Newbie dot Org HomePage
Visit one of our web buddies
sdkfj.exe error
lloyd
mac_whereareyou@hotmail.com
08/14/04 		hi, lloyd here again, i downloaded hijackthis and ran a scan for, you here it is:

Logfile of HijackThis v1.98.2
Scan saved at 11:44:41 AM, on 15/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\netai.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\essspk.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\iedo32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\SpamBayes\bin\sb_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Adam\LOCALS~1\Temp\Rar$EX00.875\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rcaos.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wcclu.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://wcclu.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wcclu.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rcaos.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wcclu.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rcaos.dll/sp.html#96676
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {DEE94005-1C44-5C08-22FF-9E5E64B4E3BB} - C:\WINDOWS\ipep.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [iedo32.exe] C:\WINDOWS\system32\iedo32.exe
O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\RunOnce: [ipqp.exe] C:\WINDOWS\ipqp.exe
O4 - HKLM\..\RunOnce: [sdkfj.exe] C:\WINDOWS\system32\sdkfj.exe
O4 - HKLM\..\RunOnce: [javayl.exe] C:\WINDOWS\system32\javayl.exe
O4 - HKLM\..\RunOnce: [atlgj32.exe] C:\WINDOWS\system32\atlgj32.exe
O4 - HKLM\..\RunOnce: [crzk.exe] C:\WINDOWS\system32\crzk.exe
O4 - HKLM\..\RunOnce: [apiyv.exe] C:\WINDOWS\system32\apiyv.exe
O4 - HKLM\..\RunOnce: [sdkvf32.exe] C:\WINDOWS\system32\sdkvf32.exe
O4 - HKLM\..\RunOnce: [ntzu.exe] C:\WINDOWS\system32\ntzu.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: SpamBayes Tray Icon.lnk = C:\Program Files\SpamBayes\bin\sb_tray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF7F57D9-9F33-4193-807A-0EBC375F4623}: NameServer = 203.49.70.92 139.134.2.190

i hope you can help. thanks!

snowman

08/14/04 		That's a nasty coolweb hijacker.
One that requires a removal tool and several tries to fix;

download this tool : AboutBuster

http://www.downloads.subratam.org/AboutBuster.zip

Create a new folder (on your Desktop, for convenience, and name it "Buster"). Double-click the zipped AboutBuster install file, then double-click on aboutbuster.exe ; extract all files to your new "Buster" folder. Double-click AboutBuster.exe and click Ok. Next, hit update. A new screen should popup. On that screen hit Check for Updates. If it says it found an update hit Download Updates. Exit the tool for now. If it doesn't need updating, it will automatically tell you and exit.

Now, open your "Buster" folder again and run the tool : Hit Start and then Ok. The program should start scanning. Once the scan is complete, copy/paste the report into NotePad and save it. Then hit Exit and reboot. Run the tool a second time for good measure, and save the new report to NotePad as well. Reboot if any new files were detected by the tool.. Scan with HijackThis!, then post the new log, along with the AboutBuster reports.

Good luck !

Mark

08/15/04 		Hey Snowman. Lloyd created another thread... and I hadn't seen this one, darnit ! I don't know why he never came back to this one though. I gave him the same fix on the other thread, and we're up to round two already.

Lloyd, if you read this, stick with the other thread now, and don't create any new ones please. Snowman spent time on this one for nothing...

I'm closing it.

Other thread here : http://www.newbie.org/help/messages/36551.html


© Copyright 1998-2004 Newbie dot Org -- All rights reserved --
This site maintained by Galaxy Website Design


--|--