Er problem

Mitosis · July 06, 2004, 09:12 PM

Eh guys, I dont know which thing is causing this. Storm.Id helped me delete Blss.exe but the problem keeps going on and on. I have used spybot SnD and I still have this.

http://clite.zodiaclegends.com/

those 3 pictures are screen shots of the performences.

Pretty much what happens is every 10ish mins my browser opens up to an angelfire page "pwnage clan and hacks" if anyone knows how to get rid of this thanks!

Hitmen · July 06, 2004, 09:25 PM

First of all, try a scan at http://housecall.trendmicro.com

cefx- · July 06, 2004, 09:33 PM

Start -> Run -> msconfig - "OK"

Services Tab:
- Check the checkbox Hide all Microsoft services.
- Click disable all.
Startup Tab:
- click disable all. (Yes. Disable ALL.)

Click apply, close, and restart.
Restart twice. Resetting services takes two restarts.

Then get on the web, run a scan at:
http://housecall.trendmicro.com or
http://www.pandasoftware.com | and
http://www.pestscan.com

If stuff turns up in PestScan, get Ad-Aware, HijackThis, and CW-Shredder.

Those will fix you right up.

Hazard · July 06, 2004, 09:36 PM

Scan with this and post the logs.

muert0 · July 06, 2004, 10:42 PM

update spybot and reboot your computer. tap f8 until you get an option to boot into safemode. Run spybot in safe mode. Reboot and run trendmicros housecall like they said.
By the way what browser are you using?

cefx- · July 07, 2004, 12:01 AM

Safe Mode isn't always the best.
If someone has dial-up. ;p

muert0 · July 07, 2004, 12:03 AM

QuoteSafe Mode isn't always the best.
If someone has dial-up. ;p

Could you explain?

cefx- · July 07, 2004, 12:20 AM

Yes.

Safe Mode and/or Safe Mode with networking does not allow for individuals with PPP or PPPoE connections.
The support for such things is not there in those modes.
Ergo, Dial-Up and Broadband users such as SBC Global, will not be able to use the internet.

Generally speaking, you want to have access to the internet when performing troubleshooting from a technical support point of view. Countless reboots aren't an option.

Quick solution: format/reinstall

muert0 · July 07, 2004, 12:41 AM

Read my post again I said update your spybot and reboot. You don't have to reformat if it's just a virus or spyware.

cefx- · July 07, 2004, 01:07 AM

You've never seen serious cases with virus and spyware. :p

Trust me.
Call Microsoft.

We'll tell you the same thing.

effect · July 07, 2004, 03:41 AM

Thats why he said "Quick Solution" go READ his post again dumbass

Mitosis · July 07, 2004, 06:58 AM

Meh I am downloading everything from Pandasoftware. Pest scan wont work. well now it has become very disturbing. Gay porn shit is fucking popping up and I want to smash my moniter.

I am using Mozzila FireFox.

Hazard · July 07, 2004, 09:05 AM

Quote from: Hazard on July 06, 2004, 09:36 PM
Scan with this and post the logs.

cefx- · July 07, 2004, 09:11 AM

Boot into Safe mode with networking and perform the instructions I outlined, as well as Hazard's.

Mitosis · July 07, 2004, 07:21 PM

Logfile of HijackThis v1.97.7
Scan saved at 5:20:57 PM, on 7/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\taskmngrs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\sesinetd.exe
C:\WINDOWS\System32\hserver.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\cLite\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clite.net/
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] taskmngrs.exe
O4 - HKLM\..\Run: [Microsoft Update] wuammgr32.exe
O4 - HKLM\..\Run: [MSR] msr.exe
O4 - HKLM\..\Run: [msn] msnmsgr.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [blss] C:\Program Files\blss\blss.exe
O4 - HKLM\..\Run: [WebRebates] javaw -cp "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] taskmngrs.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuammgr32.exe
O4 - HKLM\..\RunServices: [MSR] msr.exe
O4 - HKLM\..\RunServices: [msn] msnmsgr.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] taskmngrs.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKCU\..\Run: [msn] msnmsgr.exe
O4 - HKCU\..\Run: [Microsoft Update] wuammgr32.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Web Rebates - file://c:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1087218294453
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38151.7664351852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{82BC38FE-48F2-4A5F-A797-15EE36E9F4C2}: NameServer = 209.226.175.223 198.235.216.111

Now what do I do?