|
Can't Boot Into Safe Mode
|
|
|
TheBlaze
Junior Member
|
29. December 2005 @ 08:15 |
Link to this message
|
I have a few more spyware programs on my computer and no matter how many times and how many different removal programs I use to get them off, they won't leave. I tried to boot into safe mode because that's what I usually do when this happens and it won't let me. When I type in "msconfig" in run it says "Windows cannot find 'msconfig'. Make sure you typed the name correctly, and then try again. To search for a file, click on the start button and click search." It's never done that before. I normally run safe mode through msconfig. Then I tried loading safe mode through pressing F8. The screen won't come up. I don't know how I'm supposed to remove the programs if I can't boot into safe mode. The programs that have come up so far as being spyware are IPinsight, Blazing Tools Perfect Keylogger, Viewpoint Toolbar, and Accoona Toolbar if that means anything.
Here is my HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:17:19 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Peer Guardian 2] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Norton] C:\Program Files\Norton AntiVirus\NAVW32.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Verizon Online.lnk = C:\Program Files\Verizon Online\VOLSW\Verizon Online.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/0.8.0794.44/WinSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase2213.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF627F73-4616-459C-9654-4172E84433E7}: NameServer = 151.203.0.84 151.202.0.84
O20 - AppInit_DLLs: C:\Program Files\Agnitum\Outpost Firewall 1.0\wl_hook.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
This message has been edited since posting. Last time this message was edited on 29. December 2005 @ 08:36
|
|
Advertisement
|
 |
|
|
|
-kemisti-
AfterDawn Addict
|
29. December 2005 @ 08:35 |
Link to this message
|
|
|
|
TheBlaze
Junior Member
|
29. December 2005 @ 08:37 |
Link to this message
|
|
Where should I save the msconfig file to? Is there a certain system folder it should be in?
|
|
-kemisti-
AfterDawn Addict
|
29. December 2005 @ 08:51 |
Link to this message
|
|
|
Senior Member
|
31. December 2005 @ 01:52 |
Link to this message
|
some of that adware youve got is very bad heres how to get rid of it,
ipinsight is quite serisous and you must get rid of it as your privacy is being invaded.
Before you can delete files, you have to first stop all the IPinsight processes that are running.
Do this by ending all processes from the Task Manager.
Press CTRL+ALT+DELETE to open the Windows Task Manager. If you see multiple "tabs," click on the "Processes" tab. For each process that you would like to kill, find the process name in the list, click it to select it, and click the "End Process" button.
click start>run> type regedit> navigate through the registy tree untill you find theese vuales
{297AFC77-2039-4D3C-BEF9-598819EB2C8A}
IPInsigt.IPInsigtObj.1
{BE35582C-9796-4CF1-AED9-556ADA120B38}
IPInsigt.IPInsigtObj, highlight them and press delete.
To un-register a DLL file, first locate the file on your hard drive.
Open a command prompt window by clicking on the Windows "Start" button,
clicking "Run," and typing "cmd" into the box in the Window that appears. Click "OK."
Next type "regsvr32 /u " and press the "ENTER" key.
For example, to un-register a file called "myDll.dll" which is located in
the "C:\windows\system32" folder, your would type
"regsvr32 /u C:\windows\system32\myDll.dll" and press the "ENTER" key.
delete theese file entries
IPinsight
ipinsight.exe
SENTRY
sentry.exe
sentry.ini
step 2, get rid of blazing tools perfect keylogger, bpk.exe is what itll call it in task manager but i cant see it in that log so serach the hard drive for it (click my computer> click (c:) and at the side click search for files and folders and serach the hard drive for bpk.exe, if you find it delete it but remember youll only get it out if you terminate the process.
step 3, get Viewpoint Toolbar out,
look in add or remove programs(they may not be there)
mtsaxinstaller.exe
viewmgr.exe
search the hard drive for
axmetastream.dll
swfview.dll
viewbar.dll
viewbarbho.dll
and delete them,
also search for theese direstories
%programfilesdir%\viewpoint\
%profiles%\application data\viewpoint\
go to Start>Control Panel>Add/Remove and see if Accoona Toolbar is listed there, it might be, also spybot search and destroy can sometimes help with this one.
http://www.download.com/Spybot-Search-Destroy/3000-8022-10122137.html
if that dont work then try this,
Open SpyBot, check for and get any updates available, close all browsers, check for problems and fix everything found. Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except (Spybot version 1.4)
Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.
Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach that report.
you should be able to delete its folder now,
get rid off all theese and you may have some luck, once you get msconfig back then stop them from starting up.
This message has been edited since posting. Last time this message was edited on 31. December 2005 @ 05:58
|
Senior Member
|
31. December 2005 @ 02:15 |
Link to this message
|
|
lol, sorry jjssj and sunny but i cant chill untill i solve the problem.
also fix theese lines in your hjt log
C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
This message has been edited since posting. Last time this message was edited on 31. December 2005 @ 10:17
|
|
TheBlaze
Junior Member
|
31. December 2005 @ 11:13 |
Link to this message
|
|
Sorry it's taken me so long to reply. I've been messing around with my wireless router for the past few days trying to get it to work. Finally I got fed up and just hooked my DSL modem back in directly.
For running processes there are two processes called "IPClient". Could that be IPinsight? Or is it something else?
Edit: Sorry I just noticed what was posted above.
This message has been edited since posting. Last time this message was edited on 31. December 2005 @ 11:14
|
|
TheBlaze
Junior Member
|
31. December 2005 @ 11:52 |
Link to this message
|
|
When I searched for the IPinsight files on my computer it didn't come up with any of the files that I was told to unregister. It came up with "VisualIPInsight" folder for Verizon. Should I do anything with that?
|
Senior Member
|
31. December 2005 @ 13:42 |
Link to this message
|
yep VisualIPInsight thats what you want, go ahead and delete it, also fix the lines i told you to before you delete it, and then it once its deleted it would be a good idea to run a registry issue scan with ccleaner if you havnt got it heres the site,
http://www.ccleaner.com/download126.asp
then search for it aggain, all its components are in the folder and once youve got rid of that it should be gone but its the type of spyware that ypu delete in safe mode realy but well see how it goes for now.
|
|
TheBlaze
Junior Member
|
1. January 2006 @ 13:02 |
Link to this message
|
|
When I try to go into Help & Support it says "helpctr.exe" cannot be found. Anyone know where to download this? It seems like all of the crap I've had on my computer has deleted a lot of important files.
|
|
TheBlaze
Junior Member
|
1. January 2006 @ 13:11 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 1. January 2006 @ 13:15
|
|
Advertisement
|
|
|
|
ddp
Moderator
|
1. January 2006 @ 13:36 |
Link to this message
|
|
|
