The file C:\Program Files\sder\dees.exe is nowhere to be found. I see that it is running but there is nothing in the sder folder other than another folder called htdr. I do not have a search feature with Windows as it gives me the following error:
"A file that is required to run Search Companion cannot be found. You may need to run setup."
If searched worked I could possibly find the file. Just a note the file is also not there in safe mode.
Here is my ewido log...I did not fix any problems after the scan:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:58:58 PM, 6/7/2005
+ Report-Checksum: CED392BD
+ Date of database: 6/7/2005
+ Version of scan engine: v3.0
+ Duration: 61 min
+ Scanned Files: 58469
+ Speed: 15.92 Files/Second
+ Infected files: 20
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP30\A0004732.exe -> Spyware.Adstart -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP31\A0010776.exe -> Spyware.Adstart -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP33\snapshot\MFEX-1.DAT -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP34\snapshot\MFEX-1.DAT -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP35\snapshot\MFEX-1.DAT -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP36\snapshot\MFEX-1.DAT -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP37\snapshot\MFEX-1.DAT -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP38\A0012185.dll -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP38\A0013185.dll -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP38\snapshot\MFEX-1.DAT -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP47\A0015760.exe -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP51\A0026751.exe -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP51\A0026752.dll -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP51\A0026754.dll -> TrojanDownloader.Qoologic.p -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP51\A0026755.cpl -> TrojanDownloader.Qoologic.p -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP51\A0026758.exe -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP51\A0026759.dll -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{EA00B1D7-5162-4C9B-8E64-FE52F4116458}\RP52\A0027795.exe -> Spyware.Adstart -> Ignored
C:\WINDOWS\system32\adstartup.exe -> Spyware.Adstart -> Ignored
C:\WINDOWS\system32\CDM\lhlcwdpmsa.exe -> Spyware.SmartPops -> Ignored
::Report End
HIJACKTHIS Log:
Logfile of HijackThis v1.99.1
Scan saved at 12:04:39 AM, on 6/8/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\sder\dees.exe
C:\Documents and Settings\ross cunningham\Desktop\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....467&clcid=0x409O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) -
http://www.pcpitstop.com/mhLbl.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Program Files\Spyware_Removal\ewido security suite\ewidoctrl.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE