Will take a closer look when I arrive home from work. Looks like there may be a couple of things there to fix.

Please go here and have this file scanned. Post the results back here.

C:\WINNT\System32\dcqcq.dll

To:Moderator Crunchie

I did as you insructed and invoked the following erorr message: With Much Gratitude,
Y.H.

To:Moderator Crunchie I tried the scan once more just to be certain, and recieved the following message:

With Much Gratitude,
Y.H.

Run Pocket Killbox and paste the full file path of the below file in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you the file.

C:\WINNT\System32\dcqcq.dll

Reboot afterwards if the file is successfully deleted.

If the file is not deleted, do not reboot yet. Run Pocket Killbox again and paste the full file path in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" to reboot.

-

Post a new hijackthis log when done.

I may be away for a couple of days, but one of the other guys should finish helping you .

To: Moderator Crunchie

I'm sorry, I got caught up in something the last couple days so I didn't get a
chance to speak with any another tech that might have been told to help me
in your absence, though I do greatly appreciate your consideration, as to
assure me that I would be aided in your absence

In any event, I saw something posted by you today, and consequently
thought it was safe to assume that you have returned. I followed your
instructions, used killbox -to succesfully delete: C:\WINNT\System32
\dcqcq.dll. and I have posted My latest HJT Log below.

-------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:14:41 AM, on 7/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\boe2206\My Documents\Mine!\Other than Rhino\Downloads\msnmes\q\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\System32\RoamMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\boe2206\My Documents\Mine!\Other than Rhino\Downloads\msnmes\New Folder\MsgPlus.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] D:\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052305 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\boe2206\My Documents\Mine!\Other than Rhino\Downloads\msnmes\New Folder\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINNT\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\boe2206\My Documents\Mine!\Other than Rhino\Downloads\msnmes\q\ewido\security suite\ewidoctrl.exe
O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINNT\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
-------------------------------------------------------------------------------------------

With Much Gratitude,
Y.H.

Congratulations! Your log looks clean - good work!

===============

Now that your PC is clean you need to follow these easy steps to keeping it this way:

Secure your Internet Explorer by going here and following the instructions there.

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.

[color=blue]Install and keep updated, Ad-Aware SE, and Spybot S&D.
Run them both on a regular basis, following the manufacturer's recommendations.

Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.


Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin.

For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start>Run and type msconfig. Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.

===============

If you have any more problems, post back.

-

Happy surfing,

crunchie.

Dear Moderator Crunchie,

I thank you, for all the time you took out of your schedule to aid me. I also thank you for the additional tips you have given me to prevent re-infection. There is one last question I would like to ask though(I hope I don't sound ungrateful-you've already done so much), and that is: Where do you suggest that I should start a thread to help me regain functionality of Internet Explorer's Main Window( I can only start Explorer using Outlook). I ask that question because I'm assuming that I posted my problem in the wrong forum. I'm new to online forums and I can't tell the difference so, please be so kind as to advise on what to do to solve my IE problem,or where to correctly re-post it.

Note: I've already tried to uninstall and reinstall. but I can't figure out how to uninstall and I'm not sure I'd be able to reinstall.

With Much Gratitude,
Y. H.

Check this thread:
http://www.daniweb.com/techtalkforums/thread27924.html

Slightly different problem, but the same fixes should be tried. There is also a link to reinstalling IE.

My apologies Y. H. I had completely overlooked that problem. Try this as well;


1) find the ie.inf file located in Windows\Inf folder.
2) Right click the ie.inf file and click Install on the context menu.
3) Reboot the computer when the file copy process is complete.

That's it .

Dear, Crunchie

After the amount of time that I was not able to use the main IE window, I truly regard it as a miracle, to see the IE
status bar read:

Opening Page--->loading:Completed,

As can be easily fathomed, I am writing this post using IE, and reveling in it. (To the greatest extent that one may
revel in IE lol ) And, in the spirit of goodness, if I ever come across someone with the same problem I have had,
I will pass onto them, the solution that you have provided me with.


I believe that every good technician would like to be aware of exactly how things run, in order that he or she
might learn, whatever there is to learn, from every procedure. For that reason I am providing you with all the
details of the prescribed procedure from start to finish:

1) I found the ie.inf file located in the (I have XP pro.) WINNT\Inf folder.
2) I Right clicked the ie.inf file and clicked Install on the context menu.
3) The file copy process completed.
4) I Received the following error message:
http://us.f3.yahoofs.com/users/428d7...WIw1CB3XDm6yDN
5) I Left Clicked Cancel
6) I Rebooted the computer
7) Internet Explorer was ressurected from the dust (of my inf file).

To: Anybody who happens to read this post, days, weeks, or years from today:

If you have the same problem as me, and can't seem to solve it, follow Crunchie's directions as listed
in the post above this one. Don't be afraid to try it; it worked for me, and it just might work for you.


To: Crunchie

I could thank you a million times, but then I'd just sound like a moron (nevermind waste your time, and tire your
ears)
So..... I guess I'll just thank you once

Thank You Crunchie, You've been a great help.

Sincerely,
Joseph (a.k.a. Y.H.)