Jump to content


Photo

hijacked by zestyfind


  • Please log in to reply
1 reply to this topic

#1 rrmarty

rrmarty

    Member

  • New Member
  • Pip
  • 1 posts

Posted 18 July 2004 - 12:55 PM

I had ran both adware and spybot approximately two weeks ago and can not seem shake zestyfind for more than a few hours. I need help with the log file from hijackthis.exe...not sure about all processes that are runnning. below is a copy of the log, I will appreciate any help given.

rrmarty

Logfile of HijackThis v1.97.7
Scan saved at 2:04:57 PM, on 7/18/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\MsgSys.EXE
C:\WINNT\system32\ZoneLabs\minilog.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINNT\System32\taskmgr.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\AIM95\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Support Tools\pmon.exe
C:\WINNT\System32\notepad.exe
C:\Program Files\Avant Browser\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.054\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.zestyfind.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.zestyfind.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = microweb
R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RealDownload Plus.lnk = C:\Program Files\Real\RealDownload\RealDownload.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsy..._50038/QDow.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7886.7484143519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = walsh2.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A2F1722-53B1-426A-8016-C31445207B69}: NameServer = 167.206.112.4,167.206.112.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = walsh2.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = walsh2.com

#2 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 18 July 2004 - 02:15 PM

rrmarty,
Hmmm.. it looks as if some updates are in order. :mellow:

Please update your Ad-aware and Spybot and configure them according to the following instructions:

Ad-aware *
Download Ad-aware from here: http://www.computerc...s-file-292.html
Install by double-clicking on the downloaded file.
After installing but before running, update Ad-aware by using its Globe icon.
After updating, shutdown and restart Ad-aware.
Ad-aware is ready to scan and clean your system following these steps:

Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
"Unload recognized processes during scanning."
Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
"Let Windows remove files in use after reboot."
Press "Scan Now"
Check option "Use Custom scanning options"
Check option "Activate In-Depth Scan"
Press "Select drives\folders to scan"
Select the active partition which is usually C:
Press "Next" to let Ad-aware scan your drives...
If it finds "bad" files and registry keys, press "Next" again
Right-click in that pane and choose "select all"
Press "next"
When it asks to remove all checked items, Press "OK"
Close Ad-aware, reboot your system and go on to the next step below.

Download and run this plugin from Lavasoft;
http://www.lavasoft....x2cleaner.shtml

Reboot.

Spybot S&D*
Download Spybot S&D here: http://www.computerc...s-file-108.html
Install by double-clicking on the downloaded file.
Run Spybot S&D from desktop icon or Start menu.
Press "Search for updates" button to get list of updates available.
Press "Download updates" button.
Close all IE windows and close & restart Spybot S&D.
Press "Check for problems" button.
Have SpyBot remove all it marks in RED by pressing "Fix selected problems".
Close Spybot S&D, reboot your system.

Update your HJT to version 1.98.
Download HijackThis to its own permanent folder.
http://www.spywarein.../HijackThis.exe
Here's how:
To create a folder:
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".
Now you have C:\HJT\ folder.
Double-click on the .exe to scan.
After Scan, the Scan button changes to Save Log.
Click that, save it somewhere. Do Ctrl-A to Select all, and then copy and paste it here. Thanks.
Microsoft MVP - Consumer Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button