[admin]

Well the Trojan appears to be gone!

Looks like you may have missed fixing these entries. Fix using Hijack This:
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\jason\Local Settings\Temp\U.dll (file missing)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)

Reboot and post a new log when finished.

[Advertisements]

I just tried to erase those files and I erased them and I tried twice, but those 3 files keep coming back! What should I do? Also should I try download Windows Service Pack 2? Last time I tried to download it came up with an error before I was done downloading.

[Brewman]

I just tried to erase those files and I erased them and I tried twice, but those 3 files keep coming back! What should I do? Also should I try download Windows Service Pack 2? Last time I tried to download it came up with an error before I was done downloading.

[Brewman]

Also when I tried to download SP2 it couldn't download because it said my system was unstable and I would need to go to add/remove programs, to erase a previously not fully installed update. But I can't go in to add/remove programs because it says this program is not associated with a program.

[mpfeif101]

Please post a new log.

[Brewman]

Great news!!! I finally got rid of those pesky files. Although the bad news is that I still can't click on files without getting that message file not associated with anything. Here is my new log:

Logfile of HijackThis v1.98.2
Scan saved at 11:24:48 PM, on 11/16/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\Documents and Settings\jason\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLinkTotalAccess\elnIE.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLinkTotalAccess\PnEL.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLinkTotalAccess\PnEL.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [search page] http://www.microsoft...=ie&ar=iesearch
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094619181401
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab

Whats my next step?

[Brewman]

hello?

[admin]

Follow the instructions from Microsoft here.

When finished, reboot and re-install SP2.

[Brewman]

Is that all I need to do then, it should be all working then?

[admin]

Let us know if you're successful installing SP2, and how your system works. Also, post a fresh Hijack This log after SP2's installed.

I'm guessing you're in the clear, and SP2 will repair your Windows troubles.

[Brewman]

Ok this is the update.... I was able to install Service Pack 2, with no errors. Then when i let it restart it came up with a couple errors mostly saying that windows cannot open files like for example rundll32.exe. The bad news is I am still having the trouble when I click to run a program it comes up and says this program does not have an application associated with it. Here is my new log file:

Logfile of HijackThis v1.98.2
Scan saved at 2:03:34 AM, on 11/17/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Documents and Settings\jason\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLinkTotalAccess\elnIE.dll
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - (no file)
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLinkTotalAccess\PnEL.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLinkTotalAccess\PnEL.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [search page] http://www.microsoft...=ie&ar=iesearch
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094619181401
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab

Let me know what you think I next should do

[Smokey]

Put your Windows XP CD in you PC and:

1. Close all open windows
2. Go to "Start", then "Run"
3. Type "sfc.exe /scannow" and press enter
4. After it's done, restart and see if the problem persists

What this does is scans and verifies the versions of all protected system files and fixes what needs to be fixed.

[Brewman]

Can someone please help?

[admin]

Try the fix in this link:
http://www.dougknox....p_easy_file.htm

You can download a BAT file (zipped) that will restore all of the "default" associations that XP ships with. It will not restore those file associations created by 3rd party applications.

[admin]

Via PM:

Hey I tried your advice with the associating files thing, and it still is coming up with the same error. Any more suggestions?

Please don't PM staff members, as it doesn't help others that may have the same problem.

Your Windows installation was likely damaged by a trojan or virus, and needs to be repaired or reinstalled. We've done all we can without a Windows XP Pro CD. If you don't have, or can't find one, you'll need to purchase one. Then we can perform a system file check, or repair installation.

[Brewman]

I am sorry and I appreciate all your help you have given me. But I am so frustrated I have now been working on this for the last 2 weeks, and I feel like we have gotton so close to figuring out the problem but have not quite got to our goal. So you don't have any more suggestions then, I just need to find the Windows XP cd? Also, if I do find it what do I do?

Thanks again for all your help!
Jason