Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Start Up Error C:\windows\sdkqh32.dll


  • This topic is locked This topic is locked
10 replies to this topic

#1 GetSome

GetSome

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:04:34 PM

Posted 30 December 2005 - 05:31 PM

Hi guys I'm new here and I decided its time to clean my PC since my Macfee scanner has been outdated long ago. I recently downloaded spyware doctor and spybot to clean my system but I still get an error message everytime I start windows. I wanted to try some registry fix programs but i saw on some threads that it can screw up your OS if you don't know what your doing. (which i don't) So i turn to you guys. Please help me.

Every time I start windows i get the error message "C:\WINDOWS\sdkqh32.dll" "The specified module cannot be found"

I used the "hijackthis" scan and here is my log. When someone has time please help me. Thank you so much.

Logfile of HijackThis v1.99.1
Scan saved at 2:14:45 PM, on 12/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\ikiko.exe
C:\WINDOWS\Syrowi.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.deviantart.com/view/7789285/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Legfnq] C:\WINDOWS\ikiko.exe
O4 - HKLM\..\Run: [Zmvcmvt] C:\WINDOWS\Syrowi.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Rzvdnu] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [mpcsrv] C:\WINDOWS\System32\mpcsrv.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.searchsquire.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135917837171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135917826953
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

Edited by GetSome, 31 December 2005 - 02:58 AM.


BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:34 AM

Posted 31 December 2005 - 10:56 AM

Hello,

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

* Please set your system to show all files; please see here if you're unsure how to do this.

* Download and install CCleaner
Do not use it yet.

Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O4 - HKLM\..\Run: [Legfnq] C:\WINDOWS\ikiko.exe
O4 - HKLM\..\Run: [Zmvcmvt] C:\WINDOWS\Syrowi.exe
O4 - HKLM\..\Run: [Rzvdnu] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [mpcsrv] C:\WINDOWS\System32\mpcsrv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O15 - Trusted Zone: http://*.searchsquire.com
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\ikiko.exe
C:\WINDOWS\Syrowi.exe
C:\Program Files\Need2Find
C:\WINDOWS\System32\mpcsrv.exe
C:\WINDOWS\svchost.exe <== please DON'T try to delete svchost.exe present in your C:\Windows\System32-folder!!!! Because that is a good one and is needed for your system running. The one you have to delete is in your C:\Windows-folder

* Still in safe mode Start Ccleaner
click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right)

* Open Ewido anti-malware
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system back to normal mode.

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together a fresh HijackThis log and the ewido-log so I can take another look.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 GetSome

GetSome
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:04:34 PM

Posted 31 December 2005 - 07:15 PM

Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\ikiko.exe
C:\WINDOWS\Syrowi.exe
C:\Program Files\Need2Find
C:\WINDOWS\System32\mpcsrv.exe
C:\WINDOWS\svchost.exe <== please DON'T try to delete svchost.exe present in your C:\Windows\System32-folder!!!! Because that is a good one and is needed for your system running. The one you have to delete is in your C:\Windows-folder


I cannot find the program "Windows Explorer" I am not sure I have it. I searched my whole entire start bar and I cannot find it.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:34 AM

Posted 31 December 2005 - 11:02 PM

Your windows explorer is just how you browse to folders.
So, click on My computer, click on C:\, open the windows-folder and delete next files present in the windows-folder:

ikiko.exe
Syrowi.exe
svchost.exe

Then, in your windows-folder, you'll find a subfolder with the name System32.
Open that folder and delete the file mpcsrv.exe
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 GetSome

GetSome
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:04:34 PM

Posted 01 January 2006 - 03:28 AM

Happy New Years!! Here are my new scan logs after I followed the first instructions without knowing what windows explorer meant haha...

