Jump to content


Photo

Violated once again!


  • Please log in to reply
5 replies to this topic

#1 fordfe

fordfe

    Member

  • New Member
  • Pip
  • 3 posts

Posted 20 July 2004 - 11:57 AM

Please help. I've posted here before for help, but got no responses. This time, it's even worse.

I've run the latest CWShredder, Adaware, Hijackthis, & Spybot. I have deleted the dll files listed, but they keep coming back. I am getting 5-10 popups at a time when I'm not even online.

Logfile of HijackThis v1.98.0
Scan saved at 11:48:15 AM, on 7/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Cool Fred\Desktop\Hijack\HijackThis.exe

O1 - Hosts: 69.20.16.183 ieautosearch
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/...lesilent610.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundlewar...veX/DS3/DS3.cab

#2 gravylover5

gravylover5

    Mashed Potato Inspector

  • Retired Staff - Helper
  • PipPipPip
  • 121 posts

Posted 20 July 2004 - 12:16 PM

Hello fordfe, and welcome to the forums. Please print out my instructions for reference during the fix.

You have the Look2Me parasite. Please download the application Kill2Me and run it.

Please download the tool LSPFix and run it. Check the "I know what I'm doing" box and move all copies of lspak.dll only to the remove column. Then press "Finish." Reboot your computer and post a new Hijack This log.

#3 fordfe

fordfe

    Member

  • New Member
  • Pip
  • 3 posts

Posted 20 July 2004 - 12:46 PM

Thanks a lot for your help gravylover5.

I did as you said, here is the new log. I did get a bunch more popups still when opening this site.

Logfile of HijackThis v1.98.0
Scan saved at 12:43:48 PM, on 7/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Cool Fred\Desktop\Hijack\HijackThis.exe

O1 - Hosts: 69.20.16.183 ieautosearch
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/...lesilent610.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundlewar...veX/DS3/DS3.cab

#4 gravylover5

gravylover5

    Mashed Potato Inspector

  • Retired Staff - Helper
  • PipPipPip
  • 121 posts

Posted 20 July 2004 - 12:58 PM

Fordfe,

Open up Hijack This and check the boxes next to these:

O1 - Hosts: 69.20.16.183 ieautosearch
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/...lesilent610.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundlewar...veX/DS3/DS3.cab

Close all browsers and windows (including this one) and hit "Fix Checked." Reboot and post a new Hijack This log.

#5 Zupe

Zupe

    Member

  • Retired Staff
  • Pip
  • 83 posts

Posted 20 July 2004 - 01:50 PM

Fordfe, if you still have it, can you please email me a copy of this file at MY EMAIL: c:\windows\system32\lspak.dll

You may need to enable viewing of hidden/system files to see it, instructions for that are here: http://www.xtra.co.n...1916458,00.html

This looks to be something new that's likely related to the issue you were having, but I haven't been able to get a copy of it yet to verify that.

Thanks

#6 fordfe

fordfe

    Member

  • New Member
  • Pip
  • 3 posts

Posted 20 July 2004 - 02:15 PM

I selected those items in HijackThis & treid to Fix. They were not removed & I got this error message:


An unexpected error has occurred at procedure: cmdFix_Click()
Error #75 - Path/File access error (3 items in results list)

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.98.0

This message has been copied to your clipboard.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button