• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
tazdog

Some Items I cannot get rid of

6 posts in this topic

Every time I reboot, I get 3 files into my temp dir..

 

installer.exe

upd125.exe

upd126.exe

 

and often I get a buffer overflow.. and it shows one of the files listed above...

 

I have ran cwshredder, hijack this, adaware, and spybot and pretty much all of it looks clean... I also ran the lsfix winsock repair and removed this inet*.dll

 

So now i'm just puzzled.. =)

 

thanks for any help...

 

Scott

Share this post


Link to post
Share on other sites

Well we're puzzled too; but just because we don't have a HJT log to look at.

Make sure you have at leastHijackThis ver 1.97 and re run it; save the log and post a copy of it back to this thread.

Share this post


Link to post
Share on other sites

I also ran adaware again and I keep getting this message and adaware will not remove it.. VX - c:\windows\sys32\azlui.dll

 

 

Here is the log file:

Logfile of HijackThis v1.97.7

Scan saved at 12:38:42 PM, on 7/5/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\pcAnywhere\awhost32.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\NavNT\rtvscan.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NavNT\vptray.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\devldr32.exe

C:\WINDOWS\speech\vcmd.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\system32\logon.scr

D:\nbpro_4.3\nbpro.exe

C:\Documents and Settings\scott.weber\Desktop\spyware\HijackThis.exe

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZDLM.exe /hide

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: Research (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37925.833900463

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tazdog.corp

O17 - HKLM\Software\..\Telephony: DomainName = tazdog.corp

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tazdog.corp

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tazdog.corp

 

 

thanks

Scott

Share this post


Link to post
Share on other sites

Download VX2Finder from HERE

 

Run Vx2Finder click on the click to find VX2.BetterInternet. Then click make log.

 

Copy and paste the contents of the log back to this thread.

Share this post


Link to post
Share on other sites

Here is the VX2 log:

 

Log for VX2.BetterInternet File Finder

 

Files Found---

C:\WINDOWS\System32\asctres.dll

 

 

Guardian Key--- is called: GuardianKYVTW

Asynchronous 000

DllName C:\WINDOWS\system32\asctres.dll

Impersonate 000

Logon WinLogon

Logoff WinLogoff

Version 124

ID {E7A3C940-2CBA-4EBC-8A71-CCBCF4AF45CF}

IDex DS3

 

User Agent String---

{E7A3C940-2CBA-4EBC-8A71-CCBCF4AF45CF}

Share this post


Link to post
Share on other sites

There is a newer version of VX2 finder out will you get it from here and then do the following;

 

Sign off and stay off the internet until the entire procedure is complete.

 

Open VX2Finder and click on the *click to find VX2.BetterInternet* button.

 

Then select the *Delete these files* button.

You will be left with notice about one to be deleted on reboot.

It will ask to reboot on deletion of the last file (Reboot)

 

Once back in Windows

 

 

Open VX2Finder again and click on these buttons in the right pane:

 

user agent, Guardian.reg, restore policy

 

Exit and reboot.

 

Run Vx2Finder once more and click on the *click to find VX2.BetterInternet* button. Then click *make log*.

Post it here with a fresh HijackThis log please.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0