Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

pc mighty max?[RESOLVED]

Started by maudin8 , Mar 22 2005 04:19 PM

This topic is locked

#1
maudin8

Posted 22 March 2005 - 04:19 PM

Member

Member
23 posts

I have been in several forums and have found little info. Is this spyware? does anyone know???

#2
maudin8

Posted 25 March 2005 - 07:54 AM

Member

Topic Starter
Member
23 posts

This is my hijackthis log. it is short and i thought someone might be able to take a quick look at it and see if they see anything. Any advice is greatly appreciated. thx in advance!!

Logfile of HijackThis v1.99.1
Scan saved at 9:59:27 PM, on 3/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.032\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Windows Proxy support DLL - {2DC9D850-144D-11E1-B3C9-10805E499D93} - C:\WINDOWS\System32\winprox.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {9470E8E6-E19F-4675-9832-5DE295F77E89} - C:\PROGRA~1\FOLDER~1\fvhelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: ToolHelper - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\clickpix\clickpix.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Folder View - {DAF2C8C2-1CD1-48F8-A5C6-3B438127A8FD} - C:\PROGRA~1\FOLDER~1\fvband.dll
O3 - Toolbar: CLICKPIX Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\clickpix\clickpix.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Acez Jump Start Screen Saver.lnk = C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: RZ DLL Backup.LNK = C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#3
Guest_thatman_*

Posted 27 March 2005 - 08:44 AM

Guest

Hi maudin8

Welcome to geekstogo!

Please read through the instructions before you start (you may want to print this out).

HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder C:\HJT and place the program into that new folder C:\HJT.

Please set your system to show all files; please see here if you're unsure how to do this.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R3 - Default URLSearchHook is missing
O2 - BHO: Windows Proxy support DLL - {2DC9D850-144D-11E1-B3C9-10805E499D93} - C:\WINDOWS\System32\winprox.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\System32\winprox.dll
C:\WINDOWS\web\related.htm

Exit Explorer, and reboot as normal afterwards.

Post back a fresh HijackThis log and we will take another look.
Kc :tazz:

#4
Dragon

Posted 01 April 2005 - 09:43 AM

All Around Computer Nut

Retired Staff
2,682 posts

Edited after merging posts, sorry thatman

Edited by Efwis, 01 April 2005 - 09:46 AM.

#5
maudin8

Posted 06 April 2005 - 07:07 AM

Member

Topic Starter
Member
23 posts

Here is my log, sorry it took so long, had work to do. anyway, i ran an anti-spyware called bps spyware and it listed the coolwwwsearch. so i followed the path into the registry and deleted it. i ran it after a reboot and it came up again, but the registry was clean. i didn't see anything on hijackthis log. is it showing up because the remover is a trial version? hijackthis picks up everything right?? any more advice would be greatly appreciated. i am trying to clean up my system and tweak it then turn off the restore and use my external HD to make a clean backup. On eother question i had was about safe mode. i rebooted and pressed f8, it gave me a choice of what to boot with but said nothing about "safe", seemed to work though. thanks again. here is my log.

Logfile of HijackThis v1.99.1
Scan saved at 10:53:34 AM, on 4/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
C:\HJT\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {9470E8E6-E19F-4675-9832-5DE295F77E89} - C:\PROGRA~1\FOLDER~1\fvhelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: ToolHelper - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\clickpix\clickpix.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Folder View - {DAF2C8C2-1CD1-48F8-A5C6-3B438127A8FD} - C:\PROGRA~1\FOLDER~1\fvband.dll
O3 - Toolbar: CLICKPIX Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\clickpix\clickpix.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Acez Jump Start Screen Saver.lnk = C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: RZ DLL Backup.LNK = C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#6
Guest_thatman_*

Posted 06 April 2005 - 07:40 AM

Guest

Hi maudin8

Bulletproofsoftcom-sites-now-installing-adware

You need to remove that pile of adware from you system?
Read this and see why. http://netrn.net/spy...talling-adware/

Kc :tazz:

#7
maudin8

Posted 06 April 2005 - 07:47 AM

Member

Topic Starter
Member
23 posts

hmmm, intersting. Does this mean since i am running the trial version, i have all that crap?? i don't remember doing a eula. I guess i should get rid of that program. Would any of that crap show up on my log? was my log alright?? Looking to you for help.

#8
maudin8

Posted 06 April 2005 - 12:24 PM

Member

Topic Starter
Member
23 posts

sorry about the pm, didn't notice.

#9
Guest_thatman_*

Posted 07 April 2005 - 01:48 AM

Guest

Hi maudin8

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:

#10
maudin8

Posted 08 April 2005 - 12:20 PM

Member

Topic Starter
Member
23 posts

i'm am posting from a different machine than my own, internet not available for online virus scan. here is my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 10:53:34 AM, on 4/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
C:\HJT\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {9470E8E6-E19F-4675-9832-5DE295F77E89} - C:\PROGRA~1\FOLDER~1\fvhelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: ToolHelper - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\clickpix\clickpix.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Folder View - {DAF2C8C2-1CD1-48F8-A5C6-3B438127A8FD} - C:\PROGRA~1\FOLDER~1\fvband.dll
O3 - Toolbar: CLICKPIX Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\clickpix\clickpix.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Acez Jump Start Screen Saver.lnk = C:\Program Files\Acez Jump Start Screen Saver 1.1\jumpstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: RZ DLL Backup.LNK = C:\Program Files\RZ DLL Backup\RZDLLBackup.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:\WINDOWS\acezlink.htm
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thank you.

#11
Guest_thatman_*

Posted 22 April 2005 - 11:30 AM

Guest

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.