MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: IT IS BACK! PLEASE HELP ASAP!
December 13, 2019, 03:23:02 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 13, 2019, 03:23:02 AM

Login with username, password and session length
 Featured Sites:
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: IT IS BACK! PLEASE HELP ASAP!  (Read 2287 times)
Kirb Lord
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 16


Bookmark and Share

View Profile
« on: March 06, 2005, 07:27:05 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows XP
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



Logfile of HijackThis v1.99.0
Scan saved at 1:05:07 AM, on 3/6/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\khooker.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\SYSTEM32\sistray.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\WINDOWS\System32\winupdt.exe
C:\windows\system32\ncntcs.exe
C:\Program Files\i0cf4sqq\i0cf4sqq.exe
C:\WINDOWS\System32\lexpps.exe
C:\WINDOWS\System32\pruttct.exe
C:\WINDOWS\system\mopok.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\WINDOWS\System32\pruttct.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\windows\system32\calc.exe
C:\Documents and Settings\The Calef's\Desktop\John's Stuff\WinZip\WZQKPICK.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Spybot - Search & Destroy\spybotsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgw.exe
C:\Documents and Settings\The Calef's\Desktop\John's Stuff\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bellsouth.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
F1 - win.ini: run=fntldr.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: (no name) - {064FC0BA-8A1D-4AE4-A6C1-B9CAC84DE508} - C:\Program Files\i0cf4sqq\i0cf4sqq.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CAUN Object - {59F12660-2B92-4554-98F9-87295AD8A0CE} - C:\WINDOWS\System32\AUNBHO.dll
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - (no file)
O2 - BHO: (no name) - {AE14C967-7516-4CDA-B66F-963E0338313E} - C:\Program Files\i0cf4sqq\i0cf4sqq.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM32\sistray.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BellSouthSyn] C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe /Synchronize
O4 - HKLM\..\Run: [hHX] C:\documents and settings\the calef's\local settings\temp\hHX.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [ncntcs] c:\windows\system32\ncntcs.exe
O4 - HKLM\..\Run: [i0cf4sqq] C:\Program Files\i0cf4sqq\i0cf4sqq.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [pruttct] C:\WINDOWS\System32\pruttct.exe
O4 - HKCU\..\RunOnce: [pruttct] C:\WINDOWS\System32\pruttct.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\The Calef's\Desktop\John's Stuff\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab
O23 - Service: AVG6 Service - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #1 on: March 06, 2005, 03:06:15 PM »

Start by upgrading your AVG to AVG Free Edition, as AVG6 is no longer supported.
Update it to the max and then go through the following procedures:

Disable System Restore, which is something you can re-enable after the PC has been fixed.

Furthermore, make sure that Windows Explorer is set to show hidden files and folders. Click Tools/Folder Options -> View and check Show hidden files and folders and uncheck Hide protected operating system files

Now download the following programs:

ISTsvc remover
Stinger
CWShredder
Spybot Search & Destroy
Ad-Aware
VX2 Cleaner
About:Buster <-- you won't use this one until after we've made some amendments to your logfile.
Cleanup! <-- you won't use this one until after we've made some amendments to your logfile.

Run ISTsvc remover before doing anything else!!!

Now go to the following online AV scanners (using IE for ActiveX stuff):

Rav Antivirus
Trend Antivirus
Panda Activescan

Let all of them delete what they want. Write down what they fail in dealing with.

Now run Stinger. It's a standalone tool that's designed to carve out trojans and such.
Let it run and allow it to do it's thing.

Then run and update CWShredder. Click the Fixbutton and click OK when the prompt CWShredder will shutdown any open Internet Explorer and Windows Media Player windows. Click OK to continue appears.
Wait for it to finish and then click Next and Finish.

Now install, run, update and scan your system with Spybot S&D.
When it's done scanning, check all entries that are marked RED and click Fix Selected.

Then install Ad-Aware and update it right away. Then scan and let it fix whatever it reports.
Then shut down Ad-Aware.
Then install the VX2 Cleaner and let it install into the Ad-Aware program folder.
Start Ad-Aware again and click the AddOns button. Double click the VX2 Cleaner in there and click OK at the prompt.

If your computer is infected

- Select
Logged

redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #2 on: March 06, 2005, 03:07:10 PM »

Additionally, next time you scan with HijackThis, make sure you have the latest version, yours is one behind the current one.
Logged

Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page November 21, 2018, 11:13:15 AM