Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis log, please advise me


  • This topic is locked This topic is locked
18 replies to this topic

#1 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:09:50 AM

Posted 15 July 2004 - 07:49 AM

On 7-7-04 I was the victim of a DoS attack while on irc.dal.net. I'd installed Mozilla 1.7 a few days earlier. My ISP is nocharge.com I'm using a AMD Athlon 2100+ with Windows xp pro, all updates installed, and it's my only home PC

Just before this, I'd downloaded freeware from Zillasoft...a PopupKiller and DataNuker, thinking they might compliment the new browser. I'd only had IE for the previous 18 months of use. The apps did'nt seem like they operated correctly, so within an hour, I was uninstalling them...to no avail. (I had Norton CleanSweep already and I figured Mozilla itself was blocking popups well enough)

I then installed Agnitum Outpost Free v1.0, used it for a day and opted for ZoneAlarm instead. I uninstalled the Outpost, along with nearly everything else on my system except Spy-Bot S&D, javacool Spyblaster and Grisoft AVG Free in an effort to reduce the complexity of what I faced (I'm self taught, and really don't know nearly enough...heck, I'd only been using IRC for two days )

I have posts at net-integration, but for the second time in this last week I can not resolve the IP address for it with either browser.

In Mozilla about:config I could edit, and the changes would stick, most of the switchproxy changes... but I could'nt shake the Zilla off port 8100. The only way I could get around it was to edit>prefs>advanced>proxy reselect direct connect and that'd do it...until I closed the browser.

Well, I ran online scans in the last few hours.

symantec...........28,744 files 0 virus
pandasoftware....61,338 files 0 virus
bitdefender........226,136 objects 0 infections

spy-bot scans reveal only a DSO Exploit ..... (I'm not concerned about it after discussions posted over the last month)

Please help if you can, I'm learning ...

Logfile of HijackThis v1.98.0
Scan saved at 4:14:37 AM, on 7/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\PV92Tray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\HJT\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O1 - Hosts: 67.18.39.58 security-forums.com
O1 - Hosts: 216.180.233.142 subratam.org
O1 - Hosts: 207.70.190.39 tomcoyote.com
O1 - Hosts: 212.227.253.104 spybot.info
O1 - Hosts: 212.227.253.104 safer-networking.org
O1 - Hosts: 69.73.172.31 javacoolsoftware.com
O1 - Hosts: 205.206.231.15 securityfocus.com
O1 - Hosts: 66.132.229.196 bitdefender.com
O1 - Hosts: 66.35.255.33 trendmicro.com
O1 - Hosts: 216.49.88.12 mcafee.com
O1 - Hosts: 193.110.109.55 f-secure.com
O1 - Hosts: 206.204.212.69 symantec.com
O1 - Hosts: 213.220.100.3 f-prot.com
O1 - Hosts: 69.18.148.62 my-etrust.com
O1 - Hosts: 195.12.128.61 nod32.com
O1 - Hosts: 194.30.32.194 pandasoftware.com
O1 - Hosts: 81.176.69.79 kaspersky.com
O1 - Hosts: 65.77.216.76 anti-keyloggers.com
O1 - Hosts: 66.197.143.198 anti-keylogger.net
O1 - Hosts: 66.98.166.66 kephyr.com
O1 - Hosts: 69.93.191.45 heidi.ie
O1 - Hosts: 64.91.255.87 diamondcs.com.au
O1 - Hosts: 207.44.236.84 agnitum.com
O1 - Hosts: 66.98.132.62 emsisoft.com
O1 - Hosts: 209.68.48.119 mvps.org
O1 - Hosts: 207.46.130.108 microsoft.com
O1 - Hosts: 207.126.111.202 mozilla.org
O1 - Hosts: 193.69.116.16 opera.com
O1 - Hosts: 216.167.96.118 sygate.com
O1 - Hosts: 208.185.174.44 zonelabs.com
O1 - Hosts: 216.177.3.144 blackice.com
O1 - Hosts: 128.242.106.66 kerio.com
O1 - Hosts: 66.35.250.210 spamassassin.org
O1 - Hosts: 216.213.19.27 bleepingcomputer.com
O1 - Hosts: 66.197.159.213 securitywonks.org
O1 - Hosts: 66.197.159.213 securityhive.com
O1 - Hosts: 66.197.159.213 digital-mafia.org
O1 - Hosts: 66.197.159.213 wonksearch.com
O1 - Hosts: 66.197.159.219 securitywonks.com
O1 - Hosts: 212.13.208.91 oissg.org
O1 - Hosts: 63.251.138.37 atstake.com
O1 - Hosts: 69.61.22.37 arson-network.com
O1 - Hosts: 69.31.91.3 astalavista.box.sk
O1 - Hosts: 80.237.203.14 astalavista.com
O1 - Hosts: 69.57.146.21 blackcode.com
O1 - Hosts: 63.146.109.212 antionline.com
O1 - Hosts: 216.179.62.34 antioffline.com
O1 - Hosts: 203.101.77.19 nnsol.com
O1 - Hosts: 69.56.181.122 brain-hack.org
O1 - Hosts: 65.173.218.107 cisecurity.org
O1 - Hosts: 66.35.250.210 clamav.net
O1 - Hosts: 209.4.185.2 doshelp.com
O1 - Hosts: 67.18.39.58 darknet.org.uk
O1 - Hosts: 152.2.210.81 catb.org
O1 - Hosts: 209.51.158.170 h4ckerx.net
O1 - Hosts: 216.98.141.250 hackers.com
O1 - Hosts: 66.36.240.232 infosyssec.org
O1 - Hosts: 217.77.131.3 honeypots.net
O1 - Hosts: 129.6.13.23 nist.gov
O1 - Hosts: 129.6.13.197 icat.nist.gov
O1 - Hosts: 205.217.153.53 insecure.org
O1 - Hosts: 209.11.107.14 linuxsecurity.com
O1 - Hosts: 207.44.186.130 mindfuk.net
O1 - Hosts: 69.44.60.11 governmentsecurity.org
O1 - Hosts: 66.150.161.141 networkpunk.com
O1 - Hosts: 66.250.131.132 neworder.box.sk
O1 - Hosts: 69.55.238.6 phrack.org
O1 - Hosts: 38.118.142.215 qlinks.net
O1 - Hosts: 206.117.161.81 samspade.org
O1 - Hosts: 64.112.229.132 sans.org
O1 - Hosts: 192.117.232.213 securiteam.com
O1 - Hosts: 217.204.41.132 newsnow.co.uk
O1 - Hosts: 209.237.226.39 pgp.com
O1 - Hosts: 18.29.1.73 w3.org
O1 - Hosts: 198.128.39.4 ciac.llnl.gov
O1 - Hosts: 69.20.55.133 windowsecurity.com
O1 - Hosts: 213.219.122.11 zone-h.org
O1 - Hosts: 208.38.59.182 zonalabs.com
O1 - Hosts: 216.177.3.144 blackice.com
O1 - Hosts: 128.242.106.66 kerio.com
O1 - Hosts: 67.15.18.9 xblock.com
O1 - Hosts: 128.121.214.219 answersthatwork.com
O1 - Hosts: 193.0.0.203 ripe.net
O1 - Hosts: 137.132.19.218 singcert.org.sg
O1 - Hosts: 158.38.62.25 cert.uninett.no
O1 - Hosts: 210.148.223.10 apcert.org
O1 - Hosts: 203.5.112.15 auscert.org.au
O1 - Hosts: 204.101.134.78 cancert.ca
O1 - Hosts: 192.88.209.5 cert.org
O1 - Hosts: 210.148.223.8 first.org
O1 - Hosts: 202.138.228.74 cert.or.id
O1 - Hosts: 202.141.12.12 cert-in.org.in
O1 - Hosts: 192.228.139.10 mycert.org.my
O1 - Hosts: 66.235.192.69 pakcert.org
O1 - Hosts: 192.87.5.87 cert-nl.surfnet.nl
O1 - Hosts: 130.59.10.40 switch.ch
O1 - Hosts: 206.16.0.235 download.com
O1 - Hosts: 69.28.135.160 snapfiles.com
O1 - Hosts: 216.40.32.30 tucows.com
O1 - Hosts: 66.35.250.203 sourceforge.net
O1 - Hosts: 66.197.159.213 securitywonks.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - H:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - H:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (file missing) (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1BC65F4-E6BF-4C4D-B2C4-6BABD53C2016}: NameServer = 64.40.40.51 66.54.140.10
O20 - AppInit_DLLs: apitrap.dll

And here is the most recent Spy-Bot Search & Destroy log...

--- Search result list ---

--- Spybot - Search && Destroy version: 1.3 ---
2004-07-09 Includes\Cookies.sbi
2004-07-09 Includes\Dialer.sbi
2004-07-09 Includes\Hijackers.sbi
2004-07-09 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-07-09 Includes\Malware.sbi
2004-07-09 Includes\Revision.sbi
2004-07-02 Includes\Security.sbi
2004-07-09 Includes\Spybots.sbi
2004-07-09 Includes\Tracks.uti
2004-07-09 Includes\Trojans.sbi


--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Windows Media Player: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows XP / SP0: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q322069 [See the related Knowledge Base article for more information]
/ Windows XP / SP1: Windows XP Service Pack 1
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See KB810243 for more information]
/ Windows XP / SP2: Advanced Networking Pack for Windows XP
/ Windows XP / SP2: Windows XP Hotfix - KB820291
/ Windows XP / SP2: Windows XP Hotfix - KB821253
/ Windows XP / SP2: Windows XP Hotfix - KB822603
/ Windows XP / SP2: Windows XP Hotfix - KB823182
/ Windows XP / SP2: Windows XP Hotfix - KB824105
/ Windows XP / SP2: Windows XP Hotfix - KB824141
/ Windows XP / SP2: Windows XP Hotfix - KB825119
/ Windows XP / SP2: Windows XP Hotfix - KB826939
/ Windows XP / SP2: Windows XP Hotfix - KB828035
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB833998
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB837001
/ Windows XP / SP2: Windows XP Hotfix - KB839645
/ Windows XP / SP2: Windows XP Hotfix - KB840315
/ Windows XP / SP2: Windows XP Hotfix - KB840374
/ Windows XP / SP2: Windows XP Hotfix - KB841873
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q322011
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q327979
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q814995
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q819696


--- Startup entries list ---
Located: HK_LM:Run, AVG_CC
command: C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
size: 345661
MD5: a21829ad1ff2db8b77f3d6e42d76b9e1

Located: HK_LM:Run, IMJPMIG8.1
command: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208953
MD5: 90752037d2d633842a47eb9b7ef86be9

Located: HK_LM:Run, MSPY2002
command: C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
file: C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe
size: 59392
MD5: 1b17e09c1223f6d17336d2dd7a1af4f4

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: 0fb22dd37c17f80ad71316049f725170

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 372736
MD5: 2265dca28bf872c0fa4ed831b430f405

Located: HK_LM:Run, PCTVOICE
command: pctspk.exe
file: C:\WINDOWS\system32\pctspk.exe
size: 180224
MD5: fda52fc6e36965380d1660b758248c6d

Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6

Located: HK_LM:Run, PHIME2002ASync
command: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6

Located: HK_LM:Run, PV92TRAY
command: PV92Tray.exe
file: C:\WINDOWS\system32\PV92Tray.exe
size: 311296
MD5: 66d1442a4bdf602ba8d8a2b7d0d5765c

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
file: C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
size: 32881
MD5: d7b9be63c406103ee1405fe473ac0697

Located: HK_LM:Run, Zone Labs Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 697624
MD5: 1766660c8a5432dc3b814b1918a06dbf

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1038336
MD5: 58f7e6434d285f4c98ad3621e0bd8c8d

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 1a80248ec5d290a391ce27326dd13e29



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: ACROIEHELPER.OCX
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 11/3/2003 2:17:44 PM
Date (last access): 7/15/2004 4:35:58 AM
Date (last write): 11/3/2003 2:17:44 PM
Filesize: 54248
Attributes: archive
MD5: FC7850324464E4D19A24A03D882B5CC4
CRC32: 452E8571
Version: 0.6.0.0

{4DF1DB24-A57C-11d3-A180-00A0C90AE44B} ()
BHO name:
CLSID name:
description: PC Magazine's
classification: Legitimate
known filename: Cookiehlpr.dll
info link: http://www.pcmag.com/article2/0,4149,6244,00.asp
info source: TonyKlein

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 5/12/2004 1:03:00 AM
Date (last access): 7/15/2004 4:35:58 AM
Date (last write): 5/12/2004 1:03:00 AM
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3



--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 6/29/2004 11:28:02 AM
Date (last access): 7/15/2004 2:00:54 AM
Date (last write): 6/29/2004 11:28:02 AM
Filesize: 197760
Attributes: archive
MD5: 7A53AEBF919ADC8BC19E06A2C82D2451
CRC32: 9E463A52
Version: 7.212.0.6

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 6/29/2004 11:28:18 AM
Date (last access): 7/15/2004 2:02:22 AM
Date (last write): 6/29/2004 11:28:18 AM
Filesize: 160928
Attributes: archive
MD5: 903343D152B0733DBFA22D7408AB59EC
CRC32: FFE4B0EE
Version: 7.212.0.6

{80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control)
DPF name:
CLSID name: AvxScanOnline Control
description: BitDefender online virus scanner
classification: Legitimate
known filename: bitdefender.ocx
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\AvxOScan\
Long name: bitdefender.ocx
Short name: BITDEF~1.OCX
Date (created): 4/19/2004 10:38:46 PM
Date (last access): 7/15/2004 2:45:34 AM
Date (last write): 4/19/2004 10:38:46 PM
Filesize: 348160
Attributes: archive
MD5: EDBFB71BC136FAACBB714EAF614063C2
CRC32: F30BA1BD
Version: 0.3.0.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_04
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.2_04\bin\
Long name: NPJPI142_04.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2068 11:44:46 PM
Date (last access): 7/15/2004 2:43:54 AM
Date (last write): 2/22/2004 11:44:42 PM
Filesize: 65650
Attributes: archive
MD5: 2BCA54CB6A12A5EFBF922C0C1856F30D
CRC32: 3D4A4E94
Version: 0.1.0.4

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 8/7/2003 9:02:50 AM
Date (last access): 7/15/2004 2:28:26 AM
Date (last write): 8/7/2003 9:02:50 AM
Filesize: 110592
Attributes: archive
MD5: BF100C75EBD536E45B2BE67A685DD39C
CRC32: 99F54DBA
Version: 0.55.0.2

{9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class)
DPF name:
CLSID name: Update Class
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\
Long name: iuctl.dll
Short name:
Date (created): 8/25/2003 6:06:50 PM
Date (last access): 7/15/2004 2:48:46 AM
Date (last write): 8/25/2003 6:06:50 PM
Filesize: 115808
Attributes: archive
MD5: 8757E24D6B002FD7E9EF3A6DF697BA57
CRC32: C4F85003
Version: 0.5.0.4

{A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class)
DPF name:
CLSID name: YahooYMailTo Class

{A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object)
DPF name:
CLSID name: SassCln Object
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SassCln.dll
Short name:
Date (created): 5/11/2004 1:15:20 PM
Date (last access): 7/15/2004 2:45:46 AM
Date (last write): 5/11/2004 1:15:20 PM
Filesize: 118784
Attributes: archive
MD5: A41CA01D1F7E6F64BCD08C88FAEAF85F
CRC32: B5166F79
Version: 0.1.0.0

{B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class)
DPF name:
CLSID name: YAddBook Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: yaddbook.dll
Short name:
Date (created): 1/26/2004 6:07:58 PM
Date (last access): 7/15/2004 2:45:46 AM
Date (last write): 1/26/2004 6:07:58 PM
Filesize: 212992
Attributes: archive
MD5: FC6C56B920F523FFFD554F10AC50B9B6
CRC32: F209817F
Version: 7.212.0.1

{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_04
Path: C:\Program Files\Java\j2re1.4.2_04\bin\
Long name: NPJPI142_04.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2068 11:44:46 PM
Date (last access): 7/15/2004 5:36:20 AM
Date (last write): 2/22/2004 11:44:42 PM
Filesize: 65650
Attributes: archive
MD5: 2BCA54CB6A12A5EFBF922C0C1856F30D
CRC32: 3D4A4E94
Version: 0.1.0.4

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: swflash.ocx
Short name:
Date (created): 7/7/2004 9:16:34 PM
Date (last access): 7/15/2004 2:48:48 AM
Date (last write): 8/29/2002 3:39:20 AM
Filesize: 409600
Attributes: archive
MD5: E781B6DEFF54EBCE93FD374219856837
CRC32: B429B34A
Version: 0.5.0.0



--- Process list ---
Spybot - Search && Destroy process list report, 7/15/2004 5:36:19 AM

PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 440 ( 4) \SystemRoot\System32\smss.exe
PID: 512 ( 440) csrss.exe
PID: 536 ( 440) \??\C:\WINDOWS\system32\winlogon.exe
PID: 580 ( 536) C:\WINDOWS\system32\services.exe
PID: 592 ( 536) C:\WINDOWS\system32\lsass.exe
PID: 852 ( 580) C:\WINDOWS\system32\svchost.exe
PID: 916 ( 580) C:\WINDOWS\System32\svchost.exe
PID: 1012 (1488) C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
PID: 1072 ( 580) svchost.exe
PID: 1096 ( 580) svchost.exe
PID: 1172 ( 580) C:\WINDOWS\system32\spoolsv.exe
PID: 1388 ( 580) C:\WINDOWS\System32\svchost.exe
PID: 1452 (1488) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 1488 (1396) C:\WINDOWS\Explorer.EXE
PID: 1620 ( 580) alg.exe
PID: 1656 ( 580) C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
PID: 1668 ( 580) C:\WINDOWS\System32\drivers\CDAC11BA.EXE
PID: 1748 ( 580) C:\WINDOWS\System32\nvsvc32.exe
PID: 1788 ( 976) C:\Program Files\JGsoft\EditPadLite\EditPad.exe
PID: 1844 (1488) C:\WINDOWS\System32\pctspk.exe
PID: 1852 (1488) C:\WINDOWS\System32\PV92Tray.exe
PID: 1860 (1488) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PID: 1896 (1488) C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
PID: 1908 (1488) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PID: 2008 ( 580) C:\WINDOWS\System32\snmp.exe
PID: 2036 ( 580) C:\WINDOWS\system32\ZoneLabs\vsmon.exe


--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 7/15/2004 5:36:19 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD nwlnkipx [IPX]
GUID: {11058240-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkipx *

Protocol 6: MSAFD nwlnkspx [SPX]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 7: MSAFD nwlnkspx [SPX] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 8: MSAFD nwlnkspx [SPX II]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 9: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 10: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{50BD6385-2564-445D-A964-EDD3573A8916}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{50BD6385-2564-445D-A964-EDD3573A8916}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{35D89FF4-B044-4AC1-879B-06E431703D0A}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{35D89FF4-B044-4AC1-879B-06E431703D0A}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C88B4968-8847-4675-8082-457D8B79E561}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C88B4968-8847-4675-8082-457D8B79E561}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E4173F40-90BD-49F6-BA7C-AC33FE7560C7}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E4173F40-90BD-49F6-BA7C-AC33FE7560C7}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C1BC65F4-E6BF-4C4D-B2C4-6BABD53C2016}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C1BC65F4-E6BF-4C4D-B2C4-6BABD53C2016}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\nwprovau.dll
Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
DB filename: %SystemRoot%\system32\nwprovau.dll
DB protocol: NWLink IPX/SPX/NetBIOS*

Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 3: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

I'm tired ... losing sleep over this...I can hear the birds signalling the dawn, so I
leave it with you (and hope I can get back)
patiently patrolling, plenty of persisant pests n' problems ...

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:50 PM

Posted 15 July 2004 - 10:50 AM

First a few question as this log is a bit interesting.

Did you manually add all those entries into your hosts file?

Last who is your isp?

#3 phawgg

phawgg

    Learning Daily

  • Topic Starter

  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:09:50 AM

Posted 15 July 2004 - 05:18 PM

G'day, sir.

When I received this message while trying a normal connect to spy-bot S&D...

***Modified Files in JOE when it aborted on Mon Jul 5 11:13:34***JOE was aborted by signal 15 Connection to database service not posssible!***

and was unable to connect to other sites I normally have gone for clues, I decided to contact SecurityWonks.net because they were the mirror newly attached to Spy-Bot and
a google search for them didn't hang.

I e-mailed the site administrator and explained my predicament (as I have to you) asking that he forward to net-integration my concerns (briefly) or maybe help me re-establish to connect some-how.

He suggested the hijackthis download and sent me the HOSTS file that you ask of with instructions to replace my present one with it. No, I didn't manually add each line. I came to your site based on what I saw in this file, however.

(a prompt immediately after hijackthis scan also draws attention to it's length with additional caution to inspect for repetitious IP addresses BTW)

MY ISP is nocharge.com (Washington) 64.40.40.51 They also provide service to the New England states as well 216.143.132.21 and a "no charge plus service". I'd have been on the phone with them, if not for a $10.00 per incident charge for technical advice.

I have questions regarding the ISP identified traffic now logged by ZoneAlarm, as well.

(I presently am assisting my elderly mother after her stroke and really don't have an income, so I use what I have...time)

Thank you for investing your time in my admittedly verbose communication. :thumbsup: :flowers:

Edited by phawgg, 15 July 2004 - 06:07 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:50 PM

Posted 15 July 2004 - 07:17 PM

Well we would be happy to help you.

First, download this program and keep it in a safe place. We will run it in a bit:

http://66.205.111.174/HOSTFix.exe

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100

Then I want you to click on start, then run, and type c:\windows\system32\drivers\etc and press the ok button.

You should a window popup with some files. I want you to right click on the hosts file, click on rename, and rename it to hosts.bak.

Now I want you to run the HostFix.exe file you downloaded before and when it asks say yes. Then try to get to some sites that you could not previously and lets see if it works. Let me know how it works out.

#5 phawgg

phawgg

    Learning Daily

  • Topic Starter

  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:09:50 AM

Posted 15 July 2004 - 07:38 PM

No problems encountered to this point:

..."do you want to run HOSTFix?" I click "yes"

msg...run-time error '70' permission denied. :flowers:

Trial attempt to connect yields msg...Alert! www.securitywonks.org could not be found. Please check the name and try again. (this now is one of few that is inaccessible) :thumbsup:
patiently patrolling, plenty of persisant pests n' problems ...

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:50 PM

Posted 15 July 2004 - 08:42 PM

Can you please zip up and email c:\windows\system32\snmp.exe to grinler@yahoo.com? I want to see something on that file.

#7 phawgg

phawgg

    Learning Daily

  • Topic Starter

  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:09:50 AM

Posted 15 July 2004 - 08:49 PM

I'll get right on it
patiently patrolling, plenty of persisant pests n' problems ...

#8 phawgg

phawgg

    Learning Daily

  • Topic Starter

  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:09:50 AM

Posted 16 July 2004 - 02:49 PM

Was the requested file sent un-zipped?
patiently patrolling, plenty of persisant pests n' problems ...

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:50 PM

Posted 16 July 2004 - 03:13 PM

That file is fine....

So is it mostly security related site you cant reach or you can not reach any sites after you renamed the host file?

#10 phawgg

phawgg

    Learning Daily

  • Topic Starter

  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:09:50 AM

Posted 16 July 2004 - 03:19 PM

mostly security related. In fact, I think just securitywonks, now. Ive tried alternate ways to link to it, too.
patiently patrolling, plenty of persisant pests n' problems ...

#11 phawgg

phawgg

    Learning Daily

  • Topic Starter

  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:09:50 AM

Posted 16 July 2004 - 03:44 PM

and I just now tried to follow some of your other advice to another post'er and couldn't connect to
  • lop.com

patiently patrolling, plenty of persisant pests n' problems ...

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:50 PM

Posted 16 July 2004 - 06:37 PM

Rename your hosts file again to hosts.bak.

Then save the attached HOSTS file to c:\windows\system32\drivers\etc

Then reboot. Then try connecting to different sites and tell me if you are having a problem.

Attached Files

  • Attached File  hosts   0bytes   7 downloads


#13 phawgg

phawgg

    Learning Daily

  • Topic Starter

  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:09:50 AM

Posted 16 July 2004 - 08:07 PM

I tried a dozen or more sites.

fails to connect to securitywonks.
doesn't complete the transfer of data from sysinternals (I'm there, but never see"done" in the botttom bar of the browser window).

all others continue to resolve connections properly.

I worried about my install per your directions (typical of me) and checked contents of
c:\windows\system32\drivers\etc.

right-clicked both the host file and the host.bak file...opened each with editpad lite.

read only hosts file 1 kb ( new brought to me by raw )
read only hosts BAK 34kb (copy of SWC)

etc folder also has more read only files: hosts.[.....].backup files (7 of these)
(4 are 8 kb (3 are 34 kb)
lmhosts
networks
protocol
services
Sorry this took so long.

another odd thing was: when typing securitywonk's IP adress in the search field of Mozilla window (just prior to my making the above changes), I had 66.19 entered and I noticed the autocomplete field below showing a different complete IP address

http://66.102.7.104/search?q=cache yUtzFZcYeNcJ: www.securitywonks...

and beyond the ...was grayed out letters Security Wonks Community - Work

which I think is the exact heading on my IE Favorites list...
that wouldn't work either nor would a link at Security Forums.com

(just trying to qualify the "alternative" ways I've tried to connect to them)



:thumbsup:

Edited by phawgg, 16 July 2004 - 08:12 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:50 PM

Posted 16 July 2004 - 10:51 PM

Do me a favor and download firefox and install that. Try different sites with that browser. if that browser works we know its an IE issue and not an OS issue.

#15 phawgg

phawgg

    Learning Daily

  • Topic Starter

  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:09:50 AM

Posted 17 July 2004 - 12:15 AM

Firefox is installed, v0.9.2

set as default, I didn't import anything.

a dozen sites found by googling, and set as bookmarks, found again. Quickly.

one site not found...SWC
patiently patrolling, plenty of persisant pests n' problems ...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users