sounds like you have spyware.

    Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. apexmortgage

    apexmortgage Thread Starter

    Joined:
    Jan 27, 2006
    Messages:
    2
    Logfile of HijackThis v1.99.1
    Scan saved at 2:28:57 PM, on 1/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Encompass\EncompassServer.exe
    C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
    C:\WINDOWS\System32\mnmsrvc.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
    C:\WINDOWS\system32\hsaxpx.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
    C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kyocera Mita\FileUtility\nsCatCom.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
    C:\WINDOWS\System32\tlntsvr.exe
    C:\Advantage\ADS.EXE
    C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe
    C:\WINDOWS\dinst.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\PC MightyMax\pcmm.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.apexmortgagesolutions.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://websearch.drsnsrch.com/sidesearch.cgi?uid=2144830480&id=1.00
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://websearch.drsnsrch.com/sidesearch.cgi?uid=2144830480&id=1.00
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    http://websearch.drsnsrch.com/sidesearch.cgi?uid=2144830480&id=1.00
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    http://websearch.drsnsrch.com/sidesearch.cgi?uid=2144830480&id=1.00
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

    websearch.drsnsrch.com/q.cgi?q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft

    Internet Explorer
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} -

    C:\WINDOWS\enhtb.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN

    Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -

    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

    c:\program files\google\googletoolbar2.dll
    O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} -

    C:\WINDOWS\msopt.dll (file missing)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

    Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

    Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -

    C:\Program Files\TBONAS\TBONlchr.dll (file missing)
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}

    - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

    C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

    Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187}

    - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

    files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program

    Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

    /Consumer
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator

    5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe

    -logon
    O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
    O4 - HKLM\..\Run: [WCOLOREAL] C:\Program Files\COMPAQ\Coloreal\coloreal.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common

    Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe

    -atboottime
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program

    Files\Scansoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program

    Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button

    Support\StartEAK.exe
    O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
    O4 - HKLM\..\Run: [ldkzusb] C:\WINDOWS\system32\hsaxpx.exe r
    O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver]

    "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE

    C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"

    /background
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

    5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office\OSA9.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

    Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Scanner File Utility.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL

    Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: SmartUI.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\program

    files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program

    files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program

    files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

    files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Ebates - file://C:\Program

    Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program

    files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program

    files\google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Web Savings - file://C:\Program

    Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no

    file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} -

    file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

    http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

    Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

    http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/

    xscan53.cab
    O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} -

    http://www.swiftview.com/product/current/svinstall_a_stat_libs.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) -

    http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {AAD68411-5B98-11D3-9B52-00001C0007B3} (EonX 3.0.0) -

    http://download.eonreality.com/eonx/3_0_2/eonx.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -

    https://elliemae.webex.com/client/latest/webex/ieatgpc.cab
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} -

    C:\WINDOWS\msopt.dll (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: GoToMyPC - C:\Program

    Files\Expertcity\GoToMyPC\G2WinLogon.dll
    O23 - Service: Advantage Database Server (Advantage) - Unknown owner -

    C:\Advantage\ADS.EXE
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -

    C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Encompass Server (EncompassServer) - - C:\Program

    Files\Encompass\EncompassServer.exe
    O23 - Service: GoToMyPC - Unknown owner - C:\Program

    Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton

    Internet Security\ISSVC.exe
    O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner -

    C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec

    Corporation - C:\Program Files\Norton Internet Security\Norton

    AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet

    Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SFUSVC - KYOCERA MITA CORPORATION - C:\Program Files\Kyocera

    Mita\FileUtility\SFUSVC.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation

    - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner -

    C:\WINDOWS\svcproc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Click here to download Nailfix: http://castlecops.com/zx/flrman1/Nailfix.zip

    Save the file to your desktop.
    Unzip Nailfix.zip to extract the files it contains.
    Do not do anything with it yet. You will run the Nailfix.cmd file later in Safe Mode.

    Click here to download the trial version of Ewido Security Suite:
    http://www.ewido.net/en/download/

    · Install Ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido.
    · It will prompt you to update click the OK button and it will go to the main screen.
    · On the left side of the main screen click update.
    · Click on Start and let it update.
    · DO NOT run a scan yet.

    Restart your computer into Safe Mode now.
    (Start tapping the F8 key at Startup, before the Windows logo screen).
    Perform the following steps in Safe Mode:

    * Once in Safe Mode, double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

    * Run Ewido:
    Click on scanner
    Click Complete System Scan and the scan will begin.
    During the scan it will prompt you to clean files, click OK.
    When the scan is finished, look at the bottom of the screen and click the Save report button.
    Save the report to your desktop.

    Reboot.

    Post a new Hijack This log and the results of the Ewido scan.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/437749

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice