[Koretek]

Ok listen Boom,

I know its very annoying and its makes ya kinda nuts but you cant clean this up while we are working, other wise the log is going to keep changing and we will be doing ten times the work Ok?
I know you understand because you are certainly no dummie and I see in your post where you are saying Ill wait till I hear from you so I just wrote this so you would understand why you shouldnt stay cleaning this stuff or attempting to on your own. We will in the end get it all and it will be quicker for us both. Ok, I will get back to you on this problem after I analyze the log you hang in there tiger!!

[Advertisements]

Hey Boomster,
This log is starting to look pretty good now!

2 quick Questionz here tho:

Q1> Do you use this Linksys thing? It is something you added and use regularly?
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

Q2> This AOL Dialer, are you a dial up user and use AOL? This is also something you added yes? Cuz if not we should get rid of them BUT please dont till we talk Ok?

Click on Fix Checked and exit HijackThis:

O20 - Winlogon Notify: draw32 - C:\WINDOWS\SYSTEM32\draw32.dll

Please Reboot into safemode

Safe Mode
Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 continuously until you see the Windows Advanced Menu:
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.

"View of All Files and Folders"
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Using Windows Explorer, locate the following files/folders, and delete them if found:

C:\WINDOWS\System32\wigggy.exe
C:\WINDOWS\SYSTEM32\draw32.dll

Added note here:
When you dont find an entry I would suggest "searching your system" and making sure it indeed does not exist Ok? The folders will be obvious in the "Program" section most of the time, also originally this all started from something you downloaded and thats why its kinda important that you find it, I think the MSN Beta already did and removed it but there should be leftovers somewhere.

So search for AdDestroyer and VirtualBouncer and see what you get. Also most of the time that soemthing wont delete its because it is running, thats why we ask that people close all windows and enter safe mode because in safe mode the nasties cant usually stay running. If possible you can stop the processes running from the Task Manager in normal mode if you know how to use that:
Alt+Ctrl+Delete = Task Manager.
Problem is sometimes other files are creating or making them run as quick as we can close them and so Safe Mode is our best bet.

Ok so try the safe mode way first and if it doesnt work then Ill find you another way of entering safe mode or maybe you can delete them as I just described.
Also we better run another check when we are through to make sure that your clean entirely.

Use this also:

RUN (in your PC) "CleanMgr" rids temp files

Clean up Temporary Internet Files, Temporary Files, and the Recycle Bin periodically. Use the Disk Cleanup utility, as follows:
-Click Start>Run
-In the Open box, key in: cleanmgr
-Click: OK
-Place a check next to the categories mentioned above
-Click OK
-Click: Yes to proceed with the action

Make sure you have dumped your recycle bin.

Please post a new HijackThis Log so we can check it out for you!

[Koretek]

Hey Boomster,
This log is starting to look pretty good now!

2 quick Questionz here tho:

Q1> Do you use this Linksys thing? It is something you added and use regularly?
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

Q2> This AOL Dialer, are you a dial up user and use AOL? This is also something you added yes? Cuz if not we should get rid of them BUT please dont till we talk Ok?

Click on Fix Checked and exit HijackThis:

O20 - Winlogon Notify: draw32 - C:\WINDOWS\SYSTEM32\draw32.dll

Please Reboot into safemode

Safe Mode
Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 continuously until you see the Windows Advanced Menu:
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.

"View of All Files and Folders"
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Using Windows Explorer, locate the following files/folders, and delete them if found:

C:\WINDOWS\System32\wigggy.exe
C:\WINDOWS\SYSTEM32\draw32.dll

Added note here:
When you dont find an entry I would suggest "searching your system" and making sure it indeed does not exist Ok? The folders will be obvious in the "Program" section most of the time, also originally this all started from something you downloaded and thats why its kinda important that you find it, I think the MSN Beta already did and removed it but there should be leftovers somewhere.

So search for AdDestroyer and VirtualBouncer and see what you get. Also most of the time that soemthing wont delete its because it is running, thats why we ask that people close all windows and enter safe mode because in safe mode the nasties cant usually stay running. If possible you can stop the processes running from the Task Manager in normal mode if you know how to use that:
Alt+Ctrl+Delete = Task Manager.
Problem is sometimes other files are creating or making them run as quick as we can close them and so Safe Mode is our best bet.

Ok so try the safe mode way first and if it doesnt work then Ill find you another way of entering safe mode or maybe you can delete them as I just described.
Also we better run another check when we are through to make sure that your clean entirely.

Use this also:

RUN (in your PC) "CleanMgr" rids temp files

Clean up Temporary Internet Files, Temporary Files, and the Recycle Bin periodically. Use the Disk Cleanup utility, as follows:
-Click Start>Run
-In the Open box, key in: cleanmgr
-Click: OK
-Place a check next to the categories mentioned above
-Click OK
-Click: Yes to proceed with the action

Make sure you have dumped your recycle bin.

Please post a new HijackThis Log so we can check it out for you!

[BoomCackle]

The Linksys monitor is more my wireless USB adapter. I'm not sure about this exact program.

I had AOL on that computer in the past, but it is no longer used.

Hopefully that helps.

[BoomCackle]

Wiggy.exe could not be found in the system32 folder nor by searching for it.

draw32.dll could not be deleted in safe mode. I ended all the processes that I could and i still couldnt delete it.

In HijackThis, did you want me to check everything and fix it or just those 2 things mentioned?

And the HijackThis post will follow.

[BoomCackle]

ALright. hows this s*** looking??


Logfile of HijackThis v1.99.1
Scan saved at 7:15:02 PM, on 3/1/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\huiiiy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\default\My Documents\download\HijackThis.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://miscam.csom.u...sCamControl.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O20 - Winlogon Notify: draw32 - C:\WINDOWS\SYSTEM32\draw32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54Gv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv2.exe (file missing)