Spyware problem!

im getting pop ups like mad and one particular page making itself the homepage.

here is my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 2:20:44 AM, on 6/26/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\dGh1IHRydW9uZw\command.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINNT\System32\fstgrhi.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\dfndrb_2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\v1201.exe
C:\PROGRA~1\COMMON~1\PPPATC~1\attrib.exe
C:\WINNT\system32\ECURIT~1\RNDLL~1.EXE
C:\PROGRA~1\COMMON~1\rzqr\rzqrm.exe
C:\PROGRA~1\COMMON~1\rzqr\rzqra.exe
C:\Program Files\LimeWire\ProgressTabs.exe
C:\WINNT\System32\wuauclt.exe
C:\PROGRA~1\COMMON~1\rzqr\rzqrl.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Recycler] fstgrhi.exe
O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [defender] C:\\dfndrb_2.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINNT\v1201.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe
O4 - HKLM\..\RunServices: [Windows Recycler] fstgrhi.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Administrator\Desktop\P2KTools_v0.7.1.9\P2kCommander\P2kAutostart.exe
O4 - HKCU\..\Run: [Arsp] "C:\PROGRA~1\COMMON~1\PPPATC~1\attrib.exe" -vt yazr
O4 - HKCU\..\Run: [Qkoxrrz] C:\WINNT\system32\ECURIT~1\RNDLL~1.EXE
O4 - HKCU\..\Run: [rzqr] C:\PROGRA~1\COMMON~1\rzqr\rzqrm.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1108176644421
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-fridge.com/nsvplayx_vp3_mp3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\dGh1IHRydW9uZw\command.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

I havent learned how to read Hijack this logs but from your description it sounds like you have a CoolWebSearch infection. Trend Micro has the tool CWShredder (CoolWebSearch Shredder). I would go to their site and download it. And if whatever spyware/virus is running on your machine wont let you access their page I will email it to you if that would help you.

 

post here

http://forums.afterdawn.com/forum_view.cfm/166

 

what do you mean post there? thats the exact same page this topic is in. and the page that makes itself the homepage is something like findthewebsiteyouneed.com

 

woops wrong link sorry .JaPK can help you out PM him

 

Ok, JaPK to the rescue....

Hi Hugylos, you got a massive malware collection there...

You don't have a firewall on your computer. Download and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

Cleaning instructions:

Move HijackThis into its own folder C:\HJT

Download and install Ewido Anti-Spyware 4.0 -> http://www.ewido.net/en/download/

-> Open Ewido Anti-Spyware
-> Click the Update icon at the top of the window
-> Click the Start update button
-> Wait for the update to download and install
-> Quit the program, we'll use this later.

Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
Do NOT run yet.

Go to Control Panel -> Add/Remove programs -> Remove ToolBar888, PuritySCAN By OIN, OuterInfo, OIN, EmpirePoker, PartyPoker or similars if found

IF PuritySCAN By OIN, OuterInfo, OIN were not listed, download and run this uninstaller -> http://www.outerinfo.com/OiUninstaller.exe
Instructions here if needed -> http://www.outerinfo.com/howto.html

Please download Brute Force Uninstaller to your desktop.
http://www.merijn.org/files/bfu.zip

-> Right-click the BFU folder on your desktop, and choose Extract All
-> Click Next
-> In the box to choose where to extract the files to,
-> Click Browse
-> Click on the + sign next to My Computer
-> Click on Local Disk ( C: ) or whatever your primary drive is
-> Click Make New Folder
-> Type in BFU
-> Click Next, and Uncheck the Show Extracted Files box and then click Finish.

RIGHT-CLICK the following link and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix.bat -> http://downloads.subratam.org/Lon/sidekickFix.bat
Save it in the same folder you made earlier (c:\BFU).

RIGHT-CLICK the following link and choose "Save As" (in IE it's "Save Target As") in order to download alcanshorty.bfu -> http://metallica.geekstogo.com/alcanshorty.bfu
Save it in the same folder you made earlier (c:\BFU).

Please close ALL other open windows & explorer folder's, then double-click on sidekickFix.bat
Click YES and follow the instructions, when it asks about restarting the pc, do NOT do it.

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [Windows Recycler] fstgrhi.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINNT\v1201.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [Windows Recycler] fstgrhi.exe
O4 - HKCU\..\Run: [Arsp] "C:\PROGRA~1\COMMON~1\PPPATC~1\attrib.exe" -vt yazr
O4 - HKCU\..\Run: [Qkoxrrz] C:\WINNT\system32\ECURIT~1\RNDLL~1.EXE
O4 - HKCU\..\Run: [rzqr] C:\PROGRA~1\COMMON~1\rzqr\rzqrm.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-fridge.com/nsvplayx_vp3_mp3.cab
O20 - AppInit_DLLs: repairs303169590.dll

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Press Start -> My Computer -> Go to folder C:\BFU

-> Run BFU by doubleclicking BFU.exe
-> Type or copy/paste this to the "Scriptline to execute" -field: C:\BFU\alcanshorty.bfu
-> Click Execute and let it do its work (You should see a progressbar if you did this right)
-> Wait for the "Complete script execution" box and click OK.
-> Click Exit in order to quit BFU.

Delete these folders (if found):
C:\Program Files\ToolBar888
C:\Program Files\Common Files\rzqr
C:\Program Files\Common Files\svchostsys
C:\Program Files\EmpirePoker
C:\Program Files\PartyGaming
C:\WINNT\dGh1IHRydW9uZw
C:\Program Files\PurityScan

Delete these files (if found):
C:\WINNT\v1201.exe
C:\WINNT\System32\fstgrhi.exe
C:\dfndrb_2.exe

Use the Windows "search" function
-> Start
-> Search
-> All files and folders
-> More advanced options

Checkmark these options:
- "Search system folders"
- "Search hidden files and folders"
- "Search subfolders"

->Search for this and delete if found: repairs303169590.dll

Run ATF Cleaner -> Check select all -> Press Empty selected

-> Open Ewido Anti-Spyware
-> Click the Scanner icon at the top of the window
-> Click the Settings tab then select Recommended Options and choose Quarantine
-> Click the Scan tab
-> Select Complete System Scan. The scanning begins.
-> When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop.
-> Copy and paste the scan results into your next post

Clean the Recycle bin.

Restart your computer normally.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's report

 

Bravo to JaPK to that excellent reply. :~)

 

hey japk, about this part

"Please close ALL other open windows & explorer folder's, then double-click on sidekickFix.bat
Click YES and follow the instructions, when it asks about restarting the pc, do NOT do it. "

i clicked yes and after that all it says is "You PC will need to be restarted. click yes when prompted
press any key to continue." thats it, i didnt follow any instruction just press yes and enter once than it went to this screen and nothing else. i press any key and it says i need to restart and i say no. than nothing happens. is this correect so far?

 

Yes, it is correct. Just follow through the instructions

 

I appreciate the help very much. but ive run into a problem. safe mode wont boot up! it will start to enter windows and than just completely stop. how can i get safe mode to boot!

 

i had that problem also what you have to do is crash windows ,when the windows screen comes up as your rebooting turn off your power on the back of your tower or wall make sure its completely shut down turn your power back on and reboot ,it should come up in safe mode then

 

Hi Hugylos.

There is an alternative way on getting to safemode.

Please try the "System Configuration Tool Method" described in here -> http://www.bleepingcomputer.com/tutorials/tutorial61.html#winxo

 

nope same problem. itll start to enter window than suddenly stop loading while the screen is black witht he words safe mode on each corner of the screen. I controled alt deleted and went into msconfig from there and unchecked safe mode. what options do i have left?

 

Ok, I'll guess that we'll have to forget the safe mode for a while. Just follow the steps and complete them in normal mode.

 

Ok i finally had time to sit down at my computer and continue the process. now, after trhe ewido scan is complete, should i quarantine? or should i jsut save the log and close it?

 

ok i didnt quaratine since you didnt state to/

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:10:59 PM 7/7/2006

+ Scan result:



