EDL CyberCafe 1.1 problem

By Henry00
Apr 4, 2009
  1. Hello there , I needed a WIFI tool for testing reasons..
    I came accros EDL CyberCafe 1.1 I thought it was something usefull so I installed it.
    It told me about blocking Ctrl-Alt-Del and stuff, I said no.
    It started , and It filled my screen haha.. It wasnt what I searched for , so I quickly made a program that disables the process (Like the taskmanager does , on a second monitor)

    Phew , the program was gone , though even after reboot my taskmanager isnt working anymore D=
    Somebody an Idea how to fix this?
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Go here and download to Desktop:

    Double click Fixer.exe to run it. This will extract a Fixer folder to the desktop.

    Now before running boot to Safe Mode Networking.

    Then Dbl Clk to enter the Fixer Folder .

    To run it 1st double click Daft, then click scan and check any found items and click fix and then exit.

    Next dbl click Fixit.cmd to run it.

    When it completes Do the TechSpot 8 steps:

  3. Henry00

    Henry00 TS Rookie Topic Starter

    It didnt work :(
    Everything gave 0 errors
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    Where are the logs from the 8 Steps?

    The Fixit was just a coverall and prep for the 8 Steps!

    We need a Malwarebytes AntiMalware (MBAM) log, a SuperAntiSpyware (SAS) log and a HiJackThis (HJT) log!

  5. Henry00

    Henry00 TS Rookie Topic Starter

    I cant post , please erase this 1
  6. Henry00

    Henry00 TS Rookie Topic Starter

    And this 2
  7. Henry00

    Henry00 TS Rookie Topic Starter

    uuuugh....I scanned with all already 0 errors, though dont got the logs anymore....ok Ill reinstalll all again...

    kk , here Malwarebytes AntiMalware:

    Malwarebytes' Anti-Malware 1.35
    Database version: 1939
    Windows 5.1.2600 Service Pack 3

    04.04.2009 18:53:48
    mbam-log-2009-04-04 (18-53-48).txt

    Scan type: Quick Scan
    Objects scanned: 62413
    Time elapsed: 6 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:25:41, on 04.04.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    D:\Programs\MSN Messenger\MsnMsgr.Exe
    D:\Programs\MSN Messenger\usnsvc.exe
    D:\Programs\Mozilla Firefox\firefox.exe
    D:\Programs\windows media player\wmplayer.exe
    D:\Programs\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programs\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programs\AVG\AVG8\avgtoolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programs\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programs\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programs\AVG\AVG8\avgtoolbar.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] D:\Programs\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programs\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programs\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Programs\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ccleaner] "C:\Programme\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: MultiMon Taskbar.lnk = D:\Programs\MMTaskbar\MultiMon.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programs\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programs\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A9A1120E-B8C8-4B58-ADA0-DB03693C877A}: NameServer =,
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programs\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\Programs\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programs\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - D:\Programs\TeamViewer\Version4\TeamViewer_Service.exe

    End of file - 5383 bytes


    SUPERAntiSpyware Scan Log

    Generated 04/05/2009 at 05:01 PM

    Application Version : 4.26.1000

    Core Rules Database Version : 3829
    Trace Rules Database Version: 1785

    Scan type : Complete Scan
    Total Scan Time : 00:59:32

    Memory items scanned : 544
    Memory threats detected : 0
    Registry items scanned : 5769
    Registry threats detected : 0
    File items scanned : 18462
    File threats detected : 4

    Adware.Tracking Cookie
    C:\Dokumente und Einstellungen\Henry\Cookies\henry@atdmt[2].txt
    C:\Dokumente und Einstellungen\Henry\Cookies\henry@bs.serving-sys[1].txt
    C:\Dokumente und Einstellungen\Henry\Cookies\henry@serving-sys[2].txt
    C:\Dokumente und Einstellungen\Henry\Cookies\henry@doubleclick[1].txt
  8. mflynn

    mflynn TS Rookie Posts: 2,655

    Did you do an unistall of this from Add/Remove or just delete it?

    Do a windows search for edl*.* and then *cyber*.* delete all that point to edl cybercafe.

    Download ComboFix

    Get it here:
    Or here:

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Download SDFix to Desktop.

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.

  9. Henry00

    Henry00 TS Rookie Topic Starter

    It wroked!

    IT WORKED! Its back!! tnx man! :D

    Also the logs..
  10. mflynn

    mflynn TS Rookie Posts: 2,655


    Thread Closing-------------------------------------------------------------------

    Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.

    Remove ComboFix
    combofix /u
    Hit enter or click OK.

    Please download OTCleanIt

    Save to desktop.

    This will remove all the tools we used to clean your computer.

    Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

    Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.

    If prompted to Reboot click, Yes.
    OTCleanit will delete itself when finished, If not delete it by yourself.

    Run CCleaner (get SLIM at bottom no Yahoo toolbar)
    Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

    Run ATF-Cleaner Temp and Registry, repeatedly until no more found.

    Fantastic cleaner. (When installing uncheck Relevant Knowledge do not install)
    The issues can and are likely found is in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.
    Add a redundent Reg backup, get and install ERUNT let it add itself to startup and do a backup on install check all boxes.

    Yes! Even if you use system restore and other backups Registry and Images.

    Every two weeks or so, run MBAM and SAS until clean.

    They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.

    If they find something they can not clean, then get back to us.

    Additionally run CCleaner. ATF-Cleaner and KCleaner.
    I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

    It was designed to be used with and to co-exist with other Virus scanners.

    Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.

    It's like looking at it with 2 sets of eyes and from a different angle.

    It works like some Firewalls do to learn what is good/bad.

    After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.

    As it queries you about the prompt to help you determine to approve or not you can google it with one click.
    Look at

    Run SpyBot ocassionally and use the Immunize function.

    I highly reccomend Hostman: Hostman

    Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.

    A Disk Scan (chkdsk) and Defrag are in order.

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...