VX2 [Resolved]

I'm new and hoping someone here can help me.
The problem I have is something keeps adding sites to my favourites list(everytime I reopen IE!), changing my homepage, causing up pop-ups and causing windows to crach when I try to open windows explorer.
I have tried approaches in similar topics
ie. using ad-ware,CWshredder,Aboutbuster in and out of Safe Mode.

Nothing so far has shifted the problem, any help would be appreciated thanks.

Logfile of HijackThis v1.99.1
Scan saved at 18:30:08, on 14/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ietc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\javagu.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Nyah\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tvbde.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tvbde.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tvbde.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tvbde.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tvbde.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tvbde.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tvbde.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3E589AC4-D875-E18F-230E-C2FBCC1516D6} - C:\WINDOWS\atlnv32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [javagu.exe] C:\WINDOWS\javagu.exe
O4 - HKLM\..\RunOnce: [ietc32.exe] C:\WINDOWS\ietc32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: Download with GetRight - C:\Demos&Stuff\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Demos&Stuff\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\appra32.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by Mattion, 14 April 2005 - 08:33 PM.

Managed to resolve the problem myself with advice from other topics and a lot of bludgeoning!
I went about it via,
using Ad-aware in normal boot (not safe mode)
noting all the VX2 infected files and NOT removing anything

rebooting in safe mode
used AboutBuster and let it fix everything found,
reused ad-aware (full scan!) and let it fix everything found,
used CWshredder and let it fix everything found,

used HiJackThis and removed suspicious files
this was based on what was removed in other posts about the same problem
(I still have the back ups now to be sure!!)

Then deleted the noted down VX2 files
(these were NOT picked up by ad-aware when safe-mode was on)

re-ran all AB, ad-A and CWs, nothing found
rebooted back to normal and everything is fine now

I'm now also using winpatrol dont know if it had any effect here but it seems useful

On the off chance that someone reads this, just look at the resolved cases in this forum, the information is mostly there already!
and finally a big thanks to everyone at Geeks to Go! :tazz:

#1
Mattion

Posted 14 April 2005 - 11:34 AM

Advertisements

#2
Mattion

Posted 14 April 2005 - 08:27 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us