HJT log file

Logfile of HijackThis v1.99.1
Scan saved at 1:50:07 PM, on 11/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.brown.edu/web/intranet/students.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126237634156
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: KATRACK.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Here is my VBG file

 

 

[11/04/2005, 13:17:33] - Starting Process...
[11/04/2005, 13:17:33] - Looking for Browser Helper Object [MSEvents Object]
[11/04/2005, 13:17:33] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/04/2005, 13:17:33] - 2: {15F4D456-5BAA-4076-8486-EECB38CD3E57} - ElnkScamBHO Class
[11/04/2005, 13:17:33] - 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} -
[11/04/2005, 13:17:34] - WARNING: 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - BHO Name is blank.
[11/04/2005, 13:17:34] - Checking for WinLogon Notify reference. (File: C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll)
[11/04/2005, 13:17:34] - Couldn't find deSrcAs in Winlogon Notify. Ignoring {4D25F921-B9FE-4682-BF72-8AB8210D6D75}.
[11/04/2005, 13:17:34] - 4: {512ACF1B-64D9-4928-B382-A80556F28DB4} - ElnkPubBHO Class
[11/04/2005, 13:17:34] - 5: {5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess
[11/04/2005, 13:17:34] - 6: {656EC4B7-072B-4698-B504-2A414C1F0037} - IE_PopupBlocker Class
[11/04/2005, 13:17:34] - 7: {8DBF02DA-4360-4A7E-BEA1-347B87816327} - MSEvents Object
[11/04/2005, 13:17:34] - Found MSEvents Object!
[11/04/2005, 13:17:34] - File location: C:\WINDOWS\system32\geedd.dll
[11/04/2005, 13:17:34] - Attempting to kill C:\WINDOWS\system32\geedd.dll
[11/04/2005, 13:17:34] - Terminating Process: RUNDLL32.EXE
[11/04/2005, 13:17:34] - Terminating Process: IEXPLORE.EXE
[11/04/2005, 13:17:35] - Disabling Automatic Shell Restart
[11/04/2005, 13:17:35] - Terminating Process: EXPLORER.EXE
[11/04/2005, 13:17:36] - Suspending the NT Session Manager System Service
[11/04/2005, 13:17:36] - Terminating Windows NT Logon/Logoff Manager
[11/04/2005, 13:17:36] - Re-enabling Automatic Shell Restart
[11/04/2005, 13:17:36] - Renaming C:\WINDOWS\system32\geedd.dll -> C:\WINDOWS\system32\geedd.dll.vir
[11/04/2005, 13:17:36] - File successfully renamed!
[11/04/2005, 13:17:36] - Removing Registry references to {8DBF02DA-4360-4A7E-BEA1-347B87816327}
[11/04/2005, 13:17:36] - Adding Internet Explorer Protection (Kill ActiveX) for {8DBF02DA-4360-4A7E-BEA1-347B87816327}
[11/04/2005, 13:17:36] - Removing Winlogon Notify Entry: geedd
[11/04/2005, 13:17:36] - BHO list has been changed! Starting over...
[11/04/2005, 13:17:36] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/04/2005, 13:17:36] - 2: {15F4D456-5BAA-4076-8486-EECB38CD3E57} - ElnkScamBHO Class
[11/04/2005, 13:17:36] - 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} -
[11/04/2005, 13:17:36] - WARNING: 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - BHO Name is blank.
[11/04/2005, 13:17:37] - Checking for WinLogon Notify reference. (File: C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll)
[11/04/2005, 13:17:37] - Couldn't find deSrcAs in Winlogon Notify. Ignoring {4D25F921-B9FE-4682-BF72-8AB8210D6D75}.
[11/04/2005, 13:17:37] - 4: {512ACF1B-64D9-4928-B382-A80556F28DB4} - ElnkPubBHO Class
[11/04/2005, 13:17:37] - 5: {5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess
[11/04/2005, 13:17:37] - 6: {656EC4B7-072B-4698-B504-2A414C1F0037} - IE_PopupBlocker Class
[11/04/2005, 13:17:37] - 7: {9579D574-D4D8-4335-9560-FE8641A013BD} - ElnkProtectionBHO Class
[11/04/2005, 13:17:37] - 8: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class
[11/04/2005, 13:17:37] - 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/04/2005, 13:17:37] - 10: {AE7CD045-E861-484f-8273-0445EE161910} - AcroIEToolbarHelper Class
[11/04/2005, 13:17:37] - 11: {BDF3E430-B101-42AD-A544-FADC6B084872} - CNavExtBho Class
[11/04/2005, 13:17:37] - 12: {E713904C-DF05-4C79-BBAD-02DB923253BE} - ElnkLegacyUninstBHO Class
[11/04/2005, 13:17:37] - Finished searching for [MSEvents Object]
[11/04/2005, 13:17:37] - Finishing up...
[11/04/2005, 13:17:37] - Enabling Automatic Reboot on STOP Error.
[11/04/2005, 13:17:37] - Attempting to Restart via STOP error (Blue Screen!)

[11/04/2005, 13:22:00] - Starting Process...
[11/04/2005, 13:22:00] - Looking for Browser Helper Object [MSEvents Object]
[11/04/2005, 13:22:00] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/04/2005, 13:22:00] - 2: {15F4D456-5BAA-4076-8486-EECB38CD3E57} - ElnkScamBHO Class
[11/04/2005, 13:22:00] - 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} -
[11/04/2005, 13:22:00] - WARNING: 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - BHO Name is blank.
[11/04/2005, 13:22:00] - Checking for WinLogon Notify reference. (File: C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll)
[11/04/2005, 13:22:00] - Couldn't find deSrcAs in Winlogon Notify. Ignoring {4D25F921-B9FE-4682-BF72-8AB8210D6D75}.
[11/04/2005, 13:22:00] - 4: {512ACF1B-64D9-4928-B382-A80556F28DB4} - ElnkPubBHO Class
[11/04/2005, 13:22:00] - 5: {5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess
[11/04/2005, 13:22:00] - 6: {656EC4B7-072B-4698-B504-2A414C1F0037} - IE_PopupBlocker Class
[11/04/2005, 13:22:00] - 7: {9579D574-D4D8-4335-9560-FE8641A013BD} - ElnkProtectionBHO Class
[11/04/2005, 13:22:00] - 8: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class
[11/04/2005, 13:22:00] - 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/04/2005, 13:22:00] - 10: {AE7CD045-E861-484f-8273-0445EE161910} - AcroIEToolbarHelper Class
[11/04/2005, 13:22:00] - 11: {BDF3E430-B101-42AD-A544-FADC6B084872} - CNavExtBho Class
[11/04/2005, 13:22:00] - 12: {E713904C-DF05-4C79-BBAD-02DB923253BE} - ElnkLegacyUninstBHO Class
[11/04/2005, 13:22:00] - Finished searching for [MSEvents Object]
[11/04/2005, 13:22:00] - Nothing found! Exiting.

[11/04/2005, 13:48:58] - Starting Process...
[11/04/2005, 13:48:58] - Looking for Browser Helper Object [MSEvents Object]
[11/04/2005, 13:48:59] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/04/2005, 13:48:59] - 2: {15F4D456-5BAA-4076-8486-EECB38CD3E57} - ElnkScamBHO Class
[11/04/2005, 13:48:59] - 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} -
[11/04/2005, 13:48:59] - WARNING: 3: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - BHO Name is blank.
[11/04/2005, 13:48:59] - Checking for WinLogon Notify reference. (File: C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll)
[11/04/2005, 13:48:59] - Couldn't find deSrcAs in Winlogon Notify. Ignoring {4D25F921-B9FE-4682-BF72-8AB8210D6D75}.
[11/04/2005, 13:48:59] - 4: {512ACF1B-64D9-4928-B382-A80556F28DB4} - ElnkPubBHO Class
[11/04/2005, 13:48:59] - 5: {5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess
[11/04/2005, 13:48:59] - 6: {656EC4B7-072B-4698-B504-2A414C1F0037} - IE_PopupBlocker Class
[11/04/2005, 13:48:59] - 7: {9579D574-D4D8-4335-9560-FE8641A013BD} - ElnkProtectionBHO Class
[11/04/2005, 13:48:59] - 8: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class
[11/04/2005, 13:48:59] - 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/04/2005, 13:48:59] - 10: {AE7CD045-E861-484f-8273-0445EE161910} - AcroIEToolbarHelper Class
[11/04/2005, 13:48:59] - 11: {BDF3E430-B101-42AD-A544-FADC6B084872} - CNavExtBho Class
[11/04/2005, 13:48:59] - 12: {E713904C-DF05-4C79-BBAD-02DB923253BE} - ElnkLegacyUninstBHO Class
[11/04/2005, 13:48:59] - Finished searching for [MSEvents Object]
[11/04/2005, 13:48:59] - Nothing found! Exiting.

download VirtumundoBeGone from:

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

 

* Save it to your Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the desktop
* Follow the directions as indicated

please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.

just reboot if your system "jams"

VirtumundoBeGone also generates a "log" file of its own [I believe it will be place on your Desktop] ... please REPLY to this thread, and copy/paste the VirtumundoBeGone log back here, along with your latest HJT log.

Nice work. Looks like  VirtuMundoBeGone successfully deactivated the bad WinFixer/Vundo/VirtuMonde file.   Have you noticed any difference, specifically in terms of WinFixer popups, and in general/overall system speed/performance?

 

 

as an extra precaution, i'd like you to also run the Symantec FixVundo tool, as described here: http://forums.us.dell.com/supportforums/board/message?board.id=si_hijack&message.id=17240

 

 

At this point, I'm gonna try to ask someone else to step-in, to determine additional problems (if any) that you might have. Please be advised that we're very "understaffed" at the moment, so I can't make any guarantee as to when (or even if) the next helper will arrive.

Close IE, Run HijackThis and do a Scan only then chek these remnants:

 

R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

They won't hurt anything and you don't need to post another log.  You are done.

 

Ron

 

 

Make sure you have System Restore running (toggle it off and On today to get rid of any bad stuff it may have retained)
and then you can just go back to an earlier time if you hit a bad site.

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx

One way to make this more obvious is to check everything in your current HijackThis and Add to Ignore List then set up Hijackthis to run at boot and to show you if it finds anything new.

 
To avoid going to a bad site you might want to install IE-SpyAd and SpywareBlaster and make the other changes recommended at:.
http://www.mvps.org/winhelp2002/restricted.htm
I used to recommend Spybot's Immunize system but have recently learned it is not as good as the one at:
http://www.mvps.org/winhelp2002/hosts.htm

Never hurts to do one of the free on line scans from Panda or Trend.  They take a while but are pretty good.
www.pandasoftware.com/activescan/activescan.asp?
http://housecall.trendmicro.com/
In addition to Microsoft AntiSpy
http://www.microsoft.com/athome/security/downloads/default.mspx
I like to run Spybot S&D. 
http://www.safer-networking.org/en/download/index.html
Also like to run AdAware once in a while. 
http://www.lavasoftusa.com/software/adaware/

 

Also get the latest version of Java or JRE and make sure you remove any old version with Add/Remove Programs.

http://www.java.com/en/download/manual.jsp