Phology Posted January 26, 2005 Share Posted January 26, 2005 this error thing keeps popping up at me i ran CrapCleaner and scanned my compit came up with a couple of things and deleted thembut it keeps doin it every so often???? Quote Link to comment Share on other sites More sharing options...
Steve Posted January 26, 2005 Share Posted January 26, 2005 It's dodgy mate. You need to remove it. Post a HijackThis log man. Quote Link to comment Share on other sites More sharing options...
Phology Posted January 26, 2005 Author Share Posted January 26, 2005 Logfile of HijackThis v1.98.2Scan saved at 21:28:54, on 26/01/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\System32\hphmon05.exeC:\HP\KBD\KBD.EXEC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\ALCXMNTR.EXEC:\WINDOWS\System32\igfxtray.exeC:\Program Files\AdStatus Service\AdStatServ.exeC:\Program Files\BullsEye Network\bin\bargains.exeC:\WINDOWS\system32\SahAgent.exeC:\Program Files\AdStatus Service\AdStatKeep.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\HP\hpcoretech\comp\hptskmgr.exeC:\Program Files\Sony\Sound Forge 7.0\forge70.exeC:\Program Files\Propellerhead\Reason\Reason.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.156\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhomeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-gb/srchasst/srchasst.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/en-gb/srchasst/srchcust.htmR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%sO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLLO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dllO3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exeO4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimizeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exeO4 - HKLM\..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exeO4 - HKLM\..\Run: [sAHAgent] C:\WINDOWS\system32\SahAgent.exeO4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exeO4 - HKCU\..\Run: [Eastenders Screenmate] C:\Program Files\Eastenders Screenmates\SM.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYes.../bridge-c18.cabO16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cabO18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll cheers! Quote Link to comment Share on other sites More sharing options...
Steve Posted January 26, 2005 Share Posted January 26, 2005 I can see what it is straight away. Start IE then click Tools then Internet Options. Click on Security then the Internet Zone icon and see what level it's set it. It may possibly have been changed to low by this spyware/trojan you have. Post back and let me know. I'm gonna jump in the bath, but gimme an hour and I'll tell you what to do with your log. Quote Link to comment Share on other sites More sharing options...
rygon Posted January 26, 2005 Share Posted January 26, 2005 eastenders screenