Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

razespyware problem/[bleep]

Started by messed_up , Nov 24 2005 08:24 PM

  • Please log in to reply

#1
messed_up
Posted 24 November 2005 - 08:24 PM

messed_up

    New Member

  • Member
  • Pip
  • 1 posts
I thought I was downloading a different file but it turns out I downloaded some crazy virus and adware. I thought- no worries I'll use AVG to heal everything. Nope- now I'm a little screwed as my computer can only load in safe mode.
I tried restarting with the last good configuration. Nope didn't work.
The main message is some weird different screen of death- it might be a 2000 thing, but it says:

"STOP: c0000263 {Driver Entry Point Not Found}
Th|e\??\H:\winnt\system32\drivers\386i.sys device driver could locate the entry point InterlockedPopEntrySList in driver ntoskrnl.exe??????????

If this is the first time you see this Stop error screen restar your computer. If this is a new installation check for 2000 updates.

If problems continue disable or remove any newly installed hardware or softwqare."

then it says to use safe mode and look in the manual. which I of course don't have.

I can also start up in safe mode only but of course with no internet access.

Hey also when I start now the comp says the CMOS sees a wrong memory count and stuff. So I turned of the BIOS Cache is that the right thing to do?
It looks like it's a program called RAZe Spyware that I can't remove. :-( I followed some instructions from someone else's problem with this. But I can't use the pandascan as I have no internet access.
Here is the hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 2:29:17 AM, on 6/26/2002
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINNT\System32\smss.exe
H:\WINNT\system32\services.exe
H:\WINNT\system32\lsass.exe
H:\WINNT\system32\svchost.exe
H:\WINNT\System32\WBEM\WinMgmt.exe
H:\WINNT\system32\rundll32.exe
H:\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe "H:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F3 - REG:win.ini: run=H:\WINNT\inet20003\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [D-Link AirPlus G] H:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] H:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] H:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] H:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] H:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] H:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [PayTime] H:\WINNT\system32\paytime.exe
O4 - HKLM\..\Run: [Debugger] H:\WINNT\msstream.exe
O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SysMemory manager] h:\winnt\system32\mdms.exe
O4 - HKCU\..\Run: [Yahoo! Pager] H:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "H:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [PayTime] H:\WINNT\system32\paytime.exe
O4 - Global Startup: Acrobat Assistant.lnk = H:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - H:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - H:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: Applets - H:\WINNT\system32\ir64l5jq1.dll
O20 - Winlogon Notify: avpe32 - H:\WINNT\SYSTEM32\avpe32.dll
O20 - Winlogon Notify: msctl32.dll - H:\WINNT\system32\msctl32.dll
O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - H:\WINNT\system32\oniapiff.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - H:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - H:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - H:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP