|
WE HAVE MOVED. Please see our NEW Computer Forums |
11-6-2009: Sorry for the inconvenience. We finally upgraded to vBulletin 3 !! See you there, Larry Hijack This Log / Panda ScanGo to the Tech-Forums Discussion Home PagePosted by: daddy_ray Guys...Ive been hosed !!! My #&^% is tore up. Please review and assist in anyway possible. Win 98 SE, P4 2.8, 1 gb PC3200, Radeon 9200 Review and assist... Also having trouble booting up in safe mode. Also, I am running Iopus Starr PC Monitor so ignore that, however I have noticed that I have Ispynow running also...That is not by choice ! Thanks, Ray Logfile of HijackThis v1.99.1 Scan saved at 07:30:32 PM, on 4/23/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\WSYS.EXE C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\SMARTBRIDGE\MOTIVESB.EXE C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE C:\PROGRAM FILES\ANTI-SPYWARE BLOCKER\ANTI-VIRUS.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\NOTEPAD.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ptktzkxk.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine:// C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csea rchplugins%5CSBWeb_02.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ptktzkxk.slt\prefs.js) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\TOOLS\IESDPB.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\TOOLS\IESDSG.DLL O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\DLMAX.DLL O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\GRISOFT\AVG7\AVGREGCL.EXE /BOOT O4 - HKLM\..\RunServices: [windll] C:\WINDOWS\SYSTEM\wsys.exe O4 - HKLM\..\RunServices: [avgamsvr.exe] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE O4 - Startup: Anti-Spyware Blocker.lnk = C:\Program Files\Anti-Spyware Blocker\Anti-Virus.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\TOOLS\IESDPB.DLL O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url] O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - [url]http://www.webshots.com/samplers/WSDownloader.ocx[/url] O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - [url]http://www.live365.com/players/play365.cab[/url] O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - [url]http://messenger.yahoo.com/maintenance/patch.cab[/url] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url] PANDA SCAN 04-23-05 Adware:Adware/Transponder No disinfected C:\WINDOWS\DLMAX.DLL Adware:Adware/SaveNow No disinfected Windowsregistry Adware:Adware/nCase No disinfected C:\Temp\FLEOK Spyware:Spyware/BetterInet No disinfected Windows Registry Adware:Adware/BookedSpace No disinfected C:\WINDOWS\bsx32 Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\All Users\Application Data\AdDestroyer Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.ini Adware:Adware/NavHelper No disinfected C:\Program Files\Ares Spyware:Spyware/LZIO-Media No disinfected C:\WINDOWS\io2uns.exe Adware:Adware/WUpd No disinfected Windows Registry Adware:Adware/EliteBar No disinfected C:\WINDOWS\Favorites\Casino & Carrers Adware:Adware/HuntBar No disinfected C:\WINDOWS\SYSTEM\EDOW_AS2.EXE Adware:Adware/Beginto No disinfected C:\WINDOWS\SYSTEM\NSM10D0.DLL Adware:Adware/Transponder No disinfected C:\WINDOWS\dlmax.dll Adware:Adware/Pacimedia No disinfected C:\WINDOWS\SYSTEM\pacis.exe Adware:Adware/eZula No disinfected C:\WINDOWS\SYSTEM\topsys.exe Adware:Adware/Beginto No disinfected C:\WINDOWS\SYSTEM\nsm10D0.dll Adware:Adware/HuntBar No disinfected C:\WINDOWS\SYSTEM\EDow_AS2.exe Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM\cxtpls_loader.exe Adware:Adware/StartPage.DD No disinfected C:\WINDOWS\SYSTEM\temperror32.dat Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\PYNIX.INF Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\DLMAX.INF Adware:Adware/Transponder No disinfected C:\WINDOWS\DLMAX.DLL Adware:Adware/WUpd No disinfected C:\Program Files\Hijack This\backups\backup-20041014-203655-511.inf Adware:Adware/Transponder No disinfected C:\Program Files\Hijack This\backups\backup-20050419-190921-532.dll Adware:Adware/Transponder No disinfected C:\Program Files\Hijack This\backups\backup-20050420-192839-370.dll Spyware:Spyware/pcAudit No disinfected C:\My Downloads\pcaudit.exe Adware:Adware/HuntBar No disinfected C:\NULL Posted by: Lobos Run [b]HiJackThis[/b] then: 1. Click "[b][i]Config...[/i][/b]" 2. Click "[b][i]Misc Tools[/i][/b]" 3. Click "[b][i]Open Process manager[/i][/b]" - Next, while holding down the [b]CTRL[/b] key, locate ([i]if present[/i]) and click on ([i]highlight[/i]) each of the following: [b][color=#000000]C:\WINDOWS\SYSTEM\[/color][color=#ff0000]WSYS.EXE[/color][/b] Now double-check and make sure that only those item(s) above are highlighted, then click "[b][i]Kill process[/i][/b]". Now, click "[b][i]Refresh[/i][/b]", check again, and repeat this step if any remain. =============== Now, let's open a [b]command prompt[/b] and unregister the dll(s) we're going to remove, by entering the following: [b][color=#000099]regsvr32 /u[/color] [color=#ff0000]DLMAX.DLL[/color][/b] It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing. =============== Run [b]HiJackThis[/b] and click "[b][i]Scan[/i][/b]", then check(tick) the following, if present: [color=#9933cc][b] O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\DLMAX.DLL [/b][/color] [color=#9933cc][b] O4 - HKLM\..\RunServices: [windll] C:\WINDOWS\SYSTEM\wsys.exe [/b][/color] Now, with all windows closed except [b]HiJackThis[/b], click "[b][i]Fix checked[/i][/b]". =============== When your done, rescan your system and make sure the [color=#ff0000]following[/color] isn't present: [b][color=#9933cc]N3 - Netscape[/color] ... [color=#ff0000]5CSBWeb_01.src[/color][/b] ([i]or[/i]) [b][color=#ff0000]5CSBWeb_02.src[/color][/b] If it is, then fix that entry again; sometimes it'll take more than one pass. The actual entry is ok, and won't be deleted, it's the java wrapper marked in [b][color=#ff0000]red[/color][/b] that needs to be removed. =============== Locate and [color=#ff0000][i]delete the following item(s)[/i][/color], if present. Make sure your able to view system and hidden files/ folders: [i]files...[/i] [b]C:\WINDOWS\SYSTEM\[color=#ff0000]WSYS.EXE[/color][/b] [b]C:\WINDOWS\[color=#ff0000]DLMAX.DLL[/color][/b] C:\Program Files\Hijack This\backups\[b]backup-20050420-192839-370.dll[/b] << This file C:\Program Files\Hijack This\backups\[b]backup-20050419-190921-532.dll[/b] << This file C:\WINDOWS\[b]DLMAX.DLL[/b] << This file C:\WINDOWS\SYSTEM\[b]cxtpls_loader.exe[/b] << This file C:\WINDOWS\SYSTEM\[b]EDow_AS2.exe[/b] << This file C:\WINDOWS\SYSTEM\[b]nsm10D0.dll[/b] << This file C:\WINDOWS\SYSTEM\[b]topsys.exe[/b] << This file C:\WINDOWS\SYSTEM\[b]pacis.exe[/b] << This file C:\WINDOWS\[b]dlmax.dll[/b] << This file C:\WINDOWS\SYSTEM\[b]NSM10D0.DLL[/b] << This file C:\WINDOWS\SYSTEM\[b]EDOW_AS2.EXE[/b] << This file C:\WINDOWS\[b]io2uns.exe[/b] << This file [i]folders...[/i] C:\Temp\FLEOK C:\WINDOWS\bsx32 C:\WINDOWS\All Users\Application Data\AdDestroyer C:\WINDOWS\Favorites\Casino & Carrers C:\Program Files\Ares Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're '[i]in use[/i]', try deleting them from "[url=http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam]Safe Mode[/url]". =============== Post back a new log, and let me know how everything goes. - Lobos. Posted by: daddy_ray I can't boot up in safe mode. I get this error:::: While initializing device VFBACKUP: VFBACKUP could not load VFD.VXD Please run setup again. What does that mean and have you seen this before ? It boots up fine in normal mode. Thanks, Ray Posted by: daddy_ray Also, I can't delete DLMAX.DLL in normal mode because it says that program is running, which was probably obvious. Posted by: Lobos try this for your error [url]http://support.microsoft.com/kb/q150164/[/url] Posted by: daddy_ray used the link u sent and used sfc to restore the vfbackup.vxd file into the windows\system folder i then rebooted and still get the same error when trying to go to safe mode. Question: I restored the file but do i have to do anything else after that before it will work...like enable it ??? Thanks, Ray Posted by: Lobos did you add the commands for it in this file like it said c:\msdos.sys Posted by: Warez Monster Remove entries at your own risk C:\WINDOWS\SYSTEM\WSYS.EXE (WSYS.EXE) STARR key logger. "It logs almost everything that goes through the box. It logs all key strokes, all passwords transacted even if they weren\'t keyed in, all web sites visited, every program launched including the path to that program, and more" O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/...all/xscan53.cab[/url] This entry is possibly nasty. Should be fixed. Spyware:Spyware/LZIO-Media No disinfected C:\WINDOWS\io2uns.exe Unknown running process. (io2uns.exe) This is a unknown process. Adware:Adware/HuntBar No disinfected C:\WINDOWS\SYSTEM\EDOW_AS2.EXE Unknown running process. (EDOW_AS2.EXE) This is a unknown process. Adware:Adware/Pacimedia No disinfected C:\WINDOWS\SYSTEM\pacis.exe Unknown running process. (pacis.exe) This is a unknown process. Adware:Adware/eZula No disinfected C:\WINDOWS\SYSTEM\topsys.exe Unknown running process. (topsys.exe) This is a unknown process. Adware:Adware/HuntBar No disinfected C:\WINDOWS\SYSTEM\EDow_AS2.exe Unknown running process. (EDow_AS2.exe) This is a unknown process. Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM\cxtpls_loader.exe Please Visit the Online Configurator, Email Hosting, Internet Marketing , Computer Schools , Software for Real Estate , AAOutlook , Search Engine Site |