Combination adware/spyware and virus problems

By ZenLordOne
Feb 9, 2005
Topic Status:
Not open for further replies.
  1. On day 4, have been through alot of 'recommendations' and so-called experts advice. Attaching current hijackthis log in .txt format, anyone that can actually help me would be a welcome sight. Thanks in advance.

    Attached Files:

  2. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Just wondering who has been advising you!

    Your PC is just so riddled with adware and spyware!
    Go to this post here first, and follow the instructions EXACTLY.
    How to remove Begin2Search/Coolwebsearch and Other Nasties

    When you have done your homework, continue here.

    Boot in Safe Mode
    Stop the System Restore
    Press Ctrl/alt/del and in Taskmanager try to STOP these processes:

    RKillSrv.exe
    desktop.exe
    gaestvyg.exe
    sysmonnt.exe
    winupdtl.exe
    3x2keg8x.exe
    dxjlnd.exe
    ezwcrc.exe
    zvdwrc.exe
    ffisearch.exe
    ieroader.exe
    icax32.exe
    msupd5.exe
    r_server.exe
    gcasServ.exe

    Next, try to UNinstall anything to do with this:
    C:\WINDOWS\isrvs\desktop.exe and ffisearch.exe
    C:\Program Files\3x2keg8x\3x2keg8x.exe
    C:\Program Files\Viewpoint\Viewpoint Toolbar\
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

    Next, run Hijackthis on its own and let it 'fix' (if still there):
    C:\WINDOWS\system32\RKillSrv.exe
    C:\WINDOWS\isrvs\desktop.exe ==>> may be read-only to delete<<==
    C:\WINDOWS\System32\gaestvyg.exe
    C:\WINDOWS\System32\sysmonnt.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {3D4A1F12-FFE6-CB82-D44D-EB285951B8FA} - C:\WINDOWS\System32\tvzymozy.dll
    O2 - BHO: (no name) - {AE16861A-DDBF-D46A-4F8A-6418402AFF3D} - C:\WINDOWS\System32\ijffgybz.dll
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
    O4 - HKLM\..\Run: [3x2keg8x] C:\Program Files\3x2keg8x\3x2keg8x.exe
    O4 - HKLM\..\Run: [dxjlnd] c:\windows\system32\dxjlnd.exe
    O4 - HKLM\..\Run: [ezwcrc] C:\WINDOWS\System32\ezwcrc.exe
    O4 - HKLM\..\Run: [zvdwrc] C:\WINDOWS\System32\zvdwrc.exe
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [sFFg35j] ieroader.exe
    O4 - HKLM\..\Run: [gaestvyg] C:\WINDOWS\System32\gaestvyg.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [dowmRRH9V] icax32.exe
    O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    ALL lines with O16 - DPF:
    ALL lines with O17 - HKLM
    O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
    O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\WINDOWS\System32\msupd5.exe
    O23 - Service: Remote Process Killer - Unknown - C:\WINDOWS\system32\RKillSrv.exe
    O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\System32\r_server.exe

    When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

    You should have fixed this already(from my 'big' post mentioned at the start)
    O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing

    Now post a NEW HJT-log, not 100% sure if I got them all.
  3. ZenLordOne

    ZenLordOne Newcomer, in training Topic Starter

    Thanks for the reply, in the process as we speak...one question: on the Adaware Personal SE process, is that just for the VX2 plugin, or do I run the Adaware tool as well?
  4. ZenLordOne

    ZenLordOne Newcomer, in training Topic Starter

    Ok, here is the post-cleaned file. Things to note: the listing of 016 is an intranet active x control needed to run an app that is one of our projects, the 017 listings are DNS and TCP/IP protocols needed to punch through firewalls, so I didn't delete those.
    The MSAntispyware folder contains a shellextension.dll that would not allow deletion. The 2 no name BHO's don't seem to be going away without a fight.
    Let me know, and by the way, thanks for the assist.
  5. Razorknife

    Razorknife Newcomer, in training

    Simple ZenLordOne

    :grinthumb Just purchase yourself a copy of "PestPatrol", load it, and run it. It will get rid of all your spy/adware without all these complicated boloney programming tricks others have been telling you.
  6. ZenLordOne

    ZenLordOne Newcomer, in training Topic Starter

    Just a quick follow up to say thanks again. Everything seems to be back to normal...makes one wonder if the creators of these issues aren't the same ones selling the cure, talk about cash flow..... :approve:
  7. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Razorknife, not everybody has the money to buy another 'fix', which in its turn might be another pest!
    PestPatrol is good but not a cure-all.

    Besides, where is the challenge?
    You feel much more satisfied when you have solved the problems yourself, using whatever advise is out there.
  8. Razorknife

    Razorknife Newcomer, in training

    puke: Well Blackstuff, I don't know about you, but my time is valuable to me. The person just wanted to get rid of a little pest or two, not build a server network or cure cancer. There's plenty of high quality, INEXPENSIVE software that can do that. I'd rather spend $20.00 on a good program, load it, run it, fix it, all in 10 or 15 minutes or less, and move on to more important (and challenging) things than spending a couple or more $25 hours trying to wade through your mind numbing 150 step program, just to get rid of a little spy/adware. That's not a challenge, that's just absurd! You want a challenge? How about checking out my questions in the "Audio" and "Misc. Software" Forums, which have been posted for several days and none of you GENIUSES have even replied to? There's a couple of freakin challenges for you!
  9. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    You can call my 'mind-numbing 150 steps program' what you like, but looking at the number of hits (nearly 25'000) there are obviously plenty of people who don't find it that bad at all!
    If there WAS any program out there, that could achieve what my guidelines do, surely that would sell a bomb. Unfortunately, all the anti-virus giants such as McAfee, Norton, Panda, Kaspersky and whoever, ALL let crippling stuff like this through. So who's going to help those poor people that get hit (most of them inadvertently)?
    Not programs like Pestpatrol, but MY information and guidelines, and similar people who donate their time free of charge at other forums. Any more questions?

    Who needs a webcam, and who wants access from outside to his/her PC?
    Call them challenges, but only people who are in the know about such things, would answer your questions. Both webcams and outsiders on my PC are of no interest to me at all, so I won't even look at such posts (MY time is too valuable for that)
    .
    And I think we have plenty of knowledgable members on this forum, if you look at most of the posts that people ARE getting help with.
  10. Razorknife

    Razorknife Newcomer, in training

    Oh....I see.....If it doesn't interest YOU, YOU won't provide any help. NICE! That really speaks volumes about your personallity!

    I've visited some of the other forums on this site and found you either giving them poor advise, such as staying away from good solid reputable software, bogging them down with prolonged complicated fixes to very simple problems, or warning them to watch what they say or they'll be ejected/banned from the site, like your God's greatest gift to computers and users!

    No software is perfect, by any means, but from my experience (25+years using computers of all makes and models) most problems stem from people just not setting them up properly. I've helped lots of co-workers, friends, and relatives with their computers/software (which, by-the-way, is why I wanted the info for the webcam and pcAnywhere). None have ever had any problems that have set them up the way I did, and recommended they do, by following manufacturers directions and recommendations. People just don't want to take the time to follow the directions. For example, in my neighborhood alone there are at least 7 wireless networks, including my own. I can access all of them, if I so chose to, because they did not follow their wireless device companies directions and recommendations and set up WEB encyption and passwording. No one has yet been able to access mine, because I did. And even after I've informed some of them of this, and there was a special broadcast on local TV about it, which also gave security instructions, they still have yet to set theirs up properly to keep others out. So, mostly, it's not the fault of the software, or devices, it's the users laziness and lack of following directions and recommendations.

    I've used Norton on my personal PC for YEARS and have NEVER gotten a virus, or had a successful attack. My company uses McAfee, which is also very good. I work at a Hospital with it's own Intranet, which is also gated to the Internet. Thousands of persons personal health and private information is stored on this Intranet and has been for years. Their security with McAfee has never been breeched either. I've used freeware, such as Spybot and such, and they are usually inadequate,(hence the reason they're free), but I've had allot better success with paid for, dedicated task software, from solid reputable companies. The cost is usually minimal compared to all the trouble you obviously get into without them and trying to work through problems with bogus "mind numbing, 150 step" so called "fixes" such as you recommended. Pest Patrol removes spy/adware that Spybot does not. It's also very easily configurable so you can filter out whatever type files you want. It's also CHEAP! It just has to be set up properly. Afterall, that's all these companies do, 24/7, with mega resources and top paid talent. Anyone thinking that they alone are better than that, is just on a self centered, premadonna trip.

    25000 hits doen't say anything. I get that many hits on my Familly wedsite! How many actually took the time to work through your solution and have it work for them? Odds are, truth be known, not many! Most probably just moved on to find a better way. I know ZenLord did!

    Who needs webcams or access to others computers? Again, your lameness and arrogance shows through. Not intested enough to answer my questions? I think the real truth is that YOU JUST DON"T KNOW!

    Well, I've wasted enough of my time with this. I think I'll just withdrawal my subscrition to this so called "Tech Spot" site and move on to more productive, mature, and satisfying company, with REAL answers to REAL problems.

    But take heart BlackStuff, I'll add this site to my "Filter Out" list so you'll wind up with the last word, which I'm sure will do wonders for your already super inflated ego!

    Goodbye all,

    and good luck with this LOSERS advise!
  11. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    We are probably only talking semantics (not Symantec), but I can easily beat your computer experience. I was already working for IBM and programming their mainframes in Assembler back in 1968 and I have followed PC development from almost its incubation.
    I am NOT in the know, so I don't answer (also because I have no interest, on which you jumped like a madman).

    It is below my dignity to sling mud the way you do, but for argument's sake, go have a look at websites such as www.tomcoyote.com where they also deal with adware/spyware problems. Each individual uses up more webspace there, with both questions and answers, than my guidelines.
    If you would have taken the time to really read them you would have found only 3 or 4 steps: 1) get the programs and run them, 2) details about how to run ONE program (Hijackthis) and 3) cleanup and 4) any other matters.

    I admit that my pet-hate is Norton, but I am by no means alone, see the numerous problems people have with that bloatware.

    Anyway, rest for me to say good riddance.
  12. Spike

    Spike Newcomer, in training Posts: 2,371

    I wonder if Bill Gates will use that line at his next conference?

    "Adwaware, Spybot, or anything else that isn't our new-fangled anti spyware "feature" is complete and utter rubbish, because, Afterall, that's what Microsoft has done, 24/7, with mega resources and top paid talent. Anyone thinking that they alone are better than that, is just on a self centered, premadonna trip."

    I really do fail to see how anyone who's experience of computers only spans as far as running them by assuming that the 'top brand' software they install will fix all their problems, can possibly give better advice than a person who could, if desired, work out how to remove a problem manually given enough time.

    I have some news for this person they may not like to hear.

    I installed pestpatrol myself once. It detected all manner of negligable threats that I really couldn't care less about. In return, it caused me nothing but problems. This was a long time ago now, but my experience of pestpatrol is that it made montains out of molehills, and really wasn't worth the bother of installing it.

    as for ANY norton product, well, it's much like the AOL client, in that it's bloated, most commonly attacked by the people writing these virii, worms and trojans, and personally I've not seen ONE person with it that hasn't found that it made their system more unstable. Additional software should should run on top of an operating system as much as possible, not compete with it or become part of it.
  13. olefarte

    olefarte TechSpot Ambassador Posts: 1,427

    Well said Spike.

    I've had Pest Patrol on two different occasions, and I can't say anything good about it. I've sure there are many people who like it, (obviously), but it found to many false postives for me. I think if I had let it remove everything it found, I would have been in big trouble, and for novice users who might think it is a cure all, this could be a huge problem. Besides, one program is not going to fix all problems. If I sold Pest Patrol or got a commision from it, I might be more inclined to recommend it.

    As to the piles that have been heaped on RealBlackStuff, it is hard to believe that a new member to TechSpot, could be so harsh on somebody who spends so much time here giving GOOD advice, and for FREE. Keep up the good work RBS.
     
  14. Paul

    Paul Newcomer, in training Posts: 97

  15. Spike

    Spike Newcomer, in training Posts: 2,371

    Err, Lets look at this one logically for a moment.

    At no time has RBS stated that he knows absolutely everything, and I'm sure even he himself will admit that he doesn't. It's not a rational possibility for ANYBODY. Many people who know what they are talking about are very sure about what they say, but don't say what they don't know. This is normal.

    Moreover, where the hell did you get that idea in the first place? Is this a personal grudge thing you have here?

    On the subject of googling, where exactly are you seeing the suggestion that it was copied and pasted? I'm not seeing it. Another thing is that there's nothing wrong with googling for an answer. It's still an answer. Likewise, there's nothing wrong with copying and pasting if another place has the same info. It saves time. I would be very suprised though, if out of all the HJT logs on various sites out there RBS had found an answer to an exact copy of the HJT log in question. That would take a fair amount of time.

    Yet again, even if RBS DID google for an answer, and personally I'm not really all that sure that he did, then in order to give a correct answer, you have to know what your doing to pick an answer that's right!!!

    RBS, as Olefart said, has helped a large number of people on these forums greatly. There's nothing wrong with that, nomatter how it's done.
  16. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    For what it's worth, I check out nearly every program that I advise to STOP or uninstall.
    Of those, anybody who has been sifting through these logs as long as I have, can recognize many of them as non-regular programs. When not sure, do a Google with the name. The results (or lack of them) tell you if such a program is a pest ot not.
    I recognize a lot of them straight away from having dealt with them before.
    My method is NOT a hit-and-miss affair, read the many thank-yous.
    As stated by others, I have never said (and never will) that I know everything, but I DO know a lot about quite a few different things. If I see people giving wrong advise, I will sometimes react to that. I have no personal vendetta's against anyone specifically.
    I have always worked for myself as a contractor, because I am not known for being diplomatic (my wife agrees, and she should know), and I don't like working in a team.
    I will be 60 next month, but that has not shrivelled my brain (or any other part of my body, luckily).
    As long as people are willing to follow my advise, I'll be helping where I can. Stepping on toes is sometimes unavoidable, but most of the times unintentional and certainly without any malignancy.

    And before I Forget, thanks guys for the moral support.
    'Nuff said, there are more important things to do.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.