Help with log downloader.trojan system32/oedgs.dll error

Could anyone give me a hand.I have a downloadertrojan system32/oedgs.dll error.I have used some spyware fixes and nothing works.Her is my log from hijack.exe.Thanks...please be specific as i'm a beginner with viruses.


Scan saved at 9:05:15 AM, on 11/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\@Home\tioga\bin\tgcmd.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\EXCITE\TOOLBAR\ExShell.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\@Home\ATHMWWW\Home.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Documents and Settings\Rob\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://allstarsearch.net
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://allstarsearch.net
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://allstarsearch.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://allstarsearch.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allstarsearch.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: ProxyReset Class - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - C:\WINDOWS\System32\AHIEHelp.DLL
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Excite Toolbar] C:\PROGRA~1\EXCITE\TOOLBAR\ExLaunch.exe
O4 - HKLM\..\Run: [TgAddServer] "C:\@Home\tioga\bin\tgfix" /fds "http://www/download/tioga "
O4 - HKLM\..\Run: [Tgcmd] "C:\@Home\tioga\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe "
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Shortcut to AnyDVD_loader.lnk = C:\Program Files\SlySoft\AnyDVD\AnyDVD_loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: @Home - {CAECA89A-7F24-4144-BAE6-F8ADCDB6D851} - http://home.excite.ca (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\0edgs.dll
O21 - SSODL: @Home Browser - {8BA75CFE-C09E-E5E7-9D49-F7277CDB3829} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

Welcome to WindowsBBS madrigal4

Open Microsoft AntiSpyware.

• Click on Tools, Settings.
• In the left pane, click on Real-time Protection.
• Under Startup Options uncheck: Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
• Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended).
• After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
• Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.
• We will re-enable it once we're done.

Right click the desktop and choose New>Folder. Name it HJT. Now drag-drop or cut and paste HijackThis.exe to that folder.

Open hijsckThis and scan again. Place a check next to the following entries, close all other windows and click Fix Checked. The R1 entries are optional........OK to leave if you set as your default search engine.

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://allstarsearch.net
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://allstarsearch.net
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://allstarsearch.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://allstarsearch.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allstarsearch.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\0edgs.dll


If you did not add slotchbar.com to your trusted zone, fix these entries also.

O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.slotchbar.com (HKLM)

These trusted zone entries are for ThePlanet.com Internet Services out of Dallas, TX. Fix if this is not your ISP or you did not add them to the trusted zone.

O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)

Close HijackThis.

Reboot and locate then delete the file C:\WINDOWS\SYSTEM32\0edgs.dll
Create a new HijackThis log, then post it's contents. Please make sure the version info for HijackThis is present when you post the new log (should be at the top of the log).


Please verify whether you are using Excite@Home ISP.

 

wow...thanks for the info.I used antispyware to get rid of allstar.I think.I downloaded a tool called trojan remover.It seems to rename the oedgs.dll file and then deletes it and fix registry.I did a norton scan after and no viruses found.That trojan remover works like a charm.I think i'm ok now.Thanks for your help.I have a zone lab firewall question that i will open in another thread.Thanks for your help.I'm a beginner with this stuff.

 

You're most welcome. Feel free to post a new HJT log for review if you'd like.