C:\Program Files\Ad Muncher\vidaavi6ky.exe -> Adware.Agent : No action taken.
C:\Program Files\Cowabanga\wuninstaller.exe -> Adware.Agent : No action taken.
C:\Program Files\Guild Wars\wGw.exe -> Adware.Agent : No action taken.
C:\Program Files\QuickTime\wPictureViewer.exe -> Adware.Agent : No action taken.
C:\Program Files\Wizet\wMSSetup.exe -> Adware.Agent : No action taken.
C:\RECYCLER\NPROTECT\00029109.EXE -> Adware.Agent : No action taken.
[2108] C:\Program Files\Guild Wars\wGw.exe -> Adware.Agent : No action taken.
C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000401.asw -> Adware.CommAd : No action taken.
C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000402.asw -> Adware.CommAd : No action taken.
C:\RECYCLER\NPROTECT\00029078.DLL -> Adware.Look2Me : No action taken.
C:\RECYCLER\NPROTECT\00029083.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\SUDOCLC.DLL -> Adware.Look2Me : No action taken.
C:\WINNT\system32\adlui.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\akrace.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\azaqlih5184.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\azas07l7e.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\dVdrm.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\dn8m01l1e.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\dnnu0159e.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\e2202cfmgf2a2.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\enl6l13s1.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\f82mlif1182.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\fp8003lme.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\fpr6039se.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\g0402ahmgd4a2.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\g2040cdqef0e0.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\gpj4l31q1.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\gpjul3191.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\gpl2l33o1.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\hr2205foe.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\ijclass.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\irpsl5771.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\izsetup.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\j4p0le7m1h.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\jt8s07l7e.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\jtj6071se.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\k0lq0a35ed.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\kq2ml7f11.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\kt2ml7f11.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\kt6ul7j91.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\ktjol7131.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\ktnql7551.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\kzdro.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\l6l60g3se6.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\lv0m09d1e.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\lvn0095me.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\lvns0957e.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\mv8ql9l51.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\n28o0cl3efq.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\nbshrui.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\pltorec.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\rNschap.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\rmsutils.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\s2rslc971f.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\t8r8li9u18.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\wjw32.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\xklehlp.dll -> Adware.Look2Me : No action taken.
C:\windows\warebundle.exe -> Adware.Look2Me : No action taken.
[1704] C:\WINNT\system32\ncmsevt.dll -> Adware.Look2Me : No action taken.
[448] C:\WINNT\system32\ncmsevt.dll -> Adware.Look2Me : No action taken.
C:\WINNT\system32\wucrtupd.dll -> Adware.PurityScan : No action taken.
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : No action taken.
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-789336058-1004336348-682003330-500\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-789336058-1004336348-682003330-500\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
C:\WINNT\drsmartload408a.exe -> Downloader.Adload.ch : No action taken.
C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\quarantine\0000040a.asw -> Downloader.Adload.ck : No action taken.
C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\quarantine\0000040c.asw -> Downloader.Adload.ck : No action taken.
C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\quarantine\0000040e.asw -> Downloader.Adload.ck : No action taken.
C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000404.asw -> Downloader.Adload.cn : No action taken.
C:\windows\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : No action taken.
C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000410.asw -> Downloader.VB.afv : No action taken.
C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000408.asw -> Downloader.VB.agi : No action taken.
C:\WINNT\system32\oins.exe -> Dropper.Small : No action taken.
C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000413.asw -> Dropper.VB.mz : No action taken.
C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000406.asw -> Hijacker.VB.fc : No action taken.
C:\nwnm_1.exe -> Hijacker.VB.fc : No action taken.
C:\!KillBox\ibm00012.exe -> Logger.Small.dg : No action taken.
C:\!KillBox\ibm00012.exe( 2) -> Logger.Small.dg : No action taken.
C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000403.asw -> Not-A-Virus.Monitor.Win32.NetMon.a : No action taken.
C:\Documents and Settings\Administrator\My Documents\extract.exe -> Not-A-Virus.PornDownloader.Win32.Small.c : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt -> TrackingCookie.Goclick : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@ehg-sportingbet.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\!KillBox\winhdn32.dll -> Trojan.Agent.vg : No action taken.
C:\!KillBox\winhdn32.dll( 1) -> Trojan.Agent.vg : No action taken.
C:\usa.exe -> Trojan.VB.abv : No action taken.
C:\usae.exe -> Trojan.VB.abv : No action taken.
C:\windows\lojsfj.exe -> Trojan.VB.abv : No action taken.
C:\Program Files\Common Files\simtest\sysstall.exe -> Trojan.Zapchast.bl : No action taken.


::Report end

HIJACK THIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 1:34:46 PM, on 7/7/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Administrator\Desktop\P2KTools_v0.7.1.9\P2kCommander\P2kAutostart.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Ad Muncher\wvidaavi6ky.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Administrator\Desktop\P2KTools_v0.7.1.9\P2kCommander\P2kAutostart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1108176644421
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\dGh1IHRydW9uZw\command.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

We'll if you read my instructions carefully, it says there that you should quarantine... :/

But we'll run a new scan later...

Download Look2Me-Destroyer -> http://www.atribune.org/ccount/click.php?id=7 and save it on desktop

IMPORTANT: Before continuing, you MUST do the following:

->Print this or save as a textfile
->Click start -> run -> services.msc -> ok
->Check that this service is running or its startuptype is automatic
Secondary logon
->Disconnect from internet (unplug your network cable)
->Close ALL antivirus programs (this is essential!)
->Close all windows before continuing.
->Double-click Look2Me-Destroyer.exe to run it.
->Put a check next to Run this program as a task.
->You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
->When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
->Once it's done scanning, click the Remove L2M button.
->You will receive a Done Scanning message, click OK.
->When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
->Your computer will then shutdown.
->Turn your computer back on.
->Please post the contents of C:\Look2Me-Destroyer.txt along with a fresh HijackThis log

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX