Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

need help please

Started by djkrilla , Feb 02 2005 10:35 PM

  • Please log in to reply

#1
djkrilla
Posted 02 February 2005 - 10:35 PM

djkrilla

    New Member

  • Member
  • Pip
  • 6 posts
Hello, It just start happening today. Everytime i open my Internet Explorer it would bring me to the Search-paga.com, I tried deleting the cookies and clearing the history in internet options. I also ran the virus and trojan scan... Here's my log file. Hope someone can help me....thanx

Logfile of HijackThis v1.99.0
Scan saved at 11:34:33 PM, on 2/2/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\inetg\services.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\The Cleaner\cleaner.exe
D:\Program Files\The Cleaner\tca.exe
D:\Program Files\The Cleaner\tcm.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about.blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about.blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.findin.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about.blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - (no file)
F3 - REG:win.ini: run=D:\WINDOWS\inetg\services.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - D:\WINDOWS\inetg\1.02.11.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {815A82AE-CDEF-11D8-BA48-A6D245798277} - (no file)
O4 - HKLM\..\Run: [xp_system] D:\WINDOWS\inetg\services.exe
O4 - HKCU\..\Run: [xp_system] D:\WINDOWS\inetg\services.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZRxdm185XXUS
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://D:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft® VBScript® Console - {E55351C3-3549-4DD6-95AF-82E760FAE927} - D:\WINDOWS\System32\vbterm.dll
O9 - Extra 'Tools' menuitem: VBScript Terminal - {E55351C3-3549-4DD6-95AF-82E760FAE927} - D:\WINDOWS\System32\vbterm.dll
O9 - Extra button: Microsoft® VBScript® Terminal - {E55351C3-3549-4DD6-95AF-82E760FAE927} - D:\WINDOWS\System32\vbterm.dll (HKCU)
O9 - Extra 'Tools' menuitem: VBScript Terminal - {E55351C3-3549-4DD6-95AF-82E760FAE927} - D:\WINDOWS\System32\vbterm.dll (HKCU)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8C0626E-50ED-4230-9AC7-C7FAAEA251A7}: NameServer = 151.202.0.85 151.203.0.85
O23 - Service: MD Simple Burner Service - Sony Corporation - D:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown - D:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service - Sony Corporation - D:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
  • 0

Advertisements

#2
Koretek
Posted 03 February 2005 - 12:57 AM

Koretek

    Member

  • Member
  • PipPipPip
  • 340 posts
Hi DJKrilla,
You got a seriously nasty infection there, try not to reboot or anything until someone gets back to you Ok? Hang in there. Why dont you have any service packs? Im curious to, what happened when you ran those scans?

Edited by Koretek, 03 February 2005 - 01:15 AM.

  • 0

#3
djkrilla
Posted 03 February 2005 - 06:41 AM

djkrilla

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I ran those scans... I picked up like 289 different viruses and on the trojan scan I picked up about 6 of them..... Out of the 289 viruses found i was about to delete majority of them, about 53 viruses I wasn't able clean or delete cause it was "NOT ACCESSABLE" Why don't I have any service packs? I tried updating but it wouldn't update for some strange reason. I also have a problem with disk cleaning my D: drive. My harddrive is split into 2 drives Local C: and D:. Here is the new log file......


Logfile of HijackThis v1.99.0
Scan saved at 7:38:53 AM, on 2/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\devldr32.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about.blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about.blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about.blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {815A82AE-CDEF-11D8-BA48-A6D245798277} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://D:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft® VBScript® Console - {E55351C3-3549-4DD6-95AF-82E760FAE927} - D:\WINDOWS\System32\vbterm.dll
O9 - Extra 'Tools' menuitem: VBScript Terminal - {E55351C3-3549-4DD6-95AF-82E760FAE927} - D:\WINDOWS\System32\vbterm.dll
O9 - Extra button: Microsoft® VBScript® Terminal - {E55351C3-3549-4DD6-95AF-82E760FAE927} - D:\WINDOWS\System32\vbterm.dll (HKCU)
O9 - Extra 'Tools' menuitem: VBScript Terminal - {E55351C3-3549-4DD6-95AF-82E760FAE927} - D:\WINDOWS\System32\vbterm.dll (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8C0626E-50ED-4230-9AC7-C7FAAEA251A7}: NameServer = 151.202.0.85 151.203.0.85
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown - D:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service - Sony Corporation - D:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
  • 0

#4
Koretek
Posted 05 February 2005 - 01:24 AM

Koretek

    Member

  • Member
  • PipPipPip
  • 340 posts
Hang on DJ, we are swamped and we have top staff sick so its tough going right now but I wont forget ya.
  • 0

#5
Koretek
Posted 13 February 2005 - 06:22 PM

Koretek

    Member

  • Member
  • PipPipPip
  • 340 posts
Hi DJ,

Logs not bad, we need to get you those updates though, any user who doesnt have service pack 1 or better on his system wont be able to update at all in the near future.

Close all open windows except HJT and "Fix" these entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about.blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about.blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about.blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O3 - Toolbar: (no name)-{815A82AE-CDEF-11D8-BA48-A6D245798277} - (no file)
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

All done there but now:

Reboot into Safe Mode
Start -Turn Off Computer-restart- now start tapping on the f8 key once the screen goes dark, lightly but steady and you will see the Winows Advanced Menu come up, select "Safe Mode" with the arrow keys.

Enable "All Files and Folders" to be seen:
Double click on My Computer
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Navigate to the entry and delete it:
D:\WINDOWS\inetg <-~- Delete Folder if it exists.

Now your log is looking good, how about the updates, can U add them now?

MSN Updates


post a new log please!
  • 0

#6
djkrilla
Posted 14 February 2005 - 10:14 PM

djkrilla

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
koretek, I really don't know how I should thank you. The problem is gone and I could finally update ;] THANX ALOT.. heres the new log file:

Logfile of HijackThis v1.99.0
Scan saved at 11:11:11 PM, on 2/14/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\AIM\aim.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://D:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft® VBScript® Console - {E55351C3-3549-4DD6-95AF-82E760FAE927} - D:\WINDOWS\System32\vbterm.dll
O9 - Extra 'Tools' menuitem: VBScript Terminal - {E55351C3-3549-4DD6-95AF-82E760FAE927} - D:\WINDOWS\System32\vbterm.dll
O9 - Extra button: Microsoft® VBScript® Terminal - {E55351C3-3549-4DD6-95AF-82E760FAE927} - D:\WINDOWS\System32\vbterm.dll (HKCU)
O9 - Extra 'Tools' menuitem: VBScript Terminal - {E55351C3-3549-4DD6-95AF-82E760FAE927} - D:\WINDOWS\System32\vbterm.dll (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown - D:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service - Sony Corporation - D:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
  • 0

#7
djkrilla
Posted 14 February 2005 - 10:17 PM

djkrilla

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
one more thing.... I still can't disk cleanup my D: drive, disk cleanup would run but it would not clean, is there a way to fix this problem? thank you again
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP