Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Weird XP thing... XP CD 400 miles away in storage.

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 5 posts
Hey all...

So I downloaded the trial version of Ewido to remove some fun spyware/adware, and after the scan completed, and I restarted my computer, it just isn't the same.

The start bar on the (normally) bottom of the screen is non existant. All desktop icons are gone. My desktop picture, however, is there and is as beautiful as ever.

When I open the task manager and click file-run, and then browse, all of my desktop icons are there, and all my programs are there (hence how I was able to run Firefox...), but nothing else is right.

Is it possible that Ewido deleted the program that runs all of the start bar/ desktop icons? (I believe it's Explorer or something, which is normally in the task manager, but currently isn't...).

I would just run the XP repair thingie on the XP CD, however, I just moved, and all of my software is still 400 miles away, and I'm not planning on going up there anytime soon.

Any chance of a quick fix at all?


Branson :tazz:
  • 0




    Retired Staff

  • Retired Staff
  • 11,365 posts
can you download and run hijackthis using the above awkward method....post a log here...
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here you go....

What's up with all of the Google sites?

One of the big problems that I've been having is hijacked (correct term, I don't know) search engine results, leading to other search engines... ie... search for 'booger'... ton of results such as 'find booger at lycos'... 'find booger on ebay'. stuff like that.

Thanks for the help, I really appreciate it.

Logfile of HijackThis v1.99.1
Scan saved at 11:48:45 PM, on 6/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O1 - Hosts: www.google.ae
O1 - Hosts: www.google.am
O1 - Hosts: www.google.as
O1 - Hosts: www.google.at
O1 - Hosts: www.google.az
O1 - Hosts: www.google.be
O1 - Hosts: www.google.bi
O1 - Hosts: www.google.ca
O1 - Hosts: www.google.cd
O1 - Hosts: www.google.cg
O1 - Hosts: www.google.ch
O1 - Hosts: www.google.ci
O1 - Hosts: www.google.cl
O1 - Hosts: www.google.co.cr
O1 - Hosts: www.google.co.hu
O1 - Hosts: www.google.co.il
O1 - Hosts: www.google.co.in
O1 - Hosts: www.google.co.je
O1 - Hosts: www.google.co.jp
O1 - Hosts: www.google.co.ke
O1 - Hosts: www.google.co.kr
O1 - Hosts: www.google.co.ls
O1 - Hosts: www.google.co.nz
O1 - Hosts: www.google.co.th
O1 - Hosts: www.google.co.ug
O1 - Hosts: www.google.co.uk
O1 - Hosts: www.google.co.ve
O1 - Hosts: www.google.com
O1 - Hosts: www.google.com.ag
O1 - Hosts: www.google.com.ar
O1 - Hosts: www.google.com.au
O1 - Hosts: www.google.com.br
O1 - Hosts: www.google.com.co
O1 - Hosts: www.google.com.cu
O1 - Hosts: www.google.com.do
O1 - Hosts: www.google.com.ec
O1 - Hosts: www.google.com.fj
O1 - Hosts: www.google.com.gi
O1 - Hosts: www.google.com.gr
O1 - Hosts: www.google.com.gt
O1 - Hosts: www.google.com.hk
O1 - Hosts: www.google.com.ly
O1 - Hosts: www.google.com.mt
O1 - Hosts: www.google.com.mx
O1 - Hosts: www.google.com.my
O1 - Hosts: www.google.com.na
O1 - Hosts: www.google.com.nf
O1 - Hosts: www.google.com.ni
O1 - Hosts: www.google.com.np
O1 - Hosts: www.google.com.pa
O1 - Hosts: www.google.com.pe
O1 - Hosts: www.google.com.ph
O1 - Hosts: www.google.com.pk
O1 - Hosts: www.google.com.pr
O1 - Hosts: www.google.com.py
O1 - Hosts: www.google.com.sa
O1 - Hosts: www.google.com.sg
O1 - Hosts: www.google.com.sv
O1 - Hosts: www.google.com.tr
O1 - Hosts: www.google.com.tw
O1 - Hosts: www.google.com.ua
O1 - Hosts: www.google.com.uy
O1 - Hosts: www.google.com.vc
O1 - Hosts: www.google.com.vn
O1 - Hosts: www.google.de
O1 - Hosts: www.google.dj
O1 - Hosts: www.google.dk
O1 - Hosts: www.google.es
O1 - Hosts: www.google.fi
O1 - Hosts: www.google.fm
O1 - Hosts: www.google.fr
O1 - Hosts: www.google.gg
O1 - Hosts: www.google.gl
O1 - Hosts: www.google.gm
O1 - Hosts: www.google.hn
O1 - Hosts: www.google.ie
O1 - Hosts: www.google.it
O1 - Hosts: www.google.kz
O1 - Hosts: www.google.li
O1 - Hosts: www.google.lt
O1 - Hosts: www.google.lu
O1 - Hosts: www.google.lv
O1 - Hosts: www.google.mn
O1 - Hosts: www.google.ms
O1 - Hosts: www.google.mu
O1 - Hosts: www.google.mw
O1 - Hosts: www.google.nl
O1 - Hosts: www.google.no
O1 - Hosts: www.google.off.ai
O1 - Hosts: www.google.pl
O1 - Hosts: www.google.pn
O1 - Hosts: www.google.pt
O1 - Hosts: www.google.ro
O1 - Hosts: www.google.ru
O1 - Hosts: www.google.rw
O1 - Hosts: www.google.se
O1 - Hosts: www.google.sh
O1 - Hosts: www.google.sk
O1 - Hosts: www.google.sm
O1 - Hosts: www.google.td
O1 - Hosts: www.google.tm
O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - C:\WINDOWS\xmllib.dll (file missing)
O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\System32\scrsvc.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - Global Startup: rdri.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\cqmres.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0



    Retired Staff

  • Retired Staff
  • 11,365 posts
that log does not look complete.

Well, as for the google, yes, your google searches seem to be redirecting to a server hosted on netsonic.net...mean anything to you?

As for the rest,

O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - C:\WINDOWS\xmllib.dll (file missing)
this was your hijacker...looks like something cleaned it partially out

O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\System32\scrsvc.exe

O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32

O4 - Global Startup: rdri.exe
unknown to me

O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\cqmres.dll
this is likely the cause of your current situation. I suspect this is calling something else, that eiwdo removed.

  • 0



    Retired Staff

  • Retired Staff
  • 11,365 posts
Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE .

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Alright, the malware seems to be all cleared up now, but for some reason I can't get rid of [C:\windows\system32\cqmres.dll] which gerry suggested is probably the cause of my problem.

Anyone have any ideas?



The google search issue seems to be taken care of, thank you!!!
  • 0



    Retired Staff

  • Retired Staff
  • 11,365 posts
the malware people are going to help you with that...looks like you jumped the gun and took them out yourself.

MAC guy---there is a process to this, and the malware folks have it down to a science...be patient.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP