wxsdmoe.dll and bw2.com trouble!!

Question

WatermelonX 0 Light Poster

18 Years Ago

Hello all, recently my computer has been acting very weird and it keeps on redirecting my browser to other pages and popups keep appearing. I've used Ad-Aware SE, Spybot, cwshredder, and even Ewido and I just can't remove these:

    [2020] C:\WINDOWS\system32\wxsdmoe.dll -> Adware.Look2Me : Error during cleaning
    [408] C:\WINDOWS\system32\wxsdmoe.dll -> Adware.Look2Me : Error during cleaning
C:\WINDOWS\Temp\bw2.com -> Adware.Zestyfind : Error during cleaning

(above was taken from my Ewido scan report)

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:51:01 PM, on 2/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\AIM\aim.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\gpn0l35m1.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y2hpaC1waW4gSHN1\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

PLEASE help if you can, this has been bothering me for a long time. :sad:

windows-virus

Edited 11 Years Ago by diafol because: fixed formatting

2 Contributors
7 Replies
199 Views
14 Hours Discussion Span
Latest Post 18 Years Ago Latest Post by WatermelonX

All 7 Replies

'Stein 150 Lapsed Skeptic

18 Years Ago

according to some other forums, this might work, but for all i kno its more spyware....so mabe ya should wait until somebody smarter posts, but ya, ya might wanna try this if ure desperate

http://www.bestoffersnetworks.com/uninstall/

'Stein 150 Lapsed Skeptic

18 Years Ago

Alrite, I kinda read ure HJT log (I really dont kno if ya should do it or not, seing that im new at reading HJT logs...)
But, I THINK i've found some bad stuff:

O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\gpn0l35m1.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Y2hpaC1waW4gSHN1\command.exe (file missing)

Now, I dont even trust myself too much, so i dunno if ya wanna fix um or not.... I'd wait until someone better looks at it.

In addition, I cross checked ure HJT log on an online analyzer, and it found the same things i did, just to let ya kno.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

WatermelonX 0 Light Poster · Answer 1 · 2006-02-12T03:30:46+00:00

Actually, (can't edit post) it's just A LOT of redirecting andpopups...I deleted bw2.com and wxsdmoe.dll, it's something called "uneg.dll" that was in Ad-Aware taht is calssified as VX2 which I can't remove...

WatermelonX 0 Light Poster · Answer 2 · 2006-02-12T04:09:50+00:00

Specifically:
http://www.buyer-shabit.com/normal/yyy65.html
http://www.smashitsusa.com/vendare.html
http://www.ecommerc-e.com/normal/XBDYUS.html
http://www.hug-ediscounts.com/normal/yyy65.html
http://www.z404.com/ad/az_landing_asap.php
http://www.mediapurchases.com/normal/yyy65.html

WatermelonX 0 Light Poster · Answer 3 · 2006-02-12T08:51:35+00:00

Well, I found out that I have the Look2Me/VX2 variant which is pretty hard to remove. I downloaded lm2fix, but the log NEVER shows up. Help?...

WatermelonX 0 Light Poster · Answer 4 · 2006-02-12T09:24:20+00:00

According to the HJT online analyzer stuff, the first one is unkown, the second one is safe, and the third one is not necessary. Whenever I delete the third one it comes back on...so yeah.

WatermelonX 0 Light Poster · Answer 5 · 2006-02-12T11:18:10+00:00

Nevermind, I got rid of Look2Me. Thanks for the help anyways jhay116. :cool:

wxsdmoe.dll and bw2.com trouble!!

Recommended Answers Collapse Answers

All 7 Replies

Recommended Answers