Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 23.1.2025 / 04:50
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > help ! infected need a medic !
Show topics
 
Forums
Forums
help ! infected need a medic !
  Jump to:
 
Posted Message
2Tones
Newbie
_ 		18. October 2006 @ 01:02 _ Link to this message    Send private message to this user   
here's my hijack log, and im an infant in this game so please I'd appreciate any help. Ive already run ewido, ad aware se, spy bot, cc cleaner and AVG 7.1 and all of em updated. The issue is message window keeps popping on my screen every now and then giving some wierd messages.

Logfile of HijackThis v1.99.1
Scan saved at 4:55:50 AM, on 10/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
[ + quote]
Advertisement
_ 		__
Niobis
Senior Member
_ 		18. October 2006 @ 01:30 _ Link to this message    Send private message to this user   
Log is clean. What do the messages say?
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
2Tones
Newbie
_ 		18. October 2006 @ 05:14 _ Link to this message    Send private message to this user   
It varies from time to time :( when i right click on the application on windows task manager and select go to process it points to a file named csrss.exe

In the text box it says
*****

Message from SECURITY to ALERT on 10/18/2006 8:59:04 AM
STOP!

Registry Cleaner Recomended
to fix the errors please do the following
1.Download registry repair from www.regrinsepro.com
2.Install Registry repair
3.Run registry repair
4.Reboot your computer
FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION

*******

and at the end there is an OK button. And its different varient of the same message all the time.

Im at a loss as to what this is :( im thinking Id better start backing up my files now.

again any help..........greatly appreciated
[ + quote]
Niobis
Senior Member
_ 		18. October 2006 @ 11:21 _ Link to this message    Send private message to this user   
No need to start backing up your data, it's just a scam. That's adware for us. :) Unfortunately, I can't get a name from just the website given.

Let's see if Kaspersky will pick it up.
Go here and run Kaspersky Online Scanner.
Accept the terms.
After downloading, click "My Computer".
After scanning, click "Save report as".
Save as a text file and post it.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
2Tones
Newbie
_ 		18. October 2006 @ 15:03 _ Link to this message    Send private message to this user   
here's the report hope this gives a better picture


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 18, 2006 6:58:46 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 18/10/2006
Kaspersky Anti-Virus database records: 219414
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 70076
Number of viruses found: 2
Number of infected objects: 7 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:35:43

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyza7zlz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyza7zlz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyza7zlz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyza7zlz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyza7zlz.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyza7zlz.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyza7zlz.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pyza7zlz.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\_restore{FEEBD813-7060-4F65-AAE2-D58B4C0526A8}\RP104\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd9437.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{33A53034-3654-4BC9-8E3E-16B04AE2C7A9}\RP19\A0039931.exe/data0001 Infected: Trojan-Downloader.Win32.Agent.oz skipped
H:\System Volume Information\_restore{33A53034-3654-4BC9-8E3E-16B04AE2C7A9}\RP19\A0039931.exe NSIS: infected - 1 skipped
H:\System Volume Information\_restore{33A53034-3654-4BC9-8E3E-16B04AE2C7A9}\RP202\A0305461.exe/VirtuallyJenna-2.017.002-cracked-installer.msi/_6A5BC9DCF6308413044425600E433DB7/_A072FB71F98447849289D58C552E0E01 Infected: Trojan-PSW.Win32.QQPass.ly skipped
H:\System Volume Information\_restore{33A53034-3654-4BC9-8E3E-16B04AE2C7A9}\RP202\A0305461.exe/VirtuallyJenna-2.017.002-cracked-installer.msi/_6A5BC9DCF6308413044425600E433DB7 Infected: Trojan-PSW.Win32.QQPass.ly skipped
H:\System Volume Information\_restore{33A53034-3654-4BC9-8E3E-16B04AE2C7A9}\RP202\A0305461.exe/VirtuallyJenna-2.017.002-cracked-installer.msi Infected: Trojan-PSW.Win32.QQPass.ly skipped
H:\System Volume Information\_restore{33A53034-3654-4BC9-8E3E-16B04AE2C7A9}\RP202\A0305461.exe RAR: infected - 3 skipped
H:\System Volume Information\_restore{33A53034-3654-4BC9-8E3E-16B04AE2C7A9}\RP202\A0305461.exe PE_Patch: infected - 3 skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\System Volume Information\_restore{FEEBD813-7060-4F65-AAE2-D58B4C0526A8}\RP104\change.log Object is locked skipped

Scan process completed.
[ + quote]
Niobis
Senior Member
_ 		18. October 2006 @ 18:18 _ Link to this message    Send private message to this user   
Turn of System Restore.
Start > Control Panel > System > System Restore tab > select "Turn off System Restore" > click OK.

Restart and enable it again.

Let me know if the messages go away or not.


[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
2Tones
Newbie
_ 		19. October 2006 @ 02:28 _ Link to this message    Send private message to this user   
tried the system restore option,still dint work. I tried disabling it and running it too and still it popped up. This is driving me nuts now. When i wake up in the morning i have to close the damn annoying window at least 30 time (no joke).

~sigh~

any other thoughts ?
[ + quote]
Niobis
Senior Member
_ 		19. October 2006 @ 15:46 _ Link to this message    Send private message to this user   
Try turning off Windows Messenger Service.

Click Start > Control Panel.
Double-click Administrative Tools.
Select Services > Double-click on Messenger.
In the Messenger Properties window, select Stop.
Choose Disable as the Startup Type.
Click OK.

[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
2Tones
Newbie
_ 		21. October 2006 @ 02:44 _ Link to this message    Send private message to this user   
hey,

im back after a format, cleaned out everything ! can you please recommend which softwares to use as protection ? i dont have a firewall or anything of the sort.

and which anti nasties software should i run and how often ?

a big thank you for all the advice and help you have gave me so far ! ive learnt quite a bit now.
[ + quote]
Niobis
Senior Member
_ 		21. October 2006 @ 12:26 _ Link to this message    Send private message to this user   
The best tip I can give anyone is not use Internet Explorer unless needed.

Browsers
Firefox <--My personal favorite.
Opera
If you choose to keep IE or choose to switch to Firefox, I strongly recommend you get the McAfee Site Advisor plugin.

Here's a list of good free and pay anti-programs.

Firewall
Zone Alarm Free <- My personal favorite.
Agnitum Outpost Firewall
Kerio Personal Firewall

Free Anti-viruses
AVG
Antivir

Pay Anti-viruses with 30-day free trial
NOD32 <--My personal favorite.
Kaspersky

Must have Anti-spyware
AVGAnti-spyware <--30 day free trial.
Spybot Search and Destroy <--No real-time protection, but very good!

Here's a teriffic list of more Windows free security tools by Rav009.

Good luck!
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
Advertisement
_ 		__
 
_
2Tones
Newbie
_ 		22. October 2006 @ 02:08 _ Link to this message    Send private message to this user   
Wow i must say this is the most comprehensive and complete advice ive EVER gotten on computer protection !!!! Thank you so much for all your help :)
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > help ! infected need a medic !
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork