????

[Phology]

this error thing keeps popping up at me

 

 

 

i ran CrapCleaner and scanned my comp

it came up with a couple of things and deleted them

but it keeps doin it every so often????

 

[Steve]

It's dodgy mate. You need to remove it. Post a HijackThis log man.

[Phology]

Logfile of HijackThis v1.98.2

Scan saved at 21:28:54, on 26/01/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\Program Files\AdStatus Service\AdStatServ.exe

C:\Program Files\BullsEye Network\bin\bargains.exe

C:\WINDOWS\system32\SahAgent.exe

C:\Program Files\AdStatus Service\AdStatKeep.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\Program Files\Sony\Sound Forge 7.0\forge70.exe

C:\Program Files\Propellerhead\Reason\Reason.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.156\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-gb/srchasst/srchasst.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/en-gb/srchasst/srchcust.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe

O4 - HKLM\..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [sAHAgent] C:\WINDOWS\system32\SahAgent.exe

O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [Eastenders Screenmate] C:\Program Files\Eastenders Screenmates\SM.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYes.../bridge-c18.cab

O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

 

 

 

 

 

cheers!

[Steve]

I can see what it is straight away. Start IE then click Tools then Internet Options. Click on Security then the Internet Zone icon and see what level it's set it. It may possibly have been changed to low by this spyware/trojan you have. Post back and let me know. I'm gonna jump in the bath, but gimme an hour and I'll tell you what to do with your log.

[rygon]

eastenders screenmates????? i hope u aint serious

[Phology]

eastenders screenmates????? i hope u aint serious

<{POST_SNAPBACK}>

 

 

LMAO! )

 

i was on bbc.co.uk for some bored random reason

and i seen a Phil Mitchell screen thing

thort it might be funny to have the potato headed thug runnin around

[Steve]

You have two "viruses" mate. One is a dialler and the other is adware/spyware. Kaspersky detects both, but either yours is not up to date, or it's not configured correctly.

 

Double click the red K icon for Kaspersky next to your clock. Click on the Settings tab then click "Configure Updater" on the left hand side. A new window will open. At the top where it says "Update type:", make sure it says "from Internet, extended databases". Also check the Automatic Updates box and set how often you want it to update - I do it every 3 hours. Then hit OK. Then click the Protection tab and hit "Update Now" on the left. Your machine will then download all the adware, spyware, pornware and malware signatures and protect you from them in the future.

[Steve]

OK here's what you need to do: -

 

First off go to Add/Remove Programs and uninstall the following: -

 

That stupid fucking Eastenders thing. That probably put the spyware there in the first place!

 

Now look for any items on the list that look similar to this and uninstall those too: -

 

Bullseye Network

Adstatus

Search Relevancy

 

They might be called something slightly different. Once you've done that, reboot.

 

Now, you need to put HijackThis in it's own folder. Do that, then run it and check off all of the following. Some may no longer exist, but check carefully: -

 

 

O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL

 

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

 

O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe

 

O4 - HKLM\..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

 

O4 - HKLM\..\Run: [sAHAgent] C:\WINDOWS\system32\SahAgent.exe

 

O4 - HKCU\..\Run: [Eastenders Screenmate] C:\Program Files\Eastenders Screenmates\SM.exe

 

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYes.../bridge-c18.cab

 

O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab

 

Close ALL browser windows and hit Fix Checked.

 

Reboot your PC into Safe Mode by tapping F8 as it boots. Make sure you have hidden files and folders set to display (in Windows Explorer), then search for the following and delete them all if they still exist: -

 

C:\temp\NCASEP~1.exe

C:\WINDOWS\system32\SahAgent.exe

 

C:\Program Files\AdStatus Service

C:\Program Files\BullsEye Network

C:\Program Files\Eastenders Screenmates

C:\Program Files\Search Relevancy

 

Once you've done that, run Crap Cleaner again. Then reboot into regular Windows. Check my posts further up this thread about the security level in IE and Kaspersky and sort those out. Then download a decent firewall. Sygate do a good free one, or get Sygate Pro from a torrent site. Also consider using Firefox as an alternative to IE, if you don't want to be infected by spyware from websites.

 

If you're still having problems, post another log after doing all of the above. The viruses you have are new - they've appeared in the last two days, so they may be tougher to remove. Needless to say, you should also run a full scan with Kaspersky and perhaps consider using RegSeeker to clean out your registry.

 

Hope this helps mate.

[Phology]

my pc completly freaked out on me!!

after i checked my Security settings and updated kaspersky

suddenly the same 'countdown box' thing appeared that happend wen i had the Sasser virus!

it shutdown

then it sed my LAN connection was 'Limited or No Connection'

so i cudnt go on the net

a full scan revealed 21 viruses

and CrapCleaner was on for ages

but it still wudnt connect to the net

so my housemate tells me that Service Pack 2

has a small virus in it, so he got sumthin off the net and sorted it! - wat a hero!!

 

..phew*

[Steve]

You didn't set your security to low did you? I only said to check to see if it had been set to low by the virus you had. I don't agree with your housemate saying SP2 contains some kind of virus, but the main thing is your PC is sorted.

[Phology]

You didn't set your security to low did you? I only said to check to see if it had been set to low by the virus you had. I don't agree with your housemate saying SP2 contains some kind of virus, but the main thing is your PC is sorted.

<{POST_SNAPBACK}>

 

i dont think so

ye im glad its sorted. i need the net :drool: lol