Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems with Connections. [Inactive]


  • This topic is locked This topic is locked

#1
hamik

hamik

    Member

  • Member
  • PipPip
  • 61 posts
Sadly I'am getting problems with programs that connect. Sometimes internet explorer doesn't work and sometimes other programs don't work. I also get a little icon saying I'am getting a virus.Here is my Hijackthis Log. :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 7:15:16 PM, on 10/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wins\DLLHOST.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\ann.exe
C:\WINDOWS\System32\wins\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Synchronization Agent] C:\Program Files\Sync Manager\agent\syncagent.exe
O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Thanks GeeksToGo Staff I will wait for a response. :blink:
  • 0

Advertisements


#2
rem

rem

    Visiting Staff

  • Member
  • PipPipPip
  • 464 posts
Hi hamik and welcome to 'geeks to go' :whistling:
My name is Colin & I will be helping you to resolve this problem.
Thanks for being patient but everyone is really busy just now
Don't worry we'll soon have you free of infection.

Please follow all of the steps below in the order they are listed.
If you do not understand any step or get stuck please ask before proceeding.

You may want to print out these & any subsequent instructions before you start so you can refer to them at any time.

WARNING - UNDER NO CIRCUMSTANCES SHOULD YOU INSTALL SERVICE PACK 2 (SP2) FOR WINDOWS XP UNTIL YOUR SYSTEM IS COMPLETELY CLEAN FROM INFECTION

Step 1
You don't appear to be running any Antivirus software. It is ABSOLUTLEY ESSENTIAL that you do so.
You can download an excellent free AntiVirus protection called AVG Anti-Virus Free Edition.
Please download, install, scan your system & post a new Hijack This log.

Step 2
You don't appear to have a firewall operating on your system. It is ABSOLUTLEY ESSENTIAL that you do so.
You can download a free Firewall called ZoneAlarm.
Please download & install.

Step 3
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

You also have a program called Ghost Keylogger on you machine. For more information on this program click Here
If you did not install this program yourself, or don't want it on your system, check the entry below also.

O4 - HKLM\..\Run: [Synchronization Agent] C:\Program Files\Sync Manager\agent\syncagent.exe

Now close all windows other than HiJackThis, then click Fix Checked.
Close HijackThis
Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Ghost Keylogger <--------- If you checked the [Synchronization Agent] entry in HijackThis above.

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present): Only delete the folders in RED, not the whole path.

C:\Program Files\Sync Manager <--------- If you checked the [Synchronization Agent] entry in HijackThis above.

After that, Reboot into normal windows.

Step 4
Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file path below to the clipboard by highlighting ALL of the red text and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\System32\ntsystem.exe
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Step 5
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 6
In the title of your Waiting Room you list problems with :

PestTrap, SMithFraud, and I think spyshariff

There is no evidence of these infections in your log so lets run a scan to see if we can find traces of these lurking on your system.

Please download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan together with a new HijackThis log & let me know how your system is running.

    Note
    Please be sure to post all of your HijackThis log as I think you may have missed the end of the log on your previous post.

Edited by rem, 14 October 2006 - 04:20 PM.

  • 0

#3
hamik

hamik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
:whistling: Logfile of HijackThis v1.99.1
Scan saved at 5:12:37 PM, on 10/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

and

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:09:18 PM 10/14/2006

+ Scan result:



C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP28\A0010039.dll -> Adware.SearchAssistant : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP28\A0010040.dll -> Adware.SearchAssistant : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP28\A0010041.dll -> Adware.SearchAssistant : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP28\A0010013.exe -> Adware.Spysheriff : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP28\A0010043.exe -> Adware.Spysheriff : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP28\A0010021.exe -> Backdoor.Bifrose.uw : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP28\A0010019.exe -> Backdoor.Bifrost : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP28\A0010020.exe -> Backdoor.Bifrost : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP22\A0005125.exe -> Backdoor.IRCBot.th : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP23\A0005314.exe -> Backdoor.IRCBot.th : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP23\A0005315.exe -> Backdoor.IRCBot.th : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP28\A0010022.EXE -> Downloader.Agent.awf : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP28\A0010023.exe -> Downloader.Agent.awf : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP28\A0010025.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP28\A0010036.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP28\A0010053.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP29\A0012152.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP29\A0017220.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : No action taken.
C:\Documents and Settings\hamik\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\hamik\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\hamik\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\hamik\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\hamik\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\hamik\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : No action taken.
C:\System Volume Information\_restore{EDF8B7E9-5809-4DA1-9BF2-3D587465024B}\RP28\A0010024.dll -> Trojan.Agent.rx : No action taken.


::Report end

My computer doesn't get that annoying spyware icon from the toolbar ,but now sometimes it won't show the webpage and when i turn on the computer it gives me the blue scream with the error and other times it gives me an error for microsoft windows saying send error report or dont send.
  • 0

#4
rem

rem

    Visiting Staff

  • Member
  • PipPipPip
  • 464 posts
Hi hamik welcome back. :whistling:
Step 1
It would appear from your log that you haven't yet installed AVG Anti-Virus Free Edition or ZoneAlarm firewall.
Without both Antivirus AND a firewall on your system you are wide open for infection & we are both wasting our time really.
I cannot stress highly enough how important this issue is. Please follow the instructions in my last post to download & install.

Step 2
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Step 3
Thanks for the AVG Anti-Spyware report.
If you look at the scan results you will see "No action taken" against all the items it found.
I think perhaps you forgot to apply item 5 (Recommended actions) in the setup, or item 5 after the scan is complete (Apply all actions)
Please could you follow the instructions for Step 6 in my last post to update & run AVG Anti-Spyware, paying particular attention to the 'Recommended actions' & 'Apply all actions' steps above.

In your next reply please post:
1) The SmitfraudFix report from Step 1
2) The results from the latest AVG Anti-Spyware scan.
3) A fresh HijackThis log.
  • 0

#5
rem

rem

    Visiting Staff

  • Member
  • PipPipPip
  • 464 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP