MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Hijack this log
November 13, 2019, 02:32:59 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 13, 2019, 02:32:59 PM

Login with username, password and session length
 Featured Sites:
News
New  Check out our improved Download section for tons of software....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: Hijack this log  (Read 3222 times)
snail
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« on: July 27, 2004, 10:12:35 PM »

this is from my computer at work
it is linked up to the university network
the problem is i have all sorts of popups etc.
i have run adaware, and spybot but nothing seems to work
i also switched over to mozzilla firefox but IE still
throws popups at me even though i havn't used it in a week
thanks in advance for any help



Logfile of HijackThis v1.97.7
Scan saved at 5:48:13 PM, on 7/27/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\system32\desk95.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Documents and Settings\sburch.AD\Desktop\HijackThis.exe

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: Dogpile Toolbar - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - C:\Program Files\DogpileToolbar\ultrabar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
O3 - Toolbar: Default bind meta - {E99E7521-CA25-40C5-F321-B5CD7B407193} - C:\PROGRA~1\AIMBIT~1\Close 1.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [axismfcd] C:\PROGRA~1\LIESTI~1\Sign2.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Ultimate Popup Blocker] C:\Program Files\Ultimate Pop-up Blocker\Ultimate Pop-up Blocker.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Dogpile Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O12 - Plugin for .edf: C:\Program Files\Internet Explorer\PLUGINS\NPInfotl.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://www.icebergradio.com/aurora/1.0.2.259/client.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37876.4886458333
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://www.hubx.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.unh.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.unh.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.unh.edu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad.unh.edu

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: July 28, 2004, 12:24:55 AM »

Can you delete your copy of hijackthis, there is a newer version
Important---Create a permanent folder hijackthis
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT ---this is where you will want to save Hijackthis too, also, backups will be stored there.
download from
HERE or HERE
Don't leave it on your desktop!!!

Download and unzip LSP fix

Disconnect from the Internet

Check all instances of lspak.dll (and nothing else) , and move them to the "Remove" pane.
You will have to click the "I know what I'm doing" button.
Finish

RESTART your computer and Post back with a fresh hijackthis log
Logged

 
snail
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #2 on: July 28, 2004, 01:01:08 AM »

I installed the new HJT intyo its own folder
then installed LSP fix
when i go to run the program
i get this error

winsock 2 registry key
HKEY_LOCAL\System\CurrentControlSet\Services\Winsock2\Parameters
does not exist
please reinstall winsock2
Logged

 
snail
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #3 on: July 28, 2004, 01:03:38 AM »

however this is my new HJT log

Logfile of HijackThis v1.98.0
Scan saved at 8:59:42 PM, on 7/27/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\system32\desk95.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mjb29\My Documents\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50032
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.com/info.dogpl.toolbar/
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: Dogpile Toolbar - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - C:\Program Files\DogpileToolbar\ultrabar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
O3 - Toolbar: Default bind meta - {E99E7521-CA25-40C5-F321-B5CD7B407193} - C:\PROGRA~1\AIMBIT~1\Close 1.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [axismfcd] C:\PROGRA~1\LIESTI~1\Sign2.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\lspak.dll
O12 - Plugin for .edf: C:\Program Files\Internet Explorer\PLUGINS\NPInfotl.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://www.icebergradio.com/aurora/1.0.2.259/client.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://www.hubx.com/viewer/activeXViewer/activexviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.unh.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.unh.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.unh.edu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad.unh.edu

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #4 on: July 28, 2004, 02:47:25 AM »

Set Windows to Show Hidden Files and Folders

Navigate to this file or folder
C:\PROGRA~1\LIESTI~1\Sign2.exe
C:Program Files\LIE...........

Right click on it----properties---version
Do you know what it is related too?
Could you submit it to Kapersky's for a free virus scan
http://www.kaspersky.com/scanforvirus
Simply use the Browse button to navigate to the file
Right click on it-----Select---Submit

Restart your computer in


Go to START---RUN---type in "services.msc" without quotes
Find this service on the right---Wintools for IE Service
double click it---Stop the Service---
Set to disabled in the drop down menu

Access your Add/Remove Programs via Control Panel
Remove WINTOOLS

Navigate to this folder and delete it
C:\Program Files\Common Files\WinTools <---this folder
C:\PROGRA~1\LIESTI~1\Sign2.exe <---the file or folder if found bad or unknown

While still in safe mode
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50032
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: Default bind meta - {E99E7521-CA25-40C5-F321-B5CD7B407193} - C:\PROGRA~1\AIMBIT~1\Close 1.dll (file missing)
O4 - HKLM\..\Run: [axismfcd] C:\PROGRA~1\LIESTI~1\Sign2.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

RESTART back in Normal Mode post another log

Try LSP fix again, ensure you unzip it
You may have to reinstall Tcpip or try Winsock XP fix, I hear it works for windows 2000, but I haven't used it yet
http://trout.snt.utwente.nl/ubbthreads/showflat.php?Board=connectionissues&Number=90110
Read the documentation, it does make a backup of the reg files....
« Last Edit: July 28, 2004, 02:48:50 AM by benditup » Logged

 
snail
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #5 on: July 28, 2004, 03:04:40 AM »

thanks benditup
i will get right on this in the morning
thanks for all the help
peace
« Last Edit: July 28, 2004, 10:27:27 PM by snail » Logged

 
snail
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #6 on: July 28, 2004, 10:08:04 PM »

ok here it is
i folllowed all steps
I was able to use lsp fix without having to use winsock xp fix
here is my new log

Logfile of HijackThis v1.98.0
Scan saved at 5:49:30 PM, on 7/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\system32\desk95.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe
C:\Program Files\SED\SED.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\mjb29\My Documents\HJT\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.com/info.dogpl.toolbar/
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Dogpile Toolbar - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - C:\Program Files\DogpileToolbar\ultrabar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"
O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Ultimate Popup Blocker] C:\Program Files\Ultimate Pop-up Blocker\Ultimate Pop-up Blocker.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Dogpile Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\cdlsp.dll
O12 - Plugin for .edf: C:\Program Files\Internet Explorer\PLUGINS\NPInfotl.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) - http://www.icebergradio.com/aurora/1.0.2.259/client.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://www.hubx.com/viewer/activeXViewer/activexviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.unh.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.unh.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.unh.edu
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad.unh.edu

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #7 on: July 29, 2004, 12:26:12 AM »

Good to hear that you got LSP fix to work because your going to need it again
Set windows to show hidden files and folders

Disconnect from the NET until you finish these

Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

Optionally I would fix these too, not need on startup, programs work fine without them.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

RESTART your computer
Delete this folder
C:\Program Files\Web Offer <---this folder

Can you also navigate to this file
C:\Program Files\SED\SED.exe <--this file or SED folder
It should be related to a Primax 3D mouse, just want to be sure
Right click on it----properties--version

Open LSP fix
Check all instances of cdlsp.dll (and nothing else) , and move them to the "Remove" pane.
You will have to click the "I know what I'm doing" button.
Finish
Restart your computer
You may want to run updated scans with both Spybot and Ad-Aware
and RESTART one more time if bad files are found
Post back with another Hijackthis afterwards
Logged

 
snail
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #8 on: July 29, 2004, 01:29:37 AM »

everything was fine(well sort of)
but after reboot I can no longer get online and
LSP Fix is giving me that winsock error again
i was going to try winsock xp fix
is this a good idea?
Logged

 
snail
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #9 on: July 29, 2004, 01:41:18 AM »

well winsockxp fix did not work
any ideas
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #10 on: July 29, 2004, 01:49:57 AM »

Can you Restart into Safe Mode and run LSP fix?
Logged

 
snail
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #11 on: July 29, 2004, 02:15:52 AM »

nope
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #12 on: July 29, 2004, 02:25:25 AM »

Is the WEB OFFER Folder still in your recycle bin?
Can you restore it?

Open Hijackthis---CONFIG---BACKUPS----
highlight

O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
and restore it

RESTART your computer
Are you back online?
Logged

 
snail
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #13 on: July 29, 2004, 02:49:54 AM »

i did not get around to following the instructions in your last post, WEB OFFER etc.
the last thing i did was follow the instructions from the 27th.
any other recomendations
thanks for all the help so far

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #14 on: July 29, 2004, 04:01:10 AM »

I'm not really sure what you tried yet,
How did you get LSP fix to work the first time???

Make sure you disconnect from the NET completely when running it
Ensure it is unzipped
I've uploaded a copy of LSP fix in the attachment
Shut down any unneeded processes and tasks in task manager

Here's a link to winsockfix.exe just in case
http://ntcanuck.com/Beta/useful_programs/WinsockFix.exe

Download Attachment: lspfix.zip 183.01
« Last Edit: July 29, 2004, 04:56:35 AM by benditup » Logged

 
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page December 04, 2018, 12:57:24 PM