Results 1 to 5 of 5

Thread: VX2 ! strikes again....

  1. #1
    Regular Member RAAF453_Shep's Avatar
    Join Date
    Jul 2003
    Location
    San Antonio, Tx
    Posts
    286

    VX2 ! strikes again....

    err, well it did my system.

    My loving wife ( of 22 yrs now ), in her quest for truth and wealth , does surveys , and I mean alot of them.
    So in the past it's been a good thing. we have sampled some great FREE things... and she's made quite a bit of cash.
    But somewhere in the past couple of days , we got hit. CI was the first sign of trouble. ( Consumer Inputs ) apparently was bundleware , with VX2 in it. She told me it was a link to a new survey site,( we just followed the same link out... and nothing , there. She hadnt hit an installer, just looked at the page. Yet the CI software was on our pc ( eliminated last night ) but with our last fiasco over Nielson ( that was a rough one to eliminate) , she promised no more installs.
    And she said she tried to cancel this , but it got to us anyway. she told me that she filled out the registration form , and it popped up an installer window, which she promptly DECLINED.
    The lil blighter has changed it's freakin name over a dozen times. I get rid of part of it, and yet another ( dif name ) takes it's place.
    Now after Adaware, and S&D1.3 it simply wont go away.
    I added in the VX2 killer/remover to Adaware , but no joy.
    I have my homepage set to BLANK... and it gives me a pop-up ad !
    I thought about running Hijackthis... but Im not hijacked , just frustrated with this. I have blocked a half-dozen different exe's in my Sygate... but want to keep from a format to eliminate this thing.
    any and all help will be greatly appreciated.
    Last edited by RAAF453_Shep; 04-16-05 at 07:28 AM.
    nothing like my Virtual Spitfire Mk IXc and a few wingmen to cover my 6 !

  2. #2
    Regular Member RAAF453_Shep's Avatar
    Join Date
    Jul 2003
    Location
    San Antonio, Tx
    Posts
    286

    my Hijack log...

    Logfile of HijackThis v1.98.2
    Scan saved at 7:15:02 AM, on 4/16/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\ups.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\mqsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\mqtgsvc.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    c:\windows\system32\ecibiat.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\RnR\My Documents\hijack\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\rtneg.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [pnxkhwn] c:\windows\system32\ecibiat.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1112900552625
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    nothing like my Virtual Spitfire Mk IXc and a few wingmen to cover my 6 !

  3. #3
    Regular Member RAAF453_Shep's Avatar
    Join Date
    Jul 2003
    Location
    San Antonio, Tx
    Posts
    286

    well nm , I got it.

    Guess that I have no help out there.

    I'll format this, and hope for the best. I thought there was a cure....

    Now HoooOOld on there Babalooie... seems after a few hours of frustrating digging, renaming, moving everything connected to the "bundleware" to a new folder I made private, a few run thru's with RegCleaner ( digging for those specific files ( as they reared their ugly heads - alot of name(s) changes they threw at me )
    I am back again , I found that the third time I renewed AAW in my Sygate for updates , it took the newest update file.
    I had already installed the VX2 add on for AAW, but the bugger kept disabling one thing after another... I wasnt going to be beaten.
    I owe all to this wonderful forum and those regular posters that inspired me to keep after it.
    I am learning my way thru.... hope I never stop.

    the next few rounds on me... belly up lads.
    Last edited by RAAF453_Shep; 04-17-05 at 03:00 AM. Reason: correction & info update
    nothing like my Virtual Spitfire Mk IXc and a few wingmen to cover my 6 !

  4. #4
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,857
    What have you thrown at it for anti ad/spy/malware apps?

    There are some pretty good ones out there now, that when used in combination...can often massage a system back to health. Compared to a couple of years ago when all you pretty much had were Adaware and Spybot S&D.

    Here's what I use.
    Microsoft Antispyware....excellent..EXCELLENT...program. Built in free automatic updates, by default scans your system each night. Besides a top notch scanning system, it has VERY useful tools in the "Advanced Tools" section too, under the System Explorers section. BHOs, Winsock LSP, Browser Defaults restore.

    30 day trial of Spysweeper...install, update, scan several times. Use for several days until system appears healthy.

    Adaware SE..good for scanning and removal.

    Spybot Search and Destroy, current 1.3, but beta of 1.4 is out...which will be public soon. Don't forget to immunize after you update..after you scan and remove...immunization helps prevent some installs of malware.

    SpywareBlaster...not a removal tool, but helps prevent some installs of malware. Think of it as a condom for your browser.

    For Internet Exploader....install the Google Toolbar. Malware free, besides having the useful search field right there...it helps prevent popups, which help some end users avoid clicking things they shouldn't.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  5. #5
    Regular Member RAAF453_Shep's Avatar
    Join Date
    Jul 2003
    Location
    San Antonio, Tx
    Posts
    286
    ahh for my search engine... also w/o those annoying poppers...
    Copernic Search
    I especially like the results saves it keeps for real fast re-reference.
    nothing like my Virtual Spitfire Mk IXc and a few wingmen to cover my 6 !

Similar Threads

  1. Vx2 Cleaner[version 1.02]7.5.04
    By hayc59 in forum Network Security
    Replies: 0
    Last Post: 07-05-04, 11:47 AM
  2. Vx2 Cleaner Plug-in For Ad-aware. 1.01
    By hayc59 in forum Network Security
    Replies: 0
    Last Post: 07-01-04, 08:39 PM
  3. Lavasoft’s VX2 Cleaner Plug-in
    By hayc59 in forum Network Security
    Replies: 5
    Last Post: 07-01-04, 05:44 AM
  4. Lil johnny strikes again.....
    By blebs in forum General Discussion Board
    Replies: 4
    Last Post: 04-27-04, 07:35 AM
  5. Judge Strikes Down Part of Patriot Act
    By axtrader in forum General Discussion Board
    Replies: 0
    Last Post: 01-26-04, 06:16 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •