• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
atwdmw

Need help with this bugger.

2 posts in this topic

Can anyone please help? One of our office computers has had consistent Trojan and virus problems. I ran ad-aware yesterday to remove a few trojans and data-miners and shortly thereafter Outlook stopped functioning.

 

Any help is greatly appreciated.

 

Logfile of HijackThis v1.97.7

Scan saved at 12:09:52 PM, on 7/15/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\McAfee.com\VSO\mcshield.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

c:\program files\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINNT\System32\qttask.exe

C:\PROGRA~1\2Ball\Softidol.exe

C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe

C:\WINNT\system32\kfjqjgw.exe

C:\WINNT\system32\LzioMediaUpdater.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\WINNT\system32\whawizc.exe

C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE

C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe

C:\Program Files\Common Files\WinTools\WSup.exe

H:\Software\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/i...//www.ferc.gov/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O2 - BHO: (no name) - {00000000-167B-41bc-95FF-86A07B14712C} - C:\WINNT\system32\he3bbcff.dll

O2 - BHO: (no name) - {00000000-2565-4c5b-A455-A74C8A2247AB} - C:\WINNT\system32\wmcbaaca.dll

O2 - BHO: (no name) - {00000000-64C4-4a64-9767-895AB4921E41} - C:\WINNT\system32\ielcaabe.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINNT\Downloaded Program Files\ycomp5_1_3_0.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Meal creative - {E45C2A5C-2D2A-4851-6A60-1CFD461949AF} - (no file)

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off

O4 - HKLM\..\Run: [Modem Applet] C:\dell\qwikcsa.exe

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe

O4 - HKLM\..\Run: [PMedia] "C:\Program Files\Common Files\Media\winsrvc.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [JOYLOGO] C:\PROGRA~1\2Ball\Softidol.exe

O4 - HKLM\..\Run: [eanth_system_patcher] C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe /Startup

O4 - HKLM\..\Run: [hpsysconf1] C:\WINNT\system32\kfjqjgw.exe

O4 - HKLM\..\Run: [LzioMediaUpdater] C:\WINNT\system32\LzioMediaUpdater.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [he3bbcff] rundll32.exe C:\WINNT\system32\he3bbcff.dll,EnableRunDLL32

O4 - HKLM\..\Run: [wmcbaaca] rundll32.exe C:\WINNT\system32\wmcbaaca.dll,EnableRunDLL32

O4 - HKLM\..\Run: [icddefff] rundll32.exe C:\WINNT\system32\icddefff.dll,EnableRunDLL32

O4 - HKLM\..\Run: [ielcaabe] rundll32.exe C:\WINNT\system32\ielcaabe.dll,EnableRunDLL32

O4 - HKLM\..\Run: [intdctrr] C:\WINNT\system32\idctup20.exe

O4 - HKLM\..\Run: [srchfstUpdate] C:\WINNT\srchupdt.exe

O4 - HKLM\..\Run: [icdd7ee6] rundll32.exe c:\winnt\system32\icddefff.dll,EnableRunDLL32

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [Adstartup] C:\WINNT\system32\automove.exe

O4 - HKCU\..\Run: [Y357RXf7e] whawizc.exe

O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE

O4 - HKCU\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O16 - DPF: ViewTIFF for Java - http://countyrecords.landata.com/JavaViewT...in/TIFFView.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab

O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab

O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://bin.mcafee.com/molbin/shared/mcinsc...54/mcinsctl.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...37651.628287037

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab

O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1500/...uditControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_3_0.cab

Share this post


Link to post
Share on other sites

Hello atwdmw,

 

You show signs of a Look2Me infection.

A tool has been made by Option^Explicit and freeatlast to find and remove it.

Please download VX2Finder from this link, and save it to your Desktop.

 

http://downloads.subratam.org/VX2Finder(126).exe

 

Run Vx2Finder click on the *click to find VX2.BetterInternet* button. Then click *make log*.

Copy and paste the contents of the log into your next reply here.

 

_ _ _ __ _ _ __ _

 

Please download a Free Trial of Trojan Hunter and run it.

 

Next, take a free Online Virus scan at HouseCall or eTrust or both.

 

_ _ _ _ _ _ _ _ _

 

Then, please follow this link to remove PeopleOnPage http://www.pchell.com/support/peopleonpage.shtml

 

While you're still in Add/Remove Programs find:

 

"Window Search" And "WinTools" and remove (uninstall) them.

You will be given a security code to insert, do so

And reboot when done.

_ _ _ _ _ _ _ _ _ _

 

Next to Task Manager (Ctrl + Alt + Delete) and click on "Processes" then "End Process" for this:

 

Softidol.exe

 

Then close task manager.

_ _ _ _ _ _ __ _ _

 

 

Open Hijackthis, click Scan, then put a check next to the following entries:

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passthrough/i...//www.ferc.gov/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

 

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

 

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

 

O2 - BHO: (no name) - {00000000-167B-41bc-95FF-86A07B14712C} - C:\WINNT\system32\he3bbcff.dll

O2 - BHO: (no name) - {00000000-2565-4c5b-A455-A74C8A2247AB} - C:\WINNT\system32\wmcbaaca.dll

O2 - BHO: (no name) - {00000000-64C4-4a64-9767-895AB4921E41} - C:\WINNT\system32\ielcaabe.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

 

O4 - HKLM\..\Run: [PMedia] "C:\Program Files\Common Files\Media\winsrvc.exe"

O4 - HKLM\..\Run: [JOYLOGO] C:\PROGRA~1\2Ball\Softidol.exe

O4 - HKLM\..\Run: [eanth_system_patcher] C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe /Startup

O4 - HKLM\..\Run: [hpsysconf1] C:\WINNT\system32\kfjqjgw.exe

O4 - HKLM\..\Run: [LzioMediaUpdater] C:\WINNT\system32\LzioMediaUpdater.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [he3bbcff] rundll32.exe C:\WINNT\system32\he3bbcff.dll,EnableRunDLL32

O4 - HKLM\..\Run: [wmcbaaca] rundll32.exe C:\WINNT\system32\wmcbaaca.dll,EnableRunDLL32

O4 - HKLM\..\Run: [icddefff] rundll32.exe C:\WINNT\system32\icddefff.dll,EnableRunDLL32

O4 - HKLM\..\Run: [ielcaabe] rundll32.exe C:\WINNT\system32\ielcaabe.dll,EnableRunDLL32

O4 - HKLM\..\Run: [intdctrr] C:\WINNT\system32\idctup20.exe

O4 - HKLM\..\Run: [srchfstUpdate] C:\WINNT\srchupdt.exe

O4 - HKLM\..\Run: [icdd7ee6] rundll32.exe c:\winnt\system32\icddefff.dll,EnableRunDLL32

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [Adstartup] C:\WINNT\system32\automove.exe

O4 - HKCU\..\Run: [Y357RXf7e] whawizc.exe

O4 - HKCU\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

 

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.cab

 

Now Close all open Windows and browsers (have only HJT open) and click "Fix Checked".

 

Then, reboot to Safe mode

(tap F8 while restarting) and delete these folders:

 

C:\Program Files\AutoUpdate\

C:\PROGRAM FILES\ACCELE~1\ <----there will be more of a name here

C:\PROGRAM FILES\2Ball\

C:\Program Files\Common Files\WinTools\

C:\Program Files\Common Files\Media\

 

And these files:

 

C:\WINNT\system32\he3bbcff.dll

C:\WINNT\system32\wmcbaaca.dll

C:\WINNT\system32\ielcaabe.dll

C:\WINNT\system32\kfjqjgw.exe

C:\WINNT\system32\LzioMediaUpdater.exe

C:\WINNT\system32\he3bbcff.dll,

C:\WINNT\system32\icddefff.dll

C:\WINNT\system32\idctup20.exe

C:\WINNT\system32\automove.exe

 

You may have to show hidden files

 

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

 

Then, reboot normally and please post a new HJT log and the Vx2 log.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0