removing kspdsp.dll

Jenski · 2006/07/17

No infected files found
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-07-16 22:58:54 683 ( A.... ) F:\COMBO.BAT
2006-07-14 08:35:08 77312 ( A.... ) F:\VUNDOFIX.EXE
2006-06-19 16:20:42 702768 ( ..... ) F:\WINDOWS\SYSTEM32\WGALOGON.DLL
2006-06-19 16:19:42 571184 ( A.... ) F:\WINDOWS\SYSTEM32\LEGITC~1.DLL
2006-06-16 14:34:44 48936 ( A.... ) F:\WINDOWS\SYSTEM32\SIRENACM.DLL
2006-06-08 19:01:00 13837 ( A.SH. ) F:\WINDOWS\SYSTEM32\DDAYXVU.DLL
2006-05-19 06:59:42 148480 ( A.... ) F:\WINDOWS\SYSTEM32\DNSAPI.DLL
2006-05-19 06:59:42 111616 ( A.... ) F:\WINDOWS\SYSTEM32\DHCPCSVC.DLL
2006-05-19 06:59:42 94720 ( A.... ) F:\WINDOWS\SYSTEM32\IPHLPAPI.DLL
2006-05-15 18:24:34 466944 ( A.... ) F:\WINDOWS\SYSTEM32\CAPICOM.DLL

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-07-16 22:58 683 F:\Combo.bat
2006-07-14 08:35 77,312 F:\VundoFix.exe
2006-07-05 21:20 159,744 F:\WINDOWS\system32\lfpng13n.dll
2006-06-19 16:20 702,768 F:\WINDOWS\system32\WgaLogon.dll
2006-06-16 14:34 48,936 F:\WINDOWS\system32\sirenacm.dll
2006-06-08 19:00 13,837 F:\WINDOWS\system32\ddayxvu.dll
2006-06-04 16:57 630,784 F:\WINDOWS\system32\ANIWZCS2.dll
2006-06-04 16:57 57,407 F:\WINDOWS\system32\ANICtl.dll
2006-06-04 16:57 50,176 F:\WINDOWS\system32\ANIO64.sys
2006-06-04 16:57 49,152 F:\WINDOWS\system32\JJAKEn.dll
2006-06-04 16:57 49,152 F:\WINDOWS\system32\AQCKGen.dll
2006-06-04 16:57 36,864 F:\WINDOWS\system32\ANIOApi.dll
2006-06-04 16:57 24,288 F:\WINDOWS\system32\ANIO.sys
2006-06-04 16:57 237,568 F:\WINDOWS\system32\wlanapi.dll
2006-06-04 16:57 204,800 F:\WINDOWS\system32\aIPH.dll
2006-06-04 16:57 163,840 F:\WINDOWS\system32\WlanApp.dll
2006-06-04 16:57 11,904 F:\WINDOWS\system32\anio4.sys
2006-06-04 16:57 1,327,189 F:\WINDOWS\system32\odSupp_M.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon "= "RUNDLL32.EXE F:\\WINDOWS\\System32\\NvCpl.dll,NvStartup "
"nwiz "= "nwiz.exe /install "
"NeroCheck "= "F:\\WINDOWS\\system32\\NeroCheck.exe "
"LVCOMS "= "F:\\Program Files\\Common Files\\Logitech\\QCDriver\\LVCOMS.EXE "
"RealTray "= "F:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER "
"SunJavaUpdateSched "= "F:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe "
"D-Link AirPlus G "= "F:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe "
"ANIWZCS2Service "= "F:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe "
"iTunesHelper "= "\ "F:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"QuickTime Task "= "\ "F:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"WinampAgent "= "F:\\Program Files\\Winamp\\winampa.exe "
"ShStatEXE "= "\ "F:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE "
"McAfeeUpdaterUI "= "\ "F:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey "
"Network Associates Error Reporting Service "= "\ "F:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NvMediaCenter "= "RUNDLL32.EXE F:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit "
"CursorXP "= "F:\\Program Files\\CursorXP\\CursorXP.exe "
"STYLEXP "= "F:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide "
"MessengerPlus3 "= "\ "F:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart "
"Creative Detector "= "\ "F:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R "
"SpybotSD TeaTimer "= "F:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe "
"MSMSGS "= "\ "F:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"msnmsgr "= "\ "F:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=dword:40000004
"OriginalStateInfo "=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "ewido anti-spyware 4.0 "

Contents of the 'Scheduled Tasks' folder
F:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Sun 07/16/2006 23:02:56.73
ComboFix ver 06.07.15 - This logfile is located at F:\ComboFix.txt

Jenski · 2006/07/17

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:38:18 AM 7/17/2006

+ Scan result:

F:\WINDOWS\system32\ddayxvu.dll -> Downloader.ConHook.ab : Cleaned with backup (quarantined).
F:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
:mozilla.15:F:\RECYCLER\NPROTECT\00058227.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.16:F:\RECYCLER\NPROTECT\00058227.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.17:F:\RECYCLER\NPROTECT\00058227.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.20:F:\RECYCLER\NPROTECT\00058230.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.21:F:\RECYCLER\NPROTECT\00058230.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.22:F:\RECYCLER\NPROTECT\00058230.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.22:F:\RECYCLER\NPROTECT\00058239.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.23:F:\RECYCLER\NPROTECT\00058239.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.24:F:\RECYCLER\NPROTECT\00058239.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.26:F:\RECYCLER\NPROTECT\00058240.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.26:F:\RECYCLER\NPROTECT\00058241.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.26:F:\RECYCLER\NPROTECT\00058242.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.27:F:\RECYCLER\NPROTECT\00058240.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.27:F:\RECYCLER\NPROTECT\00058241.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.27:F:\RECYCLER\NPROTECT\00058242.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.28:F:\RECYCLER\NPROTECT\00058240.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.28:F:\RECYCLER\NPROTECT\00058241.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.28:F:\RECYCLER\NPROTECT\00058242.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.341:F:\RECYCLER\NPROTECT\00056778.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.342:F:\RECYCLER\NPROTECT\00056778.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.342:F:\RECYCLER\NPROTECT\00056780.MOZ -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
::Report end

there was more, but all just tracking cookies.. but it would probably be like 40 pgs long

Logfile of HijackThis v1.99.1
Scan saved at 7:42:32 AM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
F:\Program Files\D-Link\AirPlus G\AirGCFG.exe
F:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
F:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Winamp\winampa.exe
F:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
F:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
F:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\CursorXP\CursorXP.exe
F:\Program Files\TGTSoft\StyleXP\StyleXP.exe
F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\WINDOWS\system32\CTsvcCDA.EXE
F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
F:\Program Files\Network Associates\Common Framework\FrameworkService.exe
F:\Program Files\Network Associates\VirusScan\Mcshield.exe
F:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\svchost.exe
F:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubvibes.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {b7538ae1-5a63-4ac3-8eb1-0ee69aeee4dd} - F:\WINDOWS\system32\kspdsp.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] F:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] F:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ShStatEXE] "F:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "F:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "F:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe "
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [CursorXP] F:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [STYLEXP] F:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Creative Detector] "F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = F:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://silvergrl.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1113090666512
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: kspdsp - kspdsp.dll (file missing)
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - F:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - F:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - F:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - F:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

TeMerc · 2006/07/17

Pretty sure I mentioned this earlier, but lets comepletely disable TeaTimer.

Run Spybot-S&D

Go to the Mode menu, and make sure Advanced Mode is selected

On the left hand side, choose Tools -> Resident

Uncheck Resident TeaTimer and OK any prompts

You can reenable TeaTimer once your system is clean

Run HJT, and place a check next to the following lines, then, with all browsers and windows closed, hit 'Fix checked':

O2 - BHO: (no name) - {b7538ae1-5a63-4ac3-8eb1-0ee69aeee4dd} - F:\WINDOWS\system32\kspdsp.dll (file missing)

O20 - Winlogon Notify: kspdsp - kspdsp.dll (file missing)

Reboot, post new HJT log file please, thanks.

Jenski · 2006/07/17

so far.... so good!!
thanks for the help so far!

Logfile of HijackThis v1.99.1
Scan saved at 6:13:27 PM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
F:\Program Files\Real\RealPlayer\RealPlay.exe
F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
F:\Program Files\D-Link\AirPlus G\AirGCFG.exe
F:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Winamp\winampa.exe
F:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
F:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
F:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
F:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\CursorXP\CursorXP.exe
F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\WINDOWS\system32\CTsvcCDA.EXE
F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
F:\Program Files\ewido anti-spyware 4.0\guard.exe
F:\Program Files\Network Associates\Common Framework\FrameworkService.exe
F:\Program Files\Network Associates\VirusScan\Mcshield.exe
F:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\svchost.exe
F:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubvibes.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] F:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] F:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ShStatEXE] "F:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "F:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "F:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe "
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [CursorXP] F:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [STYLEXP] F:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Creative Detector] "F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = F:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://silvergrl.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1113090666512
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - F:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - F:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - F:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - F:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

TeMerc · 2006/07/17

OK, well the log file appears to be clear, am I safe in saying it looks like we got this sucker???

Any more symptoms of any sort? Let me know please.

We have 3 more things to do, to help ensure you have removed all the little 'leftovers' which may be hiding:

Empty the TIF (Temporary Internet Files)
Delete all the files in (and any subfolders of) the C:\Windows\Temp folder
The app below will help with temp files.
Index.dat Suite

Also, delete all your cookies, and empty your recycle bin. But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

This would also be a good time to set a new system restore point for your machine.
Set New System Restore Point. Do not do this unless there are no other user accounts to be diagnosed.

Also, as you are an XP user, if there are any other accounts on this machine, they too, must be cleaned with AdAware, Spybot S&D, then HJT. Not all infections are global, nor are all the HJT fixes global. You can post each user account here into this thread, but please, do only one at a time to avoid confusion.

Here is a link which describes how security apps work with WIN XP machines.
XP User Accts Security Apps Operation

To further prevent the installation of ad/mal/spyware, DL the apps below, which are just as good the fight against ad/mal/spyware as AdAware & Spybot S&D:

SpywareBlaster
With SpywareBlaster v3.5.1 , just DL, install and check for updates, enable Internet Explorer protection, and your done! I don't recommend using IE restricted sites protection as it's not a very large database. Use IE-SPYADs below.

To avoid known malware infested sites from loading in IE install IESPY ADS.
And MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.

And to prevent unknown applications from being inserted to start up on your machine install WinPatrol v10.0.1.

Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.

Links for tutorials for all the apps I mentioned can be found on my site as well.

Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps

And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
Calendar of Updates

Subscribe to update alerts for all the above security apps here.

You can also see my own ongoing security testing with all the above apps proving how securely you can safe with them installed.
TeMerc Test Box Forum

Happy surfing!!
Tom

Log in or Sign up

removing kspdsp.dll

Jenski Inactive Thread Starter

Jenski Inactive Thread Starter

TeMerc Inactive Alumni

Jenski Inactive Thread Starter

TeMerc Inactive Alumni

Share This Page

Log in or Sign up

removing kspdsp.dll

Jenski Inactive Thread Starter

Jenski Inactive Thread Starter

TeMerc Inactive Alumni

Jenski Inactive Thread Starter

TeMerc Inactive Alumni

Share This Page

Useful Searches