Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Strange S...


  • Please log in to reply

#1
Ana_Rita

Ana_Rita

    New Member

  • Member
  • Pip
  • 8 posts
Hey, how are you guys?
Well, I've a problem... Every time I log in to msn... some strange windows with only an S on it start to pop up, and after a few moments, msn shuts down. Could somebody tell me whats going on? I've already read that some other people had the same problem, but nobody seems to have an answer to it...
Thanks... and I'll hope u could help me...
:whistling:
  • 0

Advertisements


#2
pomp

pomp

    the man

  • Member
  • PipPipPipPip
  • 1,366 posts
* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
Ana_Rita

Ana_Rita

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
This is the result of the scan:


Logfile of HijackThis v1.99.1
Scan saved at 19:44:26, on 27-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programas\Ahead\InCD\InCD.exe
C:\Programas\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programas\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe
C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe
C:\Programas\Softwin\BitDefender9\vsserv.exe
C:\Programas\Softwin\BitDefender9\bdmcon.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Programas\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Programas\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Programas\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ares] "C:\Programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programas\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Kelloggs.lnk = C:\Kelloggs\Kelloggs.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://images.autode...es/mgaxctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programas\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programas\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

#4
pomp

pomp

    the man

  • Member
  • PipPipPipPip
  • 1,366 posts
Try this:

First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

Edited by pomp, 27 June 2006 - 01:40 PM.

  • 0

#5
Ana_Rita

Ana_Rita

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks... I'll try that right now :whistling:
  • 0

#6
Ana_Rita

Ana_Rita

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:52:44 27-06-2006

+ Scan result:



C:\Backups\O q ficou\MsgPlus-301.exe/sponsor.exe -> Downloader.Swizzor.ag : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-789336058-1606980848-725345543-1003\Dc1778.zip/a1.hta -> Not-A-Virus.Exploit.HTML.DragDrop : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-789336058-1606980848-725345543-1003\Dc1778.zip/a2.hta -> Not-A-Virus.Exploit.HTML.DragDrop : Cleaned with backup (quarantined).
C:\Documents and Settings\Ana Valente\Cookies\ana valente@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Ana Valente\Cookies\ana valente@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Ana Valente\Cookies\ana valente@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Ana Valente\Cookies\ana valente@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
C:\Documents and Settings\Ana Valente\Cookies\ana valente@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Ana Valente\Cookies\ana valente@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Ana Valente\Cookies\ana valente@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Ana Valente\Cookies\ana valente@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end
  • 0

#7
pomp

pomp

    the man

  • Member
  • PipPipPipPip
  • 1,366 posts
Ok..now..do you still get the weird thing on msn?
  • 0

#8
Ana_Rita

Ana_Rita

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yes... still apears... the window with an S.
And now, I can't log in to msn....
  • 0

#9
pomp

pomp

    the man

  • Member
  • PipPipPipPip
  • 1,366 posts
Can you maybe screenshot what you see in msn and attach it to a reply in this topic?
  • 0

#10
Ana_Rita

Ana_Rita

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
This is what I see every time I log in to msn, every time I close one, apears other one... and the the log in freezes...

window_S.JPG
  • 0

#11
pomp

pomp

    the man

  • Member
  • PipPipPipPip
  • 1,366 posts
Is that MSN Messenger or the new final Windows Live Messenger? If it's still MSN..I'd suggest you download and install the new Windows Live Messenger.
  • 0

#12
Ana_Rita

Ana_Rita

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I've already tried that. After I complete the instalation of Windows Live Msn, e double click the icon of it, and nothing happens, the program doesn't start...
  • 0

#13
pomp

pomp

    the man

  • Member
  • PipPipPipPip
  • 1,366 posts
I'm going to move this to the 'applications' subforum here...It doesn't seem malware related. Someone there will help you.
  • 0

#14
Ana_Rita

Ana_Rita

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP