Solved Hijack this log for missing ddyqhrah.dll error

[Resolved]Hijack this log for missing ddyqhrah.dll error

When I boot my system I am getting an error that the subject dll is missing. It was suggested I post here in case it is a remnant of some improperly removed malware. Thank you for volunteering to help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:03 PM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\VPN Client\cvpnd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\Program Files\Timbuktu Pro\TimbuktuRemoteConsole.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Timbuktu Pro\minitb2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\UltimateZip 2.7\uzqkst.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.suntrust.com/portal/server.pt?space=Login
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\Timbuktu Pro\minitb2.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [b426740f] rundll32.exe "C:\WINDOWS\system32\ddyqhrah.dll ",b
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe "
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1195518077812
O17 - HKLM\System\CCS\Services\Tcpip\..\{73614C4C-65C4-4C7D-B183-4397D949B149}: NameServer = 205.152.37.23,205.152.144.23
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe

--
End of file - 7251 bytes

 

Hi gw1500se
Well it looks like you have something that should be on there.

Please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Thanks
Geri

 

Thanks for the help. Here is the Combofix log:

ComboFix 08-08-15.04 - Dennis Putnam 2008-08-16 15:31:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1504 [GMT -4:00]
Running from: C:\Documents and Settings\Dennis Putnam\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\iMeshBar
C:\Program Files\iMeshBar\bar\History\search
C:\WINDOWS\BMb7154793.txt
C:\WINDOWS\BMb7154793.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cgoimqwb.ini
C:\WINDOWS\system32\cnowxpar.ini
C:\WINDOWS\system32\harhqydd.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\vpiowmxo.ini
C:\WINDOWS\system32\wotkwpkb.ini
C:\WINDOWS\system32\Wyabayxx.ini
C:\WINDOWS\system32\Wyabayxx.ini2

.
((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.

2008-08-15 19:33 . 2008-08-15 19:33 <DIR> d-------- C:\temp\ftp%3a%2f%2fftp.gtlib.gatech.edu%2fpub%2fcygwin%2f
2008-08-15 19:10 . 2008-08-15 19:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-15 19:09 . 2008-08-15 19:09 812,344 --a------ C:\temp\HJTInstall.exe
2008-08-15 18:51 . 2008-08-15 18:51 67 --a------ C:\NtfA.tmp
2008-08-15 18:51 . 2008-08-15 18:51 67 --a------ C:\Ntf9.tmp
2008-08-14 19:19 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 18:33 . 2008-08-14 18:35 <DIR> d-------- C:\temp\ftp%3a%2f%2fftp.cise.ufl.edu%2fpub%2fmirrors%2fcygwin%2f
2008-08-14 17:57 . 2008-08-14 17:57 212,992 --a------ C:\temp\EmailParser.exe
2008-08-02 18:27 . 2008-08-02 18:27 6,935,565 --a------ C:\temp\JDNAF_Patch_1.5_2.exe
2008-07-23 21:16 . 2008-08-07 08:10 58,308 --a------ C:\Ntf7.tmp
2008-07-23 21:16 . 2008-07-23 21:16 67 --a------ C:\Ntf8.tmp
2008-07-23 18:32 . 2008-07-23 21:10 1,393 --a------ C:\Ntf5.tmp
2008-07-23 18:32 . 2008-07-23 18:32 67 --a------ C:\Ntf6.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 13:32 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-15 22:22 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-15 22:22 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-15 22:22 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-15 22:22 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-15 22:22 --------- d-----w C:\Program Files\Symantec
2008-08-15 22:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-11 22:46 --------- d-----w C:\Program Files\Quicken
2008-08-07 22:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-07 11:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-04 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-30 21:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 21:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 21:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-23 22:26 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-14 01:54 --------- d-----w C:\Program Files\Java
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:36 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 18:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-06-13 18:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-11-21 21:49 8,591,872 ------w C:\Documents and Settings\Dennis Putnam\vpnclient-win-is-4.8.01.0300-k9.exe
2007-04-16 02:33 71,790,664 ------w C:\Documents and Settings\Dennis Putnam\Civilization IV plus Crack.exe
2005-11-20 00:00 20,464 ------w C:\Documents and Settings\Dennis Putnam\Application Data\GDIPFONTCACHEV1.DAT
2003-07-22 17:52 812 ------w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPWebCap "= "C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-08-10 11:50 40960]
"Creative Detector "= "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 07:53 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-08-12 00:43 7630848]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2006-08-12 00:43 86016]
"CPQEASYACC "= "C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 16:01 32768]
"TLogonPath "= "C:\Program Files\Timbuktu Pro\minitb2.exe" [2006-02-22 16:47 1028096]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 21:47 51048]
"osCheck "= "C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 02:49 718704]
"SkyTel "= "SkyTel.EXE" [2006-05-16 06:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL "= "RTHDCPL.EXE" [2007-01-30 06:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"nwiz "= "nwiz.exe" [2006-08-12 00:43 1519616 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
UltimateZip Quick Start.lnk - C:\Program Files\UltimateZip 2.7\uzqkst.exe [2002-03-17 14:13:28 266240]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 23:05:56 65588]
UltimateZip Quick Start.lnk - C:\Program Files\UltimateZip 2.7\uzqkst.exe [2002-03-17 14:13:28 266240]
VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-01-06 11:20:19 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 16:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Timbuktu Pro]
2006-02-22 16:48 81920 C:\Program Files\timbuktu pro\HOOK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Games\\Zoo Tycoon 2\\zt.exe "=

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 21:47]
R3 vxa;vxa;C:\WINDOWS\system32\DRIVERS\vxa32.sys [2005-04-01 12:57]
S3 4mmdat;4mmdat;C:\WINDOWS\system32\DRIVERS\4mmdat.sys [2004-08-04 00:00]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2005-07-11 14:26]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-12 C:\WINDOWS\Tasks\Ad-Aware 2007.job
- C:\PROGRA~1\AD-AWA~2\AD-AWA~1.EXE [2007-08-28 17:59]

2008-08-07 C:\WINDOWS\Tasks\Low Battery Alarm Program.job
- C:\cygwin\linuxshut.bat [2008-07-29 19:20]

2008-08-07 C:\WINDOWS\Tasks\Low Battery Alarm Program.job
- c:\cygwin [2008-08-14 18:41]

2008-08-13 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Dennis Putnam.job
- C:\Program Files\Norton AntiVirus\Navw32.exe [2008-02-07 10:05]

2008-08-14 C:\WINDOWS\Tasks\SpybotSD.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-30 14:45]

2008-08-11 C:\WINDOWS\Tasks\Weekly Incremental Backup.job
- C:\WINDOWS\system32\ntbackup.exe [2004-08-04 01:56]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-b426740f - C:\WINDOWS\system32\ddyqhrah.dll
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Dennis Putnam\Application Data\Mozilla\Firefox\Profiles\plhcp5ln.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://my.yahoo.com/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 15:36:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-16 15:42:13
ComboFix-quarantined-files.txt 2008-08-16 19:42:11

Pre-Run: 72,337,383,424 bytes free
Post-Run: 72,437,071,872 bytes free

159 --- E O F --- 2008-08-14 23:42:04

 

Hi gw1500se
How are things running?

Please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


Now lets get a on-line scan.

Please do an online scan with Kaspersky WebScanner

Click on "Accept" If your pop "“up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the "Scan Report" On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

The Kaspersky report was blank but my missing dll error is gone. Does that mean I'm clean?

 

Hi gw1500se
That's what I wanted to hear. You're good to go.

Please do this.

Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing the infected files there as well.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

I'll mark this one resolved.

Surf Safely
Geri