Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Constant blue screens. HiJackThis Log [CLOSED]

Started by JustinIsMe , Jul 15 2005 03:34 PM

  • This topic is locked This topic is locked

#1
JustinIsMe
Posted 15 July 2005 - 03:34 PM

JustinIsMe

    Member

  • Member
  • PipPip
  • 15 posts
I just got 3 blue screens in the last hour. The past 2 weeks I have been getting blue screens daily, I have no idea what is wrong. I regularly run "CleanUp" , "Ad-Aware" and sometimes Spybot search and destroy. Recently I have and a new Logitech wireless mouse and keyboard, aswell as a new wireless Linksys network adapter. I was thinking it may have been the logitech mouse because it failed to respond so I had to use my old mouse, but I am not completely sure as it is still giving me blue screens.

Logfile of HijackThis v1.99.1
Scan saved at 2:29:46 PM, on 15/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Linksys\WUSB11 Config Utility\WUSB11Cfg.exe
C:\WINDOWS\SYSTEM32\monitorsmc.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\cidaemon.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {79BF6AC8-BFC2-454C-9B67-A7195952E175} - (no file)
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\SMC\EZ Connect Wireless\Config.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless USB Network Adapter Config Utility.lnk = ?
O4 - Global Startup: WLAN Monitor & Configuration.lnk = C:\WINDOWS\SYSTEM32\monitorsmc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.eofans.tk
O15 - Trusted Zone: http://www.freewebs.com
O15 - Trusted Zone: http://www.mirc-scripts.de
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} - http://www.begin2sea...ar/winb2s32.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} - http://secure2.comne...iveSekurity.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip....pGameLoader.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {683DFF0F-331F-44D2-B69B-46D7BFB58F32} - http://www.advnt01.c...canada_ver3.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} - http://www.interbusc...all/toolbar.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe" "WUSB54G.exe (file missing)
  • 0

Advertisements

#2
TomNJ
Posted 22 July 2005 - 10:19 AM

TomNJ

    Visiting Staff

  • Member
  • PipPipPip
  • 436 posts
Welcome to GeeksToGo :tazz: My name is Tom. You have several infections.

Lets start out with some general scans and see if we cant clean things up a little.

+++++ Step 1 +++++

Please download Ewido security suite it is a trial version of the program.
  • Install Ewido security suite
  • Launch Ewido, there should be an icon on your desktop double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
+++++ Step 2 +++++

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++ Step 3 +++++

Update HiJackThis
  • Open HiJackThis
  • Click Open the Misc Tools Section
  • Click Check for update online
+++++ Step 4 +++++

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

If you have recieved help elsewhere or no longer need our assistance, please let us know.
  • 0

#3
JustinIsMe
Posted 22 July 2005 - 07:48 PM

JustinIsMe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi, thanks for the response. Here's my of logs after the scans. And I also used the TrendMicro Online scan which detected nothing.

Ewido
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:26:14 PM, 22/07/2005
+ Report-Checksum: 1EC9C660

+ Scan result:

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{07E9CDF4-20D2-46B1-B681-663968F527CE} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{683DFF0F-331F-44D2-B69B-46D7BFB58F32} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKU\S-1-5-21-470889321-1261155173-2883682711-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-470889321-1261155173-2883682711-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
:mozilla.33:C:\Documents and Settings\JustinRox\Application Data\Mozilla\Firefox\Profiles\i229b2pa.JC\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.34:C:\Documents and Settings\JustinRox\Application Data\Mozilla\Firefox\Profiles\i229b2pa.JC\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.35:C:\Documents and Settings\JustinRox\Application Data\Mozilla\Firefox\Profiles\i229b2pa.JC\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.37:C:\Documents and Settings\JustinRox\Application Data\Mozilla\Firefox\Profiles\i229b2pa.JC\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.38:C:\Documents and Settings\JustinRox\Application Data\Mozilla\Firefox\Profiles\i229b2pa.JC\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.39:C:\Documents and Settings\JustinRox\Application Data\Mozilla\Firefox\Profiles\i229b2pa.JC\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.59:C:\Documents and Settings\JustinRox\Application Data\Mozilla\Firefox\Profiles\i229b2pa.JC\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.60:C:\Documents and Settings\JustinRox\Application Data\Mozilla\Firefox\Profiles\i229b2pa.JC\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.64:C:\Documents and Settings\JustinRox\Application Data\Mozilla\Firefox\Profiles\i229b2pa.JC\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.65:C:\Documents and Settings\JustinRox\Application Data\Mozilla\Firefox\Profiles\i229b2pa.JC\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.78:C:\Documents and Settings\JustinRox\Application Data\Mozilla\Firefox\Profiles\i229b2pa.JC\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.89:C:\Documents and Settings\JustinRox\Application Data\Mozilla\Firefox\Profiles\i229b2pa.JC\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.93:C:\Documents and Settings\JustinRox\Application Data\Mozilla\Firefox\Profiles\i229b2pa.JC\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.94:C:\Documents and Settings\JustinRox\Application Data\Mozilla\Firefox\Profiles\i229b2pa.JC\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.95:C:\Documents and Settings\JustinRox\Application Data\Mozilla\Firefox\Profiles\i229b2pa.JC\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\JustinRox\Cookies\justinc@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP344\A0078271.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP376\A0081410.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\WinServAdX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\WinServAdX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\WinServAdX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WinServAdX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\gx9fzj83m9.exe -> Spyware.EliteBar : Cleaned with backup


::Report End
-----------------------------------------------

Hijack this

Logfile of HijackThis v1.99.1
Scan saved at 6:36:59 PM, on 22/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Linksys\WUSB11 Config Utility\WUSB11Cfg.exe
C:\WINDOWS\SYSTEM32\monitorsmc.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {79BF6AC8-BFC2-454C-9B67-A7195952E175} - (no file)
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\SMC\EZ Connect Wireless\Config.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless USB Network Adapter Config Utility.lnk = ?
O4 - Global Startup: WLAN Monitor & Configuration.lnk = C:\WINDOWS\SYSTEM32\monitorsmc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.eofans.tk
O15 - Trusted Zone: http://www.freewebs.com
O15 - Trusted Zone: http://www.mirc-scripts.de
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} - http://secure2.comne...iveSekurity.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip....pGameLoader.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} - http://www.interbusc...all/toolbar.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe" "WUSB54G.exe (file missing)
-------------------------------------------

Uninstall_list from Hijackthis
Ad-Aware SE Personal
Adobe Acrobat 5.0
AMX Mod X Installer 1.0
AntiVir/XP
AOL
AOL Instant Messenger
BrainBread v1.2
Broadcom Advanced Control Suite
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CleanUp!
Conexant Data Fax MiniPCI V.92 Modem
Configuration Utility
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support 5.0.0 (766)
Digital Line Detect
DivX
DivX Player
DVDSentry
Easy CD Creator 5 Basic
ewido security suite
Half-Life: Counter-Strike
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HLSW v1.0.0.43
Hometown Hotties Top Five 2004 Screen Saver
Hometown_Hotties_Winners_2004 Screen Saver
HoverIP v1.0 beta
HTTP-Tunnel 2.10.0070
HTTP-Tunnel NG
Intel® Extreme Graphics 2 Driver
iPod for Windows 2005-03-23
iPod for Windows User Guide
iPod System Software Updater 2.1
iPod Updater 2004-08-06
iTunes
Java 2 Runtime Environment, SE v1.4.2
LimeWire
LimeWire 4.8.1
Linksys Wireless-G USB Network Adapter
Logitech iTouch Software
Logitech MouseWare 9.75
Macromedia Shockwave Player
Mall Tycoon
MapleStory
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
Microsoft Windows Journal Viewer
mIRC
Modem Helper
Mozilla Firefox (1.0.4)
Mozilla Thunderbird (0.9)
MPIO Manager 2
MS Access 97 SP2
MSN Gaming Zone
MSN Messenger 7.0
MUSICMATCH® Jukebox
NetWaiting
Network Play System (Patching)
Paint Shop Pro 7
PowerDVD
Quicken 2002 New User Edition
QuickTime
RealOne Player
Roxio VideoWave Movie Creator
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Shockwave
SimCity 3000 Unlimited
SMC2632W V.2 Wireless PC Card
SMC2662W V.2 EZ Connect 11 Mbps Wireless USB Adapter
Spybot - Search & Destroy 1.3
Steam
TeamSpeak 2 RC2
The Battle Grounds
The Sims File Cop
The Sims Hot Date
The Sims Make A Date
The Specialists Beta 2.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Ventrilo
Viewpoint Media Player (Remove Only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB821253
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Hotfix (SP2) Q814995
Windows XP Service Pack 2
WinRAR archiver
WinZip
Wireless USB Network Adapter Configuration Utility
WordPerfect Office 11