I successfully fixed the problems ewido found using ewido. However the Panda online scanner found around 100+ spyware/viruses.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:13:00 PM, 12/31/2005
+ Report-Checksum: 6A7B3AB8

+ Scan result:

C:\Documents and Settings\Winnie Ho\Local Settings\Temp\0nh.sys -> Trojan.Kolweb.e : Cleaned with backup
C:\Program Files\HijackThis\backups\backup-20051231-153452-936.dll -> Spyware.MySearch : Cleaned with backup
C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Need2Find -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\N2FFXTBR.JAR -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\N2NTSTBR.JAR -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\PARTNER.DAT -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache\0013AFCB -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache\files.ini -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History\search -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Settings -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Settings\prevcfg.htm -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\WINDOWS\atlfi.exe -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\atlje32.exe -> Downloader.Agent.z : Cleaned with backup
C:\WINDOWS\crqk32.dll -> Downloader.Wintrim.be : Cleaned with backup
C:\WINDOWS\cryd32.dll -> Downloader.WinShow.ag : Cleaned with backup
C:\WINDOWS\d3jf32.dll -> Downloader.Wintrim.be : Cleaned with backup
C:\WINDOWS\d3md.dll -> Downloader.Wintrim.be : Cleaned with backup
C:\WINDOWS\ezlwyq.dat -> Downloader.Agent.an : Cleaned with backup
C:\WINDOWS\fcwslx.dat -> Downloader.Agent.an : Cleaned with backup
C:\WINDOWS\geiujo.dat -> Downloader.Agent.an : Cleaned with backup
C:\WINDOWS\iagloy.dat -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\iisver.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\ikiko.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\WINDOWS\image.dll -> Downloader.WinShow.ai : Cleaned with backup
C:\WINDOWS\image.new -> Downloader.Wintrim.be : Cleaned with backup
C:\WINDOWS\infamous(2).exe -> Logger.Briss.h : Cleaned with backup
C:\WINDOWS\infamous.exe -> Logger.Briss.h : Cleaned with backup
C:\WINDOWS\klyjxg.dat -> Downloader.Agent.an : Cleaned with backup
C:\WINDOWS\kqwjgd.dat -> Downloader.Agent.an : Cleaned with backup
C:\WINDOWS\mojfkn.dat -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\msaj\msiesh.dll -> Downloader.Wintrim.be : Cleaned with backup
C:\WINDOWS\msaj\msiesh.dll.new -> Downloader.Wintrim.be : Cleaned with backup
C:\WINDOWS\MSDFMAP(2).INI:tnans -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\MSDFMAP.INI:tnans -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\mupxbj.dat -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\netjc32.exe -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\polall1t.exe -> Downloader.Agent.ae : Cleaned with backup
C:\WINDOWS\qkbrnf.dat -> Downloader.Agent.an : Cleaned with backup
C:\WINDOWS\sdkgb.dll -> Downloader.Wintrim.be : Cleaned with backup
C:\WINDOWS\siaruh.dat -> Downloader.Agent.an : Cleaned with backup
C:\WINDOWS\svchost.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\WINDOWS\Syrowi.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\WINDOWS\SYSTEM32\6pvw.dll -> Trojan.Kolweb.f : Cleaned with backup
C:\WINDOWS\SYSTEM32\apikq.exe -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\SYSTEM32\atiupdate5.exe -> Spyware.Adtomi : Cleaned with backup
C:\WINDOWS\SYSTEM32\bH.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\calsdr.dll -> Downloader.Rameh.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\calsdr.exe -> Dropper.Small.ff : Cleaned with backup
C:\WINDOWS\SYSTEM32\dtibnrbq.exe_ -> Downloader.Agent.ae : Cleaned with backup
C:\WINDOWS\SYSTEM32\ilmdat.exe -> Adware.MDH : Cleaned with backup
C:\WINDOWS\SYSTEM32\javakr.exe -> Downloader.Agent.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\moneyspj.exe -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\SYSTEM32\moneyspl.exe -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\uttnpf.dat -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\wdskctl.exe_ -> Spyware.ShopNav : Cleaned with backup
C:\WINDOWS\xhjvay.dat -> Downloader.Agent.an : Cleaned with backup


::Report End

Panda Online Scan Results

Incident Status Location

Adware:Adware/PortalScan Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\K5YFOH63\data[1].cab[mwsvm.bin]
Adware:Adware/PortalScan Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\KTIROHAZ\ieasst[1].cab[ieasst.dll]
Virus:Trj/Downloader.FK Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\WP6VKDIF\stc[1].htm
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\WP6VKDIF\tb_setup[1].cab[TB_setup.exe]
Virus:Trojan Horse Not disinfected C:\Documents and Settings\TEMP.D89G8B31\Local Settings\Temporary Internet Files\Content.IE5\BN5FZ1OO\object[1].hta
Virus:Trojan Horse Not disinfected C:\Documents and Settings\TEMP.D89G8B31\Local Settings\Temporary Internet Files\Content.IE5\G7B3MK5X\EXPLOIT[2].CHM
Virus:VBS/Psyme.C Not disinfected C:\Documents and Settings\TEMP.D89G8B31\Local Settings\Temporary Internet Files\Content.IE5\G7B3MK5X\EXPLOIT[2].CHM[exploit.htm]
Virus:Trj/Seeker.W Not disinfected C:\Documents and Settings\TEMP.D89G8B31\Local Settings\Temporary Internet Files\Content.IE5\G7B3MK5X\object-c002[1].hta
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temp\THI1151.tmp\twaintec.inf
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\5ICZU5KS\CSIEINST[1].DL_[CSIEINST[1].DLl]
Virus:Trj/Seeker.W Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\5ICZU5KS\object-c002[2].hta
Virus:Trojan Horse Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\AKASULH4\delayed[1].htm
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\C5Q3SPYB\CSBIINST[1].DL_[CSBIINST[1].DLl]
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\S16RC9MF\CSSSINST[1].DL_[CSSSINST[1].DLl]
Adware:Adware/Poper Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\S16RC9MF\HP1[1].CHM
Virus:VBS/Psyme.C Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\S16RC9MF\HP1[1].CHM[hp1.htm]
Virus:Trj/Downloader.SJ Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\S16RC9MF\HP2[2].CHM
Virus:VBS/Psyme.C Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\S16RC9MF\HP2[2].CHM[hp2.htm]
Adware:adware/tvmedia Not disinfected C:\Documents and Settings\TEMP.D89G8B31.001\Application Data\tvmuknwrd.dll
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\a.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\b.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ba.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bb.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\be.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bf.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bg.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bh.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bi.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bj.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bk.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bl.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bm.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bn.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bo.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bp.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bq.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\br.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bs.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bt.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bu.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bw.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bx.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\by.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\bz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\c.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ca.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cb.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ce.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cf.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cg.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ch.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ci.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cj.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ck.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cl.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cm.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cn.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\co.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cp.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cq.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cr.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cs.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ct.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cu.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cx.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\cz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\d.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\da.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\db.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dc.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dd.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\de.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\df.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\di.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dl.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dn.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dp.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dr.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ds.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dt.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\du.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dv.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dw.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dy.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\dz.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\ed.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\f.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\h.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\i.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\j.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\l.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\m.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\Main.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\n.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\p.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\q.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\r.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\s.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\t.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\u.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\w.class
Adware:Adware/TopMoxie Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\x.class
Adware:Adware/MoeMoney Not disinfected C:\Program Files\WebSavingsfromEbates\System\Code\y.class
Adware:Adware/AlwaysupdatednewsNot disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Adware:Adware/Adtomi Not disinfected C:\WINDOWS\chf8.sys
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\eufuto.dat
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\fxxrfu.dat
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\ijydio.dat
Adware:Adware/WinTools Not disinfected C:\WINDOWS\Key2.txt
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\kmjzdu.dat
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\n_zndmeq.dat
Adware:adware/powerstrip Not disinfected C:\WINDOWS\preprocess.data
Adware:adware/savenow Not disinfected C:\WINDOWS\SYSTEM32\ap2nqrd4.dat
Adware:adware/sahagent Not disinfected C:\WINDOWS\SYSTEM32\bqrufs5f.dat
Adware:Adware/Adtomi Not disinfected C:\WINDOWS\SYSTEM32\chf8.sys
Adware:adware program Not disinfected C:\WINDOWS\SYSTEM32\data.~
Virus:Trj/Qhost.Y Not disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050518-164954.backup
Virus:Trj/Qhost.Y Not disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050518-165102.backup
Virus:Trj/Qhost.Y Not disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050518-170214.backup
Adware:adware/searchsquire Not disinfected C:\WINDOWS\SYSTEM32\engine.txt
Adware:Adware/StatBlaster Not disinfected C:\WINDOWS\SYSTEM32\O
Adware:Adware/Adtomi Not disinfected C:\WINDOWS\SYSTEM32\p53zhr.dll
Adware:adware/portalscan Not disinfected C:\WINDOWS\SYSTEM32\winupdt.008

New Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 12:08:45 AM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.deviantart.com/view/7789285/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135917837171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135917826953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:34 AM

Posted 01 January 2006 - 05:58 AM

Hello,

Delete next files:

C:\Program Files\Windows Media Player\wmplayer.exe.tmp <== don't delete wmplayer.exe, you have to delete the wmplayer.exe.tmp
C:\WINDOWS\chf8.sys
C:\WINDOWS\eufuto.dat
C:\WINDOWS\fxxrfu.dat
C:\WINDOWS\ijydio.dat
C:\WINDOWS\Key2.txt
C:\WINDOWS\kmjzdu.dat
C:\WINDOWS\n_zndmeq.dat
C:\WINDOWS\preprocess.data
C:\WINDOWS\SYSTEM32\ap2nqrd4.dat
C:\WINDOWS\SYSTEM32\bqrufs5f.dat
C:\WINDOWS\SYSTEM32\chf8.sys
C:\WINDOWS\SYSTEM32\data.~
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050518-164954.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050518-165102.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050518-170214.backup
C:\WINDOWS\SYSTEM32\engine.txt
C:\WINDOWS\SYSTEM32\O
C:\WINDOWS\SYSTEM32\p53zhr.dll
C:\WINDOWS\SYSTEM32\winupdt.008
C:\Documents and Settings\TEMP.D89G8B31.001\Application Data\tvmuknwrd.dll
C:\Program Files\WebSavingsfromEbates <== folder

It could be possible you won't find some files because they are hidden. To reveal them, perform next:

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.

Then,

1. Open Ccleaner, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
2. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.


In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

3. Click the "Run Cleaner" button.
4. A pop up box will appear advising this process will permanently delete files from your system.
5. Click "OK" and it will scan and clean your system.
6. Click "exit" when done.

Perform a full scan with an updated Adaware SE and/or Spybot S&D to get rid of some leftovers if still present.
If you don't have those programs yet, you can find the downloadlocations in my sig.

Reboot and let me know in your next reply if the startup error is gone and how things are running now.

And A Happy New Year! :thumbsup:

Edited by miekiemoes, 01 January 2006 - 06:00 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 GetSome

GetSome
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:04:34 PM

Posted 01 January 2006 - 10:48 AM

Hi,

I ran ewido under safemode for the second time and it has detected no malware, I have deleted all 22 files you have listed, I used CC cleaner to clean all my files, I have used Spybot and Ad-Aware Se to mop up the remaining problems. The start up error message is now gone thanks to you!!

However when I ran the "Panda Online" scan again it has detected 10 spyware entrys and around 7 viruses still in my system. Is this anything worth worrying about? Here are my two recent logs from "hijackthis" and "Panda Online" scanner for reference. (This is after the error message is gone)

Panda Active Scan

Incident Status Location

Virus:Trj/Downloader.FK Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5\WP6VKDIF\stc[1].htm
Virus:Trojan Horse Not disinfected C:\Documents and Settings\TEMP.D89G8B31\Local Settings\Temporary Internet Files\Content.IE5\BN5FZ1OO\object[1].hta
Virus:Trojan Horse Not disinfected C:\Documents and Settings\TEMP.D89G8B31\Local Settings\Temporary Internet Files\Content.IE5\G7B3MK5X\EXPLOIT[2].CHM
Virus:VBS/Psyme.C Not disinfected C:\Documents and Settings\TEMP.D89G8B31\Local Settings\Temporary Internet Files\Content.IE5\G7B3MK5X\EXPLOIT[2].CHM[exploit.htm]
Virus:Trj/Seeker.W Not disinfected C:\Documents and Settings\TEMP.D89G8B31\Local Settings\Temporary Internet Files\Content.IE5\G7B3MK5X\object-c002[1].hta
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temp\THI1151.tmp\twaintec.inf
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\5ICZU5KS\CSIEINST[1].DL_[CSIEINST[1].DLl]
Virus:Trj/Seeker.W Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\5ICZU5KS\object-c002[2].hta
Virus:Trojan Horse Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\AKASULH4\delayed[1].htm
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\C5Q3SPYB\CSBIINST[1].DL_[CSBIINST[1].DLl]
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\S16RC9MF\CSSSINST[1].DL_[CSSSINST[1].DLl]
Adware:Adware/Poper Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\S16RC9MF\HP1[1].CHM
Virus:VBS/Psyme.C Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\S16RC9MF\HP1[1].CHM[hp1.htm]
Virus:Trj/Downloader.SJ Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\S16RC9MF\HP2[2].CHM
Virus:VBS/Psyme.C Not disinfected C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5\S16RC9MF\HP2[2].CHM[hp2.htm]
Adware:adware/savenow Not disinfected C:\WINDOWS\SYSTEM32\baur5s9q.dat
Adware:adware program Not disinfected C:\WINDOWS\SYSTEM32\key.~
Adware:adware/sahagent Not disinfected C:\WINDOWS\SYSTEM32\ritsacnk.dat
Adware:adware/portalscan Not disinfected C:\WINDOWS\SYSTEM32\winupdt.bin

Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 7:30:25 AM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.deviantart.com/view/7789285/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135917837171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135917826953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:34 AM

Posted 01 January 2006 - 04:51 PM

Hello,

Your hijackthislog still looks clean.

Delete next files again:

C:\WINDOWS\SYSTEM32\baur5s9q.dat
C:\WINDOWS\SYSTEM32\key.~
C:\WINDOWS\SYSTEM32\ritsacnk.dat
C:\WINDOWS\SYSTEM32\winupdt.bin

then, again, make sure your hidden files and folders are shown and open Your Explorer (not your Internet Explorer, but your windows explorer as I explained to you before)
Normally there's also an addressbar on top.
In that addressbar, copy and paste next:

C:\Documents and Settings\TEMP.D89G8B31.000\Local Settings\Temporary Internet Files\Content.IE5

Klik enter.
This will show the contents of the Content.IE5-folder.
Delete everything present in there!

Then again in the addressbar, copy and paste next:

C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5

This will also open the Content.IE5 under another account. Delete everything present in that folder.

If you can't see the addressbar there, in the menu,
go to the View menu, select Toolbars then check Address Bar.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 GetSome

GetSome
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:USA
  • Local time:04:34 PM

Posted 01 January 2006 - 11:48 PM

Hi,

I have deleted the rest of the files. I ran Spybot, Ad-Aware se, and another Active Scan with Panda and all the results are clean. Thank you so much for your help! I hope you continue to help others as much as you helped me. I will not forget what you did miekiemoes. Best of luck to you!!! :thumbsup:

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:34 AM

Posted 02 January 2006 - 04:39 AM

It was a pleasure to help you. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:34 AM

Posted 02 January 2006 - 06:27 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users