• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Stefdwe

Ran Spybot & Adaware and still have a problem

13 posts in this topic

Two weeks ago an adware program hit my computer. I have ran Spybot & AdAware, but it seemed like it wasn't catching the main program because I'm still having lots of problems. When I found what I thought was the main bugger of a file I couldn't delete or uninstall it. It gave me an error message saying access denied because it was write-protected, or something to that affect. I could get the exact wording if necessary.

 

Also, I have to reboot constantly because my IE isn't working consistently and re-booting is the only thing that "gets it back on track."

 

Here is my log file:

 

Logfile of HijackThis v1.97.7

Scan saved at 9:23:20 PM, on 5/21/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\gearsec.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\WINZIP\winzip32.exe

C:\unzipped\hijackthis[1]\HijackThis.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.fresno.com"); (C:\Program Files\Netscape\Users\cvip\prefs.js)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Joy Platform Dash - {CBA8A8BC-1FAB-7AB9-38ED-31AE0B6B142A} - C:\PROGRA~1\Hide2\oncemfcd.dll (file missing)

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eggs global] C:\PROGRA~1\TOOLWM~2\Ref poke ping.exe

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D4671F05-8F80-4FEC-90F7-B0E12FF83D8F}: NameServer = 129.8.50.105 129.8.52.2

 

Thank you so much for your help! I'm not great at this kind of thing so I'm just trying to figure it out as I go along.

Share this post


Link to post
Share on other sites

Could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done.

 

If not listed there, click here, download and run this uninstaller.

 

Reboot when done. Post a new HJT log.

Share this post


Link to post
Share on other sites

We've done a few deletions and we've ran a couple more programs (spysweeper & pest patrol) and this is what I have left. I am still have problems with hijackers but none of the programs I'm using can find them. Sportsresults.com and Zestyfind.com are two of them.

 

Here's my log:

 

Logfile of HijackThis v1.97.7

Scan saved at 7:25:51 PM, on 5/31/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\gearsec.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common files\WinTools\WSup.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\unzipped\hijackthis[1]\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/

R3 - Default URLSearchHook is missing

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.fresno.com"); (C:\Program Files\Netscape\Users\cvip\prefs.js)

O1 - Hosts: 207.36.196.189 auto.search.msn.com

O1 - Hosts: 207.36.196.189 search.netscape.com

O1 - Hosts: 207.36.196.189 ieautosearch

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D4671F05-8F80-4FEC-90F7-B0E12FF83D8F}: NameServer = 129.8.50.105 129.8.52.2

 

 

 

Thank you for any help.

Share this post


Link to post
Share on other sites

Let's check to see if you have been infected by the L2M parasite. Please do this:

 

Click here to download the VX2Finder.exe tool. Click on the VX2Finder.exe and then click on the Click to Find VX2.Betterinternet button. It will display the files, the Guardian Key and User Agent string. Now click the Make Log button. It will open the log in notepad. Copy and paste that log here and wait for further instructions.

Share this post


Link to post
Share on other sites

Log for VX2.BetterInternet File Finder

 

Files Found---

C:\WINDOWS\System32\6aO4SVC.DLL

C:\WINDOWS\System32\6bO4SVC.DLL

C:\WINDOWS\System32\6dO4SVC.DLL

C:\WINDOWS\System32\6eO4SVC.DLL

C:\WINDOWS\System32\6fO4SVC.DLL

C:\WINDOWS\System32\6gO4SVC.DLL

C:\WINDOWS\System32\6hO4SVC.DLL

C:\WINDOWS\System32\6jO4SVC.DLL

C:\WINDOWS\System32\6kO4SVC.DLL

C:\WINDOWS\System32\6lO4SVC.DLL

C:\WINDOWS\System32\6mO4SVC.DLL

C:\WINDOWS\System32\6nO4SVC.DLL

C:\WINDOWS\System32\6oO4SVC.DLL

C:\WINDOWS\System32\6pO4SVC.DLL

C:\WINDOWS\System32\6qO4SVC.DLL

C:\WINDOWS\System32\6rO4SVC.DLL

C:\WINDOWS\System32\6sO4SVC.DLL

C:\WINDOWS\System32\6uO4SVC.DLL

C:\WINDOWS\System32\6vO4SVC.DLL

C:\WINDOWS\System32\6wO4SVC.DLL

C:\WINDOWS\System32\6xO4SVC.DLL

C:\WINDOWS\System32\6yO4SVC.DLL

C:\WINDOWS\System32\6zO4SVC.DLL

C:\WINDOWS\System32\Ai3API.DLL

C:\WINDOWS\System32\AoCTRES.DLL

C:\WINDOWS\System32\AqLUI.DLL

C:\WINDOWS\System32\ArLEDIT.DLL

C:\WINDOWS\System32\AtLUI.DLL

C:\WINDOWS\System32\AxTODISC.DLL

 

 

Guardian Key--- is called: GuardianFWKAN

Asynchronous 000

DllName C:\WINDOWS\system32\6sO4SVC.DLL

Impersonate 000

Logon WinLogon

Logoff WinLogoff

Version 124

ID {6FE49DD3-4537-4FF5-81B2-D94BAAC50E2C}

IDex DS3

 

 

Thanks!

Share this post


Link to post
Share on other sites

OK do this, click on the Click to Find VX2.Betterinternet button again. This time delete all files found - you will be left with notice about one to be deleted on reboot. It will ask to reboot on deletion of the last file (do that)

 

After reboot, delete Guardian key & User Agent Key. Click User Agent$ to remove that entry from the registry then click Guardian.reg to delete the Guardian Key. When you click on the Click to Find VX2.Betterinternet button this time you should get a clean log of blank values.

 

If so click Restore Policy to restore the Debug policy altered in the look2Me installation and reboot. Rescan with HJT and post a new log here.

Share this post


Link to post
Share on other sites

When my computer began to reboot it wasn't able to fully come up. Finally I was able to get my desktop up but none of my applications would operate. I keep getting a message about virtual memory being low, not enough memory to operate application, etc. In the last few days my system began running extremely slow - especially when rebooting.

 

I'm posting this from my work, but my home computer is basically non-op now. I'm going to try working with it again tonight; in the meantime, do you have any thoughts on this? Is this an effect of the L2M parasite?

 

Thanks for your help.

Share this post


Link to post
Share on other sites

I haven't heard about L2M causing this effect. How much RAM do you have on your system? Is your hard drive nearly full or have you manually set the allocation of virtual memeory?

Share this post


Link to post
Share on other sites

Off the top of my head I don't remember how much RAM I have, but my hard drive wasn't close to being full.

 

Windows was giving me a error message about something being missing or needing to be repaired so we needed to reinstall Windows. We tried that and it continued to give us the same message. At this point we can't log on to Windows at all.

 

It's going to the PC Doctor next week. Thanks for your help!

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0