|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!
|
|
#1
June 2nd, 2004, 04:37 PM
|
|||
|
|||
|
Help Tom! hijackthis log included
Logfile of HijackThis v1.97.7
Scan saved at 5:32:59 PM, on 6/2/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\SonicWALL\SonicWALL VPN Client\IreIKE.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\WINNT\System32\drivers\CDAC11BA.EXE C:\WINNT\system32\ZoneLabs\isafe.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINNT\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe C:\WINNT\System32\NMSSvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\SYSTEM32\ZoneLabs\vsmon.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\rundll32.exe C:\Program Files\SysAI\SysAI.exe C:\WINNT\uptodate.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\pcs\pcsvc.exe C:\Program Files\Common Files\Dpi\dpi.exe C:\Program Files\FSI\F-Prot\F-StopW.EXE C:\WINNT\system32\rundll32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\system32\internat.exe C:\Program Files\AIM95\aim.exe C:\Documents and Settings\pmchenry\Application Data\oeet.exe C:\WINNT\system32\wnsintsv.exe C:\Program Files\NoAds\NoAds.exe C:\Program Files\SonicWALL\SonicWALL VPN Client\SafeCfg.exe C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\wzqkpick.exe C:\unzipped\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32/left.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = URL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = URL R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL (file missing) O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll O2 - BHO: (no name) - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINNT\system32\inetp60.dll O2 - BHO: (no name) - {0DDBB570-0396-44C9-986A-8F6F61A51C2F} - C:\WINNT\system32\msiefr40.dll O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINNT\system32\stlbdist.DLL O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) O2 - BHO: (no name) - {6FCC58ED-3337-40E2-ACA4-3136FFC8A22A} - C:\WINNT\system32\iaspenrf.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Adult Links - {965E6B07-6832-4738-BDBE-25F226BA2AB0} - C:\WINNT\system32\QaBar.dll (file missing) O3 - Toolbar: (no name) - {F7B9867C-9714-4EC4-AA31-E1F2379F446F} - (no file) O3 - Toolbar: SuperBar - {F4F6E872-3305-435F-B9F3-4F300091DFF2} - C:\Program Files\_SUPERBAR\_SUPERBAR.dll O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINNT\system32\stlbdist.DLL O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [] c:\WINNT\System32\ O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINNT\system32\stlbdist.DLL,DllRunMain O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe O4 - HKLM\..\Run: [Rundll32_7] rundll32.exe C:\WINNT\system32\msiefr40.dll,DllRunServer O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\pmchenry\LOCALS~1\Temp\tb_setup.exe /dcheck O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINNT\system32\inetp60.dll,DllRunServer O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [Internat.exe] internat.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [zzb] c:\WINNT\System32\zzb.exe O4 - HKCU\..\Run: [Brct] C:\Documents and Settings\pmchenry\Application Data\oeet.exe O4 - HKCU\..\Run: [WNSC] C:\WINNT\system32\wnsintsv.exe O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe" O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE O4 - Global Startup: SonicWALL VPN Client.lnk = C:\Program Files\SonicWALL\SonicWALL VPN Client\SafeCfg.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: AIM (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - URL O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - URL O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - URL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL
|
|
#2
June 2nd, 2004, 04:57 PM
|
|||
|
|||
|
What I have tried so far:
Have run Ad Aware and Spybot Search and Destroy - now neither program will run
Have used antivirii from panda, trend and now zonelabs
|
|
#3
June 2nd, 2004, 05:09 PM
|
|||
|
|||
|
Hi starhunter,
Have you tried running Spybot and Adaware in Safe Mode? Tap F8 while booting. Here's instructions: http://service1.symantec.com/SUPPOR...000030212233639 We need to try and get these two programs running to clear some of that junk out! Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting!
|
|
#4
June 2nd, 2004, 05:54 PM
|
|||
|
|||
|
after ad aware and spybot s&d in safe mode
Here is the latest hijackthis log:
Logfile of HijackThis v1.97.7 Scan saved at 6:53:34 PM, on 6/2/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\SonicWALL\SonicWALL VPN Client\IreIKE.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\WINNT\System32\drivers\CDAC11BA.EXE C:\WINNT\system32\ZoneLabs\isafe.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINNT\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\SonicWALL\SonicWALL VPN Client\IPSecMon.exe C:\WINNT\System32\NMSSvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\SYSTEM32\ZoneLabs\vsmon.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\FSI\F-Prot\F-StopW.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\system32\internat.exe C:\Program Files\AIM95\aim.exe C:\Program Files\NoAds\NoAds.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SonicWALL\SonicWALL VPN Client\SafeCfg.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\unzipped\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32/left.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth R3 - Default URLSearchHook is missing O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {6FCC58ED-3337-40E2-ACA4-3136FFC8A22A} - C:\WINNT\system32\iaspenrf.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: (no name) - {F7B9867C-9714-4EC4-AA31-E1F2379F446F} - (no file) O3 - Toolbar: SuperBar - {F4F6E872-3305-435F-B9F3-4F300091DFF2} - C:\Program Files\_SUPERBAR\_SUPERBAR.dll O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [] c:\WINNT\System32\ O4 - HKLM\..\Run: [Pcsv] C:\WINNT\system32\pcs\pcsvc.exe O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\pmchenry\LOCALS~1\Temp\tb_setup.exe /dcheck O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [Internat.exe] internat.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [zzb] c:\WINNT\System32\zzb.exe O4 - HKCU\..\Run: [Brct] C:\Documents and Settings\pmchenry\Application Data\oeet.exe O4 - HKCU\..\Run: [WNSC] C:\WINNT\system32\wnsintsv.exe O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE O4 - Global Startup: SonicWALL VPN Client.lnk = C:\Program Files\SonicWALL\SonicWALL VPN Client\SafeCfg.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: AIM (HKLM) O10 - Broken Internet access because of LSP provider 'imslsp.dll' missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - URL O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - URL O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - URL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL
|
|
#5
June 2nd, 2004, 07:24 PM
|
|||
|
|||
|
Open Task Manager and end the following processes if running:
dpi.exe tb_setup.exe id53.exe zzb.exe oeet.exe wnsintsv.exe Run HijackThis, place a checkmark next to the following items. Close ALL other windows and browsers except HijackThis. Click "fix checked". R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32/left.html R3 - Default URLSearchHook is missing O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O3 - Toolbar: (no name) - {F7B9867C-9714-4EC4-AA31-E1F2379F446F} - (no file) O4 - HKLM\..\Run: [] c:\WINNT\System32\ O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\pmchenry\LOCALS~1\Temp\tb_setup.exe /dcheck O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe O4 - HKCU\..\Run: [zzb] c:\WINNT\System32\zzb.exe O4 - HKCU\..\Run: [Brct] C:\Documents and Settings\pmchenry\Application Data\oeet.exe O4 - HKCU\..\Run: [WNSC] C:\WINNT\system32\wnsintsv.exe Show hidden files: How to Show hidden files and folders. http://www.xtra.co.nz/help/0,,4155-1916458,00.html Boot into Safe Mode. Here's instructions: http://service1.symantec.com/SUPPOR...01052409420406/ Delete the folloing files: C:\DOCUME~1\pmchenry\LOCALS~1\Temp\tb_setup.exe c:\WINNT\System32\zzb.exe C:\Documents and Settings\pmchenry\Application Data\oeet.exe C:\WINNT\system32\wnsintsv.exe Delete the following Folders: C:\Program Files\Common Files\Dpi\ c:\installer\ Reboot normally and post a new log. Tom
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Help Tom! hijackthis log included |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