----------------------------
Thanks for the help so far, hopefully I won't need anymore.
  • 0

#4
TomNJ
Posted 23 July 2005 - 05:06 AM

TomNJ

    Visiting Staff

  • Member
  • PipPipPip
  • 436 posts
OK we are getting there. Please follow the instructions below.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

You also have a CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download and install CleanUp! If you don't already have it.Here

Save all of these files somewhere you will remember like to the Desktop.

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows.

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.
  • 0

#5
JustinIsMe
Posted 23 July 2005 - 08:59 PM

JustinIsMe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
When I ran about:buster, it had an error removing the file C:\WINDOWS\system32\msefdm.dll. When I ran CWShredder it detected nothing.

All three logfiles were the following, all were done in safe mode and also the one after reboot. Not going to bother posting them as they were exactly the same.

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 31

No ADS found on system
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Error Removing! : C:\WINDOWS\system32\msefdm.dll
Attempted Clean Of Temp folder.
Pages Reset... Done!

Here is the HIjackThisLog not sure if it has changed.

Logfile of HijackThis v1.99.1
Scan saved at 7:53:34 PM, on 23/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Linksys\WUSB11 Config Utility\WUSB11Cfg.exe
C:\WINDOWS\SYSTEM32\monitorsmc.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\cidaemon.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {79BF6AC8-BFC2-454C-9B67-A7195952E175} - (no file)
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\SMC\EZ Connect Wireless\Config.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless USB Network Adapter Config Utility.lnk = ?
O4 - Global Startup: WLAN Monitor & Configuration.lnk = C:\WINDOWS\SYSTEM32\monitorsmc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.eofans.tk
O15 - Trusted Zone: http://www.freewebs.com
O15 - Trusted Zone: http://www.mirc-scripts.de
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} - http://secure2.comne...iveSekurity.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip....pGameLoader.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} - http://www.interbusc...all/toolbar.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe" "WUSB54G.exe (file missing)



Thanks for helping me so far.
  • 0

#6
TomNJ
Posted 25 July 2005 - 06:16 AM

TomNJ

    Visiting Staff

  • Member
  • PipPipPip
  • 436 posts
OK Lets try this.

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {79BF6AC8-BFC2-454C-9B67-A7195952E175} - (no file)
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} - http://secure2.comne...iveSekurity.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab

Click on Fix Checked when finished and exit HijackThis.

Please reboot the system.

Post back a fresh HijackThis log and we will take another look.
  • 0

#7
JustinIsMe
Posted 26 July 2005 - 03:20 PM

JustinIsMe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
After deleting and rebooting

Logfile of HijackThis v1.99.1
Scan saved at 2:16:24 PM, on 26/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Linksys\WUSB11 Config Utility\WUSB11Cfg.exe
C:\WINDOWS\SYSTEM32\monitorsmc.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\SMC\EZ Connect Wireless\Config.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless USB Network Adapter Config Utility.lnk = ?
O4 - Global Startup: WLAN Monitor & Configuration.lnk = C:\WINDOWS\SYSTEM32\monitorsmc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.eofans.tk
O15 - Trusted Zone: http://www.freewebs.com
O15 - Trusted Zone: http://www.mirc-scripts.de
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip....pGameLoader.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} - http://www.interbusc...all/toolbar.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe" "WUSB54G.exe (file missing)
  • 0

#8
Excal
Posted 29 July 2005 - 11:46 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Justin,

TomNJ had to leave town unexpectedly and asked me to take over your log.

Are you familiar with this website? - O15 - Trusted Zone: http://www.eofans.tk
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\SYSTEM32\monitorsmc.exe
  • Click on the submit button
  • Please post the results in your next reply.
Open HiJackthis and do a scan. Check off the following items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Click FIX CHECKED and close HiJackthis

Run this online virus scan: ActiveScan - Save the results from the scan!


Can you let me know what problems, if any, your are having with your computer now.


Thanks,

:tazz:

Excal
  • 0

#9
Excal
Posted 12 August 2005 - 04:17 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP