Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

HiJack This log 2

Status
Not open for further replies.
BobS707

BobS707

MIS
Jun 25, 2003
33
0
0
US
Hi.
I have a corporate user, running Win98se, IE6.0, latest McAfee dat file etc. and McAfee does not find any viruses.
If she boots while connected to the network, Explorer crashes with dll errors, if not connected, the pc is fine.

She keeps getting the following:" Work Offline No connection to the Internet is currently available. To view internet content saved on your computer, click work offline. Click try again to attempt to connect."

I've run SpyBot and deleted the obvious junk like Alexa, HotBar and eZula as well as everything else it finds.

The HiJack log is this:
Logfile of HijackThis v1.97.7
Scan saved at 2:11:22 PM, on 8/23/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
A:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = venus:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.146.*
;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mentholatum.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.146.212

Any help is greatly appreciated.
Thanks,
Bob
 
Sort by date Sort by votes
Blow away these entries using Hijack This!:
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll

Also, these, if not germane to your network:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = venus:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.146.*
;<local>


Now, download and run this fix:

Reboot.

Tired of waiting for an answer? Try asking better questions. See: faq222-2244
 
Upvote 0 Downvote
winsock entries?

Try this utility LSP FIX >> and check if it can fix the problem.


Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]
 
Upvote 0 Downvote
Thanks carrr and vop. I did as you suggested, but still have the Work offline window.
I reran HJT and the lsp items were gone.

Any more suggestions are welcome.

TIA,
Bob
 
Upvote 0 Downvote
these 2 LSPs

O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll

Are usually related to Look2Me and may be still infecting your computer as it is not recognized with HiJackThis.

For 9x systems you can try
and scan/post log if necessary to remove its components
 
Upvote 0 Downvote
Thanks to everyone for their help. After I shutdown the pc and rebooted it started to work ok. Now I can go tell the user to stay off the web.
Thanks again.

Bob
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CCX008
  • Locked
  • Question
Barowwsoe2save , how can I remove this stubborn virus !! 3
Replies
10
Views
98
goombawaho
goombawaho
MrMode
  • Locked
  • Question
Can anyone tell me what to remove with hijack this?
Replies
2
Views
57
MrMode
MrMode
DougP
  • Locked
  • Question
Some kind of Browser hijack, Can't click on anything in Browser
Replies
11
Views
97
goombawaho
goombawaho
Noway2
  • Locked
  • Question
What to make of this? 2
Replies
17
Views
138
goombawaho
goombawaho
lancekidd
  • Locked
  • Question
Hijack Log
Replies
7
Views
51
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top