Thread: Urllogic and Loadingwebsite popups (and others), plus IGetNet. Please help!
View Single Post
Old 02-28-2005, 01:16 PM   #1 (permalink)
innocent_knives
Registered User
 
innocent_knives's Avatar
 
Join Date: Feb 2005
Posts: 16
OS: WinXP


Red Faced Urllogic and Loadingwebsite popups (and others), plus IGetNet. Please help!
I'm sure that I've had spyware on my computer for a long time, but I never really started having noticeable problems until around two weeks ago when I began to see urllogic and loadingwebsite pop-ups. Other popups include bidz.com, some insurance pop-ups, and some pop-up about a ringtone with an animation on it.
Before any of this happened, I had never had any problems with pop-ups.

In attempt to get rid of these things, I've been trying to "do my homework" and thus found this forum. I've been trying to follow other threads and in the last two weeks I have installed Ad-Aware, Spybot, HijackThis, l2mfix, Ispfix, and Hijack Analyzer.
All of these programs have proved to be very useful and with them I seem to have managed to correct some things.
I *did* find a lot of spyware on my computer using Ad-Aware and Spybot, including VirtualBouncer, NetworkEssentials, Ezula, ntechin, SED(inetfuel?), and others.
These continued to return again and again, despite my efforts with Spybot, but after downloading HijackThis and working with the TeaTimer on Spybot (making sure it doesn't allow these programs to be added to the registry), they *seem* to have finally subsided (haven't seen them in a few days, which was a rarity before), yet there are still some problems which refuse to go away.

I have explained the pop-ups I have been getting. I also currently have a program called "DMVlite" on my Add/Remove programs... which I thought I had gotten rid of once via the registry, but it seems to have returned. At this point, I should add that trying to uninstall it by using Add/Remove programs is futile because it leads you to their website where it supposedly allows you to uninstall. It didn't seem to remove anything that I could see.

IGetNet (for now) is the only problem that SpyBot can detect, but it doesn't seem to be able to be removed. It says that something is still in the registry, but even when SpyBot runs on the next restart, it can't remove it.
I did try to follow the manual removal instructions that I found here:
http://www.spyany.com/program/articl...m_IGetNet.html
, but I kept getting a message saying: "LoadLibrary ("BHO.DLL") failed - The specified module could not be found."
for each file that I tried to disable.

I currently have Norton AntiVirus 2002 and I am running Windows XP.

((Sorry for the lengthy post; I'm just trying to give you all the details you might need.))

Below is the HijackThisAnalyzer log.

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 1:15:11 PM, on 2/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\wivwkk.exe
C:\Program Files\Turbospeed\PxUi.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Turbospeed\PxClient.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6198
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = clinic.mcafee.com; bin.mcafee.com; download.mcafee.com;<local>
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [PxClient.exe] "C:\Program Files\Turbospeed\PxUi.exe" /Automation
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Semagic.lnk = C:\Program Files\Semagic\LiveJournalU.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
O8 - Extra context menu item: &Define - C:\WINDOWS\Web\ERS_DEF.HTM
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\ERS_SRC.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINDOWS\Web\ERS_ENC.HTM
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d...ll/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/engli...layerAxWin.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw14fd.law14.hotmail.msn.com/...x/HMAtchmt.ocx
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


End of HijackThis Analyzer Log.
===========================================================================================================================


You are my only hope. Thank you!
__________________
~Innocent_Knives~
innocent_knives is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here