Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zone Alarm Firewall


  • Please log in to reply
1 reply to this topic

#1 ctunney

ctunney

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 08 May 2007 - 05:42 PM

Hi,

This is my first post. Let me assure you that I have have followed every instruction given before posting my hijack this log. I have been working at this for 3 days trying to get everything off of this computer that is harming it.

It all started because my desktop went black and said something about "Windows Security has detected your computer is infected with spyware." I couldn't change the appearance from the control panel because it just said "about:blank". I found a post on this site and followed the instructions and was able to get the "about:blank" thing off of the appearance options. Now, however, all it says is "None" with a crossed red circle next to it and it won't allow me to change it (I can change it in safe mode, however).

So fast forward 20 Ad-Aware scans - spybot yada yada yada and here I stand with my hijack this log. I could follow every instruction before posting this EXCEPT for the firewall. I can't install zonelabs. My computer starts with an error saying zonelabs can't fine such and such files and can't install. Problem is that I can't uninstall it either. It says "the uninstaller cannot locate the resources needed to uninstall" then I get the add/remove programs thing won't respond by "mshta.exe." I press "end now."

A couple other odds and ends that I don't know if are important are that I can't delete the MSN Toolbar. Nor can I remove this game my nephew installed "The battle for middle earth." There is also a "e-DiagTools LAN Configuration Agent" that I am skeptical about. But that and the "MSN Toolbar" don't have icons next to them, they just have the white icon box, like the computer doesn't recognize what program it is.

Sorry for the long winded-ness, but I wanted to let you know everything, in case the little stuff makes a difference.

And thank you for any help you can provide,

Chico

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:08:57 PM, on 5/8/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\avciman.exe

O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{CA57C4D6-3B2C-4184-9BD0-781560AE22CD}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: e-DiagTools LAN Configuration Agent (edtlancfg) - Unknown owner - C:\Program Files\HP\e-DiagTools\Service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:40 PM

Posted 14 May 2007 - 04:36 PM

Hello ctunney and welcome to the BC HijackThis forum. The HijackThis log isn't showing alot. Let's try a different scanner and see if we can't get some additional information.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - Desktop Components
      Reg - Disabled MS Config Items
      Reg - Security Settings
      File - Additional Folder Scans
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users