Jump to content


"Access Members area.exe" on desktop!

  • This topic is locked This topic is locked
3 replies to this topic

#1 Flibster



  • New Member
  • Pip
  • 1 posts

Posted 09 March 2006 - 04:18 PM

Hi there! An executable keeps appearing on my desktop with the name "Access members area". I think it's a dialer, but everytime I delete the file it keeps coming back after a day or so. I also notice several processes appear with .tmp in the name, as the file appears.

Several hours before the file appears I notice the command prompt briefly pops up and IEXPLORE.exe appears in the task manager, even though I haven't touched internet explorer for several months.

Here is the Hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 21:15:27, on 09/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\?ssembly\?hkdsk.exe
C:\Documents and Settings\Flibster\Desktop\hi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.c...cts/wanadoohome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {35293F0E-8BC6-F76E-90AF-858AADA6FBC8} - C:\WINDOWS\system32\bcsginpe.dll (file missing)
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll
O2 - BHO: (no name) - {CF2F5D33-E0A5-9255-FAB2-E42CF76305C4} - C:\WINDOWS\system32\cvnuiaqi.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE BenQ Web Camera
O4 - HKCU\..\Run: [Hrom] "C:\DOCUME~1\Flibster\APPLIC~1\DOBE~1\wowexec.exe" -vt yax
O4 - HKCU\..\Run: [Viixxr] C:\Program Files\Common Files\?ssembly\?hkdsk.exe
O4 - Global Startup: Kill Amcap.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...2/OCI/setup.exe
O16 - DPF: {4EDD7E56-3BAA-13B6-D0D4-4A6A2FE914A6} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136095355812
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.....cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9E6D3DD-9E51-408A-9ADB-1D6A6E1FAEC8}: NameServer =,
O17 - HKLM\System\CCS\Services\Tcpip\..\{E392E717-0ABE-4815-8154-DA00EB8381B6}: NameServer =,
O20 - Winlogon Notify: winwly32 - C:\WINDOWS\SYSTEM32\winwly32.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Any help would be greatly appreciated!

#2 Martijnc


    Forum Deity

  • Developer
  • PipPipPipPipPip
  • 543 posts

Posted 11 March 2006 - 08:08 AM

Hello, Flibster

We are currently looking over your log. Please be patient while we try to determine how best to approach a fix for any issues you may have.

#3 Martijnc


    Forum Deity

  • Developer
  • PipPipPipPipPip
  • 543 posts

Posted 12 March 2006 - 09:45 AM

Hello and welcome to SpywareInfo.com, Flibster

- You may want to print out these instructions cause we need to work in save mode where you can' t acces this page.

- Please download, install, update and scan your system with the free version of Ewido Security Suite:
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), exit Ewido.
Dont run it yet

- Download CWShredder and save it to your desktop.
Dont run it yet

- As the computer starts up, and just before Windows starts to load, tap the F8 key a few times and then choose Safe Mode from the menu that will appear.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

- Run cwshedder and click Fix and then Next, let it fix everything it asks about.

- Now open Ewido, click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Save it.

- Please scan again with HijackThis and then place a check for these items.

R3 - URLSearchHook: (no name) - {35293F0E-8BC6-F76E-90AF-858AADA6FBC8} - C:\WINDOWS\system32\bcsginpe.dll (file missing)
O2 - BHO: (no name) - {CF2F5D33-E0A5-9255-FAB2-E42CF76305C4} - C:\WINDOWS\system32\cvnuiaqi.dll
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.....cab?refid=1123
O20 - Winlogon Notify: winwly32 - C:\WINDOWS\SYSTEM32\winwly32.dll

- Close all other windows, then click Fix Checked.

- Next, please enable viewing of hidden files as follows:
Go to My Computer, and click on the "Tools" menu
Click "Folder options"
Select the "View" tab
Make sure "Show hidden files and folders" is selected
Make sure "Hide extensions for known file types" is unchecked
Make sure "Hide protected operating system files (recommended)" is unchecked

- Delete the following files and folders:


- Reboot

- Scan again with HijackThis and post a new log here together with the log of ewido. If there are still problems, Please also note them in your next response.

#4 Martijnc


    Forum Deity

  • Developer
  • PipPipPipPipPip
  • 543 posts

Posted 27 March 2006 - 07:03 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!