Win32: Trojan Removable?

Ran CCleaner. - NC

DL Hijack and
here are the results:

http://www.hijackthis.de/index.php#anl

and Log file:

Logfile of HijackThis v1.99.1
Scan saved at 1:24:16 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Avast4\ashDisp.exe
D:\Programs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Programs\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Programs\ProSeries05\32bit\TaskSch.exe
C:\WINDOWS\crxf32.exe
D:\Programs\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\winib.exe
C:\Temp\57A.tmp.exe
C:\Temp\579.tmp.exe
D:\Programs\STOPzilla!\STOPzilla.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
d:\Programs\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Programs\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
D:\Programs\Adobe\Acrobat7\Reader\AcroRd32.exe
C:\WINDOWS\system32\hppapml0.exe
C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
C:\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vncvt.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vncvt.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vncvt.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vncvt.dll/sp.html#88449%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vncvt.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Acrobat7\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3DC7127D-0920-C07C-7029-1A227A72D53E} - C:\WINDOWS\system32\sysbg32.dll
O2 - BHO: Class - {AE721233-0FEA-4847-4C92-FDF523518F56} - C:\WINDOWS\system32\appum.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Programs\STOPzilla!\SZIEBHO.dll
O2 - BHO: Class - {F5E4032F-B58E-1B79-B01F-22DB28518DF7} - C:\WINDOWS\sdkjo.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programs\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Programs\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ProTaskScheduler] D:\Programs\ProSeries05\32bit\TaskSch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Programs\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [winib.exe] C:\WINDOWS\system32\winib.exe
O4 - HKLM\..\Run: [579.tmp] C:\Temp\579.tmp.exe
O4 - HKLM\..\Run: [57A.tmp] C:\Temp\57A.tmp.exe
O4 - HKLM\..\Run: [579.tmp.exe] C:\Temp\579.tmp.exe
O4 - HKLM\..\Run: [57A.tmp.exe] C:\Temp\57A.tmp.exe
O4 - HKLM\..\Run: [STOPzilla] D:\Programs\STOPzilla!\STOPzilla.exe /autostart
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\Programs\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Eagle Listener.lnk = D:\Programs\3apps\Catapult\3listen.exe
O4 - Startup: Eagle Scheduler.lnk = D:\Programs\3apps\Catapult\Sched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programs\Adobe\Acrobat7\Reader\reader_sl.exe
O4 - Global Startup: HP LaserJet Director.lnk = D:\Programs\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SonicWALL VPN Client.lnk = D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134803696578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://ceder.us/Remote/msrdp.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crxf32.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

NO DID NOT RUN EDWIDO... TRIED RPGGAMEGIRL SUGGESTION FIRST.

Download AboutBuster:
http://www.malwarebytes.org/AboutBuster.zip
Once downloaded, unzip it, and put the folder on your desktop. Then double-click on the AboutBuster icon to start the program.
Click Begin Removal.
Click Yes. This will shutdown all open Internet Explorer windows.
When the scan is done, click Ok.

COMPLETED.


You should also disable the bad service:"Remote Procedure Call (RPC) Helper"
Go to START > RUN > type in

services.msc - FILE NOT FOUND

Hit OK
In the next window, look on the right hand side for this service name:
Remote Procedure Call (RPC) Helper <-- make sure it has the word Helper in it
Double click on it and STOP the service -- If running.
In the drop down menu, change the startup type to "Disabled"

Post the link to a new Hijackthis log after.
 
Comment from rpggamergirl
Date: 12/31/2005 03:48PM PST
 Comment  


More bad entries here you need to include in the entries to fix:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

NOT FOUND

O2 - BHO: Class - {AE721233-0FEA-4847-4C92-FDF523518F56} - C:\WINDOWS\system32\appum.dll

DELETED
 
RAN AVAST - RESULTS NO INFECTED FILES FOUND IN MEMORY, SCAN C: NO INFECTED FILES.

WILL RUN COMPLETE SCAN TONIGHT, IF OK WILL AWARD 200 - WAR1 300 - RPGGAMEGIRL BY 1/2/06.  AM VERY CAUTIOUS ABOUT DELETING THESE FILES:

C:\WINDOWS\crxf32.exe
C:\WINDOWS\system32\winib.exe

EVERYTHING SEEMS FINE AT THE MOMENT...WHO KNOWS HOW IT WILL BE IN 2006!

THANKS TO BOTH OF YOU AND HAPPY NEW YEAR!

HERE IS MY CURRENT LOG AFTER RUNNING HIJACK:

Logfile of HijackThis v1.99.1
Scan saved at 4:05:28 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
D:\Programs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Programs\Logitech\Video\LogiTray.exe
D:\Programs\ProSeries05\32bit\TaskSch.exe
D:\Programs\Logitech\iTouch\iTouch.exe
d:\Programs\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programs\Adobe\Acrobat7\Reader\reader_sl.exe
D:\Programs\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
D:\Programs\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hppapml0.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Acrobat7\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3DC7127D-0920-C07C-7029-1A227A72D53E} - C:\WINDOWS\system32\sysbg32.dll (file missing)
O2 - BHO: Class - {AE721233-0FEA-4847-4C92-FDF523518F56} - C:\WINDOWS\system32\appum.dll (file missing)
O2 - BHO: Class - {F5E4032F-B58E-1B79-B01F-22DB28518DF7} - C:\WINDOWS\sdkjo.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programs\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Programs\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ProTaskScheduler] D:\Programs\ProSeries05\32bit\TaskSch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Programs\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [579.tmp] C:\Temp\579.tmp.exe
O4 - HKLM\..\Run: [57A.tmp] C:\Temp\57A.tmp.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\Programs\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Eagle Listener.lnk = D:\Programs\3apps\Catapult\3listen.exe
O4 - Startup: Eagle Scheduler.lnk = D:\Programs\3apps\Catapult\Sched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programs\Adobe\Acrobat7\Reader\reader_sl.exe
O4 - Global Startup: HP LaserJet Director.lnk = D:\Programs\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SonicWALL VPN Client.lnk = D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134803696578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://ceder.us/Remote/msrdp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

DO I STILL NEED TO DELETE ANY OF THESE EVEN THOUGH IT APPEARS TO BE WORKING?

Your HijackThis log looks much cleaner. Did you try to remove the following files previously and they came back? NO..HAVE REMOVE THEM NOW AS INDICATED BELOW.

PartyPoker is not giving your popups or redirecting your page?  You should get rid of PartyPoker.

O4 - HKLM\..\Run: [579.tmp] C:\Temp\579.tmp.exe
O4 - HKLM\..\Run: [57A.tmp] C:\Temp\57A.tmp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe              
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe

DELETED THE ABOVE FILES....WHY PARTYPOKER THIS IS MY PASTTIME...ANYWAY I CAN KEEP IT OR SHOULD I CONSIDER ANOTHER ONLINE POKER SITE?

Logfile of HijackThis v1.99.1
Scan saved at 5:06:02 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
D:\Programs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Programs\Logitech\Video\LogiTray.exe
D:\Programs\ProSeries05\32bit\TaskSch.exe
D:\Programs\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
d:\Programs\Logitech\MouseWare\system\em_exec.exe
D:\Programs\Adobe\Acrobat7\Reader\reader_sl.exe
D:\Programs\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
D:\Programs\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hppapml0.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Acrobat7\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3DC7127D-0920-C07C-7029-1A227A72D53E} - C:\WINDOWS\system32\sysbg32.dll (file missing)
O2 - BHO: Class - {F5E4032F-B58E-1B79-B01F-22DB28518DF7} - C:\WINDOWS\sdkjo.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programs\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Programs\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ProTaskScheduler] D:\Programs\ProSeries05\32bit\TaskSch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Programs\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\Programs\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Eagle Listener.lnk = D:\Programs\3apps\Catapult\3listen.exe
O4 - Startup: Eagle Scheduler.lnk = D:\Programs\3apps\Catapult\Sched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programs\Adobe\Acrobat7\Reader\reader_sl.exe
O4 - Global Startup: HP LaserJet Director.lnk = D:\Programs\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SonicWALL VPN Client.lnk = D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134803696578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://ceder.us/Remote/msrdp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Temp <-- you need to empty this folder, delete everything in it but not the folder itself. OK DONE EXCEPT FOR THESE CANNOT BE DELETED:

Temporary Internet Files Folder
Iadhide4.dll

Or use CleanUp to clean your temp files.  RAN THIS PROGRAM.
Download CleanUp
http://www.stevengould.org/software/cleanup/download.html
Now run the "CleanUp" program:

CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

These files below are bad and belong to Home Search assistant: About Buster, CoolWebshredder or Ewido should have gotten rid of them.

C:\WINDOWS\crxf32.exe - GONE
C:\WINDOWS\system32\winib.exe - GONE

HSA is sometimes hard to remove and they come back, if they do we'll provide a very detailed steps if that happens, IE and windows explorer mustn't be open once you start cleaning them up.

THANKS TO BOTH OF YOU..ANYTHING ELSE I NEED TO DO...SEEMS TO BE WORKING FINE!

James,

We have not heard from you in awhile. Did any comment help you solve your problem? Do you have any more questions? If an Expert helped you, please accept his/her answer above with an excellent or good grade.

Thanks, war1

You can fix these entries, these are just registry clutters now.
O2 - BHO: Class - {3DC7127D-0920-C07C-7029-1A227A72D53E} - C:\WINDOWS\system32\sysbg32.dll (file missing)
O2 - BHO: Class - {F5E4032F-B58E-1B79-B01F-22DB28518DF7} - C:\WINDOWS\sdkjo.dll (file missing)

DONE.

>>OK DONE EXCEPT FOR THESE CANNOT BE DELETED:
Temporary Internet Files Folder
Iadhide4.dll<<

What's the exact path to that file?  c:\TEMP
Maybe it needs to be stripped of all attributes before it can be deleted.  TRIED THIS NO CHANGE.

Or.
Instead of deleting the file, disable it by removing all permissions.  
Right click on the file and select Properties > Security > Advanced.
Uncheck "Inherent from parent" and remove other permissions.  TRIED THIS NC  

If you are using XP Home, you need to access the Security tab from Safe Mode.
If using XP Pro and security tab is not available, go to any folder and select Tools > Folder Options > View. Uncheck "Use simple file sharing".  TRIED THIS NC,

FOR IFFF FILE - STATES IT IS SYSTEM FILE CANNOT BE REMOVED.
FOR IDA..FILE - STATES ACCESS IS DENIED.

IF NO OTHER OPTION, JUST LEAVE IT SINCE EVERYTHING APPEARS TO BE WORKING CURRENTLY!

THANKS.

James, is your computer running without adware issue?

Not sure what you mean...I believe so.....if your asking am I running an adware program the answer is no.

James, I am asking if you have any more adware issue?  Looks like the comptuer is clean.

Here is my latest scan:

Logfile of HijackThis v1.99.1
Scan saved at 5:47:38 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
D:\Programs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Programs\Logitech\Video\LogiTray.exe
D:\Programs\Logitech\iTouch\iTouch.exe
d:\Programs\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programs\Logitech\Video\FxSvr2.exe
D:\Programs\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
D:\Programs\ProSeries05\32bit\tasksch.exe
C:\WINDOWS\system32\hppapml0.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Acrobat7\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programs\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Programs\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ProTaskScheduler] D:\Programs\ProSeries05\32bit\TaskSch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Programs\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\Programs\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Eagle Listener.lnk = D:\Programs\3apps\Catapult\3listen.exe
O4 - Startup: Eagle Scheduler.lnk = D:\Programs\3apps\Catapult\Sched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programs\Adobe\Acrobat7\Reader\reader_sl.exe
O4 - Global Startup: HP LaserJet Director.lnk = D:\Programs\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SonicWALL VPN Client.lnk = D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134803696578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://ceder.us/Remote/msrdp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Look clean to you?   I would say so but your the expert.  As for any other issues ran avast no errors.  So if you give the ok...will award the points.  

James, here is analyzed log

http://hijackthis.de/logfiles/956b75b56315d9c92f06883ed63a9381.html

It looks clean. :-)

No malware in your log.

You can fix this entry though.
R3 - Default URLSearchHook is missing

DONE

If you use IE most of the time you should check about SpywareBlaster. It Protects you against activex based malware from installing into your system. It is not a resource hog because it protects you without it running in the background.
IE is my only browser and I have SpyWareBlaster installed.
http://www.javacoolsoftware.com/spywareblaster.html

DONE

THANKS TO BOTH OF YOUR FOR ALL YOUR HELP!!!!!!!!!!!!

Hi James,
Did you mean to give all points to war1?
I was hoping you were happy with my help but obviously you weren't since you give all the points to war1 and none to me.
Good luck!

NOOOOOOOOOOOOOOOO!  MY INTENTION WAS TO SPLIT 50/50, AND I THOUGHT I ENTERED IT THAT WAY........CAN THIS BE FIXED!

James, to change the grading, you need to post a note to the Community Support page with a link to this question.  The Community Support page link is in the upper right corner of this page.

done.