Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ide21201.vxd


  • This topic is locked This topic is locked

#1
buckt

buckt

    Member

  • Member
  • PipPip
  • 23 posts
Hi all,

This looks like a great site, I'm sure someone can help.

I've run all the spyware/anti-virus/malware programs, and also have tried using Registry Mechanic hoping that would help, but no.

I can't seem to get rid of ide21201.vxd and I think it's causing driver issues.

Any help would be much appreciated.

Here's my logfile:

Logfile of HijackThis v1.99.1
Scan saved at 11:22:21 AM, on 4/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Ahead\InCD\InCDsrv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
H:\Program Files\Ahead\InCD\InCD.exe
H:\Program Files\Media Access\MediaAccK.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe
H:\Program Files\Media Access\MediaAccess.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Documents and Settings\JT\Desktop\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro...0R&zoommode=pan
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = H:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = H:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.wundergro...y, TX&type=N0R"); (H:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\41bt8evi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://H%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (H:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\41bt8evi.slt\prefs.js)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [InCD] H:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Media Access] H:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HighPoint ATA RAID Management Software.lnk = H:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VTAgentReboot.exe
O8 - Extra context menu item: &Google Search - res://h:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://h:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://h:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://h:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://kaldm1-web.f...0018/iNotes.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....42037/sb028.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1092958210928
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - H:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - H:\Program Files\Intel\NCS\Sync\NetSvc.exe
  • 0

Advertisements


#2
little eagle

little eagle

    Member

  • Member
  • PipPipPip
  • 170 posts

Should you need instructions for ;
Showing hidden files and folders in Windows.
Reboot in safe mode.
How to set up a HijackThis folder correctly to make backups.
Scan with Spybot S&D and Ad-Aware
How To Print Fix Instructions
Click the underlined links above.


Reboot in safe mode.
Close all Browser and Program Windows and have HijackThis fix the following.
Do this by checking the box beside each and then clicking on Fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = H:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = H:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
O4 - HKLM\..\Run: [Media Access] H:\Program Files\Media Access\MediaAccK.exe
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....42037/sb028.cab




Delete the following folder(s) listed.
Then click start>my computer>local disk
(then follow the path)or Using Windows Explorer, locate the following , and delete them:
H:\Program Files\Media Access


Download and install then run CCleaner
Under windows tab check internet explorer, windows explorer, and system.
then click Run Cleaner.

Reboot and Rescan with HJT and post a new log here.
Also please describe how your computer behaves now.

  • 0

#3
buckt

buckt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thanks for the help Little Eagle.

I'll try this tonight when I get to the house and let you know what turns up.

One quick question about setting up HJT correctly...
When I right click in explorer, explorer crashes making it difficult to create the HJT folder in the root directory.
Any suggestions on how to get around this?
  • 0

#4
buckt

buckt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I tried to do the suggested procedure, but ran into a snag - Windows will not boot into safe mode.:tazz:

I can get to the screen to select safe mode but upon selection, a list of drives scrolls by and then the PC reboots and brings me to a screen similar to one where I can select safe mode, but with a timer. Normal mode works, but no safe mode.

What's next?
  • 0

#5
little eagle

little eagle

    Member

  • Member
  • PipPipPip
  • 170 posts
Try the fix with out going into self mode.
  • 0

#6
buckt

buckt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here's the latest....

Logfile of HijackThis v1.99.1
Scan saved at 2:14:13 PM, on 4/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Ahead\InCD\InCDsrv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
H:\Program Files\Ahead\InCD\InCD.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
H:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe
H:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\wuauclt.exe
H:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro...0R&zoommode=pan
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.wundergro...y, TX&type=N0R"); (H:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\41bt8evi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://H%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (H:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\41bt8evi.slt\prefs.js)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [InCD] H:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HighPoint ATA RAID Management Software.lnk = H:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpeedUpMyPC.lnk = H:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: VTAgentReboot.exe
O8 - Extra context menu item: &Google Search - res://h:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://h:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://h:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://h:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://kaldm1-web.f...0018/iNotes.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1092958210928
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - H:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - H:\Program Files\Intel\NCS\Sync\NetSvc.exe


Right clicking on the desktop or in explorer will crash explorer and bring up the Dr Watson Postmorten Debugger window.
  • 0

#7
little eagle

little eagle

    Member

  • Member
  • PipPipPip
  • 170 posts
Are you running a paid version of TDS-3.?

Go here and run online scans, allow them to delete whatever they find:

TrendMicro HouseCall
eTrust AntiVirus Web Scanner

Note any thing that can't be fixed
Reboot when done. Rescan with HJT and post a new log here.
  • 0

#8
buckt

buckt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I don't think I running any form of TDS-3. I didn't even know what it was before I googled it.

I was called into work this morning, so I'll run the online scans when I get home.

Thanks for your help thusfar little eagle - it's very much appreciated.
  • 0

#9
buckt

buckt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
The latest log file...


Logfile of HijackThis v1.99.1
Scan saved at 6:48:53 PM, on 4/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Ahead\InCD\InCDsrv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
H:\Program Files\Ahead\InCD\InCD.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe
H:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\explorer.exe
H:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro...0R&zoommode=pan
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.wundergro...y, TX&type=N0R"); (H:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\41bt8evi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://H%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (H:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\41bt8evi.slt\prefs.js)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [InCD] H:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HighPoint ATA RAID Management Software.lnk = H:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpeedUpMyPC.lnk = H:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: VTAgentReboot.exe
O8 - Extra context menu item: &Google Search - res://h:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://h:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://h:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://h:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://kaldm1-web.f...0018/iNotes.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1092958210928
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - H:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - H:\Program Files\Intel\NCS\Sync\NetSvc.exe

Trendmirco found nothing, eTrust found one and deleted it - win32.sillydl.

Right clicking still causes crashes, also internet is extremely slow.
  • 0

#10
little eagle

little eagle

    Member

  • Member
  • PipPipPip
  • 170 posts
Download Hoster by Toadbee at http://members.aol.c...dbee/hoster.zip
extract it to your desktop and run it. Click restore original host.
  • 0

Advertisements


#11
buckt

buckt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I am not having much luck here - I'm not getting a good download of the hoster file. I've tried several times to get a good download, first with IE with but got an address could not be found message. I downloaded Firefox and it downloads the file, but Winzip won't extract it.

Any suggestions?

AVG, Adaware and spybot are showing no problems - ide21201.vxd appears to be gone, but right clicking on any blank area of Explorer crashes the window and Dr Watson shows up. Right click on a file and the menus come up fine. The internet seems a bit faster with Firefox but not what it should be.

Here's the latest... and I'll keep trying to download Hoster.

Logfile of HijackThis v1.99.1
Scan saved at 9:21:44 PM, on 4/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Ahead\InCD\InCDsrv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
H:\Program Files\Ahead\InCD\InCD.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
H:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe
H:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\explorer.exe
H:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro...0R&zoommode=pan
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.wundergro...y, TX&type=N0R"); (H:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\41bt8evi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://H%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (H:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\41bt8evi.slt\prefs.js)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [InCD] H:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HighPoint ATA RAID Management Software.lnk = H:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpeedUpMyPC.lnk = H:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: VTAgentReboot.exe
O8 - Extra context menu item: &Google Search - res://h:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://h:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://h:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://h:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://kaldm1-web.f...0018/iNotes.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1092958210928
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - H:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - H:\Program Files\Intel\NCS\Sync\NetSvc.exe
  • 0

#12
drew2815

drew2815

    Member

  • Member
  • PipPipPip
  • 112 posts
ok, i had that file once. I think you have Windows AdStatus. Go to Ad/Remove Programs. Then delete Windows AdStatus if there. Then go to C:Programs Files and look for Windows AdStatus if there. Then go to the C:WINDOWS folder and delete the ide21201.vxd file and then delete the Test.exe file if there. Then restart. If you have the same spyware that I had, Windows AdStatus, then that will do the trick.
  • 0

#13
little eagle

little eagle

    Member

  • Member
  • PipPipPip
  • 170 posts
Start Spybot >Cilck mode>check advanced mode >click tools>hosts file> www.dcsresearch.com> remove selected.

Postt another log.

Edited by little eagle, 11 April 2005 - 08:51 PM.

  • 0

#14
buckt

buckt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:09:26 PM, on 4/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Ahead\InCD\InCDsrv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
H:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Ahead\InCD\InCD.exe
H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe
H:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
H:\WINDOWS\system32\ZoneLabs\vsmon.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\HijackThis.exe
H:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro...0R&zoommode=pan
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.wundergro...y, TX&type=N0R"); (H:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\41bt8evi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://H%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (H:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\41bt8evi.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [InCD] H:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HighPoint ATA RAID Management Software.lnk = H:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\raidman.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpeedUpMyPC.lnk = H:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: VTAgentReboot.exe
O8 - Extra context menu item: &Google Search - res://h:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://h:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://h:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://h:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://kaldm1-web.f...0018/iNotes.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akama...iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1092958210928
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/p.../v13/ticker.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - H:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - H:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - H:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#15
buckt

buckt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
No change in known problems.

It looks like ide21201.vxd has been taken care of, it hasn't shown up after the last couple of reboots :tazz: Much thanks little eagle.

Now we just need to rid it of the Dr Waston errors.

Edited by buckt, 12 April 2005 - 08:44 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP