MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Dumb Ess*x Girl In Need of HELP!!! pretty please!!
June 07, 2020, 07:44:01 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 07, 2020, 07:44:01 AM

Login with username, password and session length
 Featured Sites:
News
12th Anniversary Celebrating 12 Years! (1997 - 2009) 12th Anniversary
Thanks to ALL that make this site what it is!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: Dumb Ess*x Girl In Need of HELP!!! pretty please!!  (Read 5373 times)
Sykes
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« on: April 28, 2005, 11:48:49 AM »

I'm having lots of problems with this pc.  I downloaded some of the things I read about on this forum and these are my results.

From Housecall

Virus name and Scan Result:    
JAVA BYTEVER.A-1 -Non Cleanable  

File:
c:\ documents and settings\email\localsettings\temporary internet files\content.IE5\Y92HX87\Proc[1].jar*myfunctionclass*

Virus name and Scan Result:    
JAVA BYTEVER.A-1 -Non Cleanable  

File:
c:\ documents and settings\email\localsettings\temporary internet files\content.IE5\Y92HX87\Proc[1].jar*mainappclass*

Virus name and Scan Result:    
TROJ ICASERV.A -canNot access

File:
C:\WINNT\system32\icasServ.exe

Virus name and Scan Result:    
BKDR NIBU.L -Non Cleanable  

File:
C:\WINNT\dvpd.dll

This is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:37:06, on 28/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\System32\icasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\DOCUME~1\email\LOCALS~1\Temp\Rar$EX01.243\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/?sid=u001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://searchforfree.info/?sid=u001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchforfree.info/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/?sid=u001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://searchforfree.info/browser/
F3 - REG:win.ini: run=C:\WINNT\htmlsync.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [isystem] C:\WINNT\system32\isystem.exe
O4 - HKLM\..\Run: [icasServ] C:\WINNT\System32\icasServ.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [ldriver] C:\WINNT\system32\ldriver.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\DOCUME~1\email\LOCALS~1\Temp\Rar$EX01.243\HijackThis.exe /startupscan
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) - http://www.btconnect.com/public/home/download/btbconnectwebcontrol015.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91649302-F6F7-4923-A13D-FC378796E067}: NameServer = 158.152.1.58,158.152.1.43
O21 - SSODL: eZEKFzUovv - {60BA707E-CA10-DAD4-A5A5-435C79F33B11} - C:\WINNT\System32\snbm.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

I use the AVG free antivirus, zonealarm free firewall, microsoft antispyware, Ad-Aware SE personal and am on a broadband connection through a router.

I really would appreciate any help anyone might be able to offer.

Thanking you in advance, Marie
« Last Edit: April 28, 2005, 02:19:16 PM by Sykes » Logged

 
Sykes
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« Reply #1 on: April 28, 2005, 11:50:24 AM »

please please please Cheesy
« Last Edit: April 28, 2005, 02:21:53 PM by Sykes » Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #2 on: April 28, 2005, 03:06:56 PM »

Please be patient I will look over your log
Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
Sykes
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« Reply #3 on: April 28, 2005, 03:11:07 PM »

thanks a lot Cheesy i look forward to your reply
Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #4 on: April 28, 2005, 03:19:37 PM »

Hello again

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

You have placed HJT in a Temporary location. Please move to a proper location before doing the fix.
(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders or Desktop. A good place to make a folder would be in My Documents, as this is where it will save the backup files needed if there's a problem.)

Download / Install / Update / and Run:
Adaware SE check for any updates before running it.
Get the plug-in for fixing VX2 variants. You can download it at this SITE
 To run this tool, install to the hard drive, then open Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection.

Download and install Spybot S&D . Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there.  Download CleanUp! (Alternate Link if main link don't work) and install it. You will use this later.


Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one (You must kill them one at a time).

C:\WINNT\System32\icasServ.exe

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/?sid=u001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://searchforfree.info/?sid=u001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchforfree.info/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/?sid=u001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://searchforfree.info/browser/

F3 - REG:win.ini: run=C:\WINNT\htmlsync.exe

O4 - HKLM\..\Run: [isystem] C:\WINNT\system32\isystem.exe
O4 - HKLM\..\Run: [icasServ] C:\WINNT\System32\icasServ.exe
O4 - HKCU\..\Run: [ldriver] C:\WINNT\system32\ldriver.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\DOCUME~1\email\LOCALS~1\Temp\Rar$EX01.243\HijackThis.exe /startupscan

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) - http://www.btconnect.com/public/home/download/btbconnectwebcontrol015.cab

O21 - SSODL: eZEKFzUovv - {60BA707E-CA10-DAD4-A5A5-435C79F33B11} - C:\WINNT\System32\snbm.dll
Please remember to close all other windows, including browsers then click Fix checked.



 Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINNT\System32\icasServ.exe
C:\WINNT\htmlsync.exe
C:\WINNT\system32\isystem.exe
C:\WINNT\system32\ldriver.exe
C:\WINNT\web\
C:\WINNT\System32\snbm.dll


Run CleanUp! and click on CleanUp! button.  When it asks you if you want to logoff, click on Yes.
Empty your Recycle Bin.

Reboot your System in normal mode.

Please post a fresh Hijack This log so that we can check if your system is clean.

Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
Sykes
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« Reply #5 on: April 29, 2005, 10:57:35 AM »

Thanks so far for your help geek girl.

I followed your instructions and am now left with the following:-

FROM HOUSE CALL:-

Virus name and Scan Result:
BKDR NIBU.L -Non Cleanable

HIJACK THIS:-

Logfile of HijackThis v1.99.1
Scan saved at 11:04:39, on 29/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\email\Desktop\hijackthis\HijackThis.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\PhshSwpr\PhshSwpr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

F3 - REG:win.ini: run=C:\WINNT\htmlsync.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Net Safe - {49CAC2AD-79FB-4B91-BB70-0239D2E43485} - C:\PROGRA~1\PhshSwpr\netsafe.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\email\Desktop\hijackthis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [Phishing Sweeper] C:\Program Files\PhshSwpr\PhshSwpr.exe -min
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O10 - Unknown file in Winsock LSP: c:\program files\phshswpr\aphish.dll
O16 - DPF: Software -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) - http://www.btconnect.com/public/home/download/btbconnectwebcontrol015.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91649302-F6F7-4923-A13D-FC378796E067}: NameServer = 158.152.1.58,158.152.1.43
O21 - SSODL: eZEKFzUovv - {60BA707E-CA10-DAD4-A5A5-435C79F33B11} - C:\WINNT\System32\snbm.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

I
Logged

 
Sykes
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« Reply #6 on: April 29, 2005, 11:32:00 AM »

Malware scanner 2.1 is also telling me I have these nasties:-

malware file- backdoor.nibu.j in c:\winnt\prntsvra\dll
malware file- backdoor.nibu.j in c:\winnt\system32\winldra.exe
malware file- backdoor.nibu.j in c:\winnt\netdx.dat

&  

malware reg key- remacc.surveil in .zlg\

Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #7 on: April 29, 2005, 01:39:04 PM »


Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

You still have HJT on your Desktop. Please move to a proper location before doing the fix.
(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders or Desktop. A good place to make a folder would be in My Documents, as this is where it will save the backup files needed if there's a problem.)

Download WinsockFix and unzip it. Then double-click on it to run it.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one (You must kill them one at a time).

C:\Program Files\PhshSwpr\PhshSwpr.exe


Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

PhshSwpr

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

F3 - REG:win.ini: run=C:\WINNT\htmlsync.exe

O2 - BHO: Net Safe - {49CAC2AD-79FB-4B91-BB70-0239D2E43485} - C:\PROGRA~1\PhshSwpr\netsafe.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O4 - HKCU\..\Run: [Phishing Sweeper] C:\Program Files\PhshSwpr\PhshSwpr.exe -min     

010 - Unknown file in Winsock LSP: c:\program files\phshswpr\aphish.dll

O16 - DPF: Software -
O16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) -
http://www.btconnect.com/public/home/download/btbconnectwebcontrol015.cab


017 - HKLM\System\CCS\Services\Tcpip\..\{91649302-F6F7-4923-A13D-FC378796E067}: NameServer = 158.152.1.58,158.152.1.43   <---------------Do you know the IP or Domain '158.152.1.58,158.152.1.43'? If not, fix this entry.

O21 - SSODL: eZEKFzUovv - {60BA707E-CA10-DAD4-A5A5-435C79F33B11} - C:\WINNT\System32\snbm.dll (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing)

Please remember to close all other windows, including browsers then click Fix checked.



 Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\PhshSwpr\
C:\WINNT\htmlsync.exe
C:\WINNT\System32\snbm.dll

Run CleanUp! and click on CleanUp! button.  When it asks you if you want to logoff, click on Yes.
Empty your Recycle Bin.

Reboot your System in normal mode.

Please post a fresh Hijack This log so that we can check if your system is clean.

Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
Sykes
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« Reply #8 on: April 29, 2005, 02:54:29 PM »

completed the above and restared in normal mode. i have connected back to the net on the problem pc but it will not let me view webpages.  it is saying i need to configure my proxy settings, but i dont even know what they are. im having to use another pc at the moment and cannot post the hijackthis log file as this pc does not have an a:/ drive and the problem pc does not have a cd writer Sad is it possible you can help me with this proxy thing and i can post the log.  something must have gone funny with deleting the files i think :s
Logged

 
Sykes
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« Reply #9 on: April 29, 2005, 03:13:04 PM »

managed to get the log onto the other pc.  though still having this proxy problem Sad

Logfile of HijackThis v1.99.1
Scan saved at 15:45:55, on 29/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\lexpps.exe
C:\Documents and Settings\email\My Documents\hijackthis\HijackThis.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINNT\system32\SPOOL\DRIVERS\W32X86\3\LXBKPSWX.EXE
C:\WINNT\system32\SPOOL\DRIVERS\W32X86\3\LXBKJSWX.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\email\My Documents\hijackthis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #10 on: April 29, 2005, 03:48:41 PM »

Your log is clean. So you now need to go into the Internet COnnections and reset your settings because you were hijacked and it changed them.
Go into the Control Panel>Interent Options>Connections and change your settings back.
How are you connecting to the interent? Dial-up? Cable? DSL?
Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
Sykes
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« Reply #11 on: April 29, 2005, 04:08:29 PM »

dsl through a router

glad its clean now Cheesy this place is great!
Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #12 on: April 29, 2005, 04:10:38 PM »

Are you able to now connect?
Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
Sykes
Jr. Member
**

Karma: +0/-0
Offline Offline

Posts: 10


Bookmark and Share

View Profile
« Reply #13 on: April 29, 2005, 04:23:27 PM »

unfortunately not, whichever page i try to view it tells  me it cannot be found. before it was telling me i needed to configure my proxy settings, though it is not saying this anymore and i havent actually changed any settings, only looked at them as i dont really understand them.

cannot check email either:-

An unknown error has occurred. Account: 'pop3.demon.co.uk', Server: 'post.demon.co.uk', Protocol: SMTP, Server Response: '550 Demon SMTP service not available from 81.131.199.184', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC69

grrrr bloody hijackers!! lol
Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #14 on: April 29, 2005, 04:27:14 PM »

Make sure you homepage is not set to :aboutblank

You may want to contact your ISP and explain to them what your issue is Im sure they can help you configure them again
Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page January 18, 2020, 07:01:17 PM