I cannot seem to clean, rename or delete this virus in file C:\windows\systems32\sqldf
cp.dll. When I try to clean, rename or delete it I get the error "Error while deleteing - file is locked up". I have tried using Pest Patrol 5, NOD32, spybot, and hijackthis. This may also be related to the problem I am having with my IE bringing up "about blank" all the time which I am also having trouble fixing. I am not sure which to work on first so I am kinda working on both.
Below is my hijack info:
Logfile of HijackThis v1.99.0
Scan saved at 6:32:29 PM, on 2/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\system32\spools
v.exe
C:\WINDOWS\Explorer.EXE
C:\MPN\ECLIPSENet32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
e
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetecti
on.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Iomega\System3
2\Activity
Disk.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc3
2.exe
C:\WINDOWS\SYSTEM32\ZoneLa
bs\vsmon.e
xe
C:\WINDOWS\System32\wuaucl
t.exe
C:\WINDOWS\System32\ctfmon
.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\zstatu
s.exe
C:\Documents and Settings\Horizon1\Desktop\
temp\Hijac
kThis.exe
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Bar = res://C:\DOCUME~1\Horizon1
\LOCALS~1\
Temp\sp.dl
l/sp.html
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Bar = res://C:\DOCUME~1\Horizon1
\LOCALS~1\
Temp\sp.dl
l/sp.html
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant = about:blank
R0 - HKLM\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant = about:blank
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH
elper.ocx
O2 - BHO: (no name) - {0AA848C2-2992-486E-9E28-2
BCB9367439
5} - C:\WINDOWS\System32\mdim.d
ll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
06D7942484
F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
F10577473F
7} - c:\program files\google\googletoolbar
2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
0A0C908246
7} - C:\WINDOWS\System32\msdxm.
ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
09027A5CD4
F} - c:\program files\google\googletoolbar
2.dll
O4 - HKLM\..\Run: [MPNNET2] C:\MPN\ECLIPSENet32.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [TRTray] "C:\Program Files\Trojan Remover\trtray.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
e"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetecti
on.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon
.exe
O6 - HKCU\Software\Policies\Mic
rosoft\Int
ernet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsear
ch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
2.dll/cmse
arch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar
2.dll/cmba
cklinks.ht
ml
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar
2.dll/cmca
che.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
\Office10\
EXCEL.EXE/
3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar
2.dll/cmsi
milar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar
2.dll/cmtr
ans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-0
0aa003c157
a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-0
0aa003c157
a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0
0C0F0318AF
E} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B
7D41EF1CB5
2} - C:\Program Files\AWS\WeatherBug\Weath
er.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
dll
O16 - DPF: {10003000-1000-0000-1000-0
0000000000
0} - ms-its:mhtml:file://C:\foo
.mht!
http://82.179.166.68/tu6hbckq7HTcHUQPm0g.chm::/on-line.exeO18 - Filter: text/html - {0E20FD7C-D7AA-4A30-BD4E-B
BA8401974F
B} - C:\WINDOWS\System32\mdim.d
ll
O18 - Filter: text/plain - {0E20FD7C-D7AA-4A30-BD4E-B
BA8401974F
B} - C:\WINDOWS\System32\mdim.d
ll
O20 - AppInit_DLLs: C:\WINDOWS\System32\sqldfc
p.dll
O23 - Service: GoToMyPC - Unknown - C:\Program Files\Expertcity\GoToMyPC\
g2svc.exe (file missing)
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System3
2\Activity
Disk.exe
O23 - Service: NOD32 Kernel Service - Unknown - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
2.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLa
bs\vsmon.e
xe
Thanks!
Start Free Trial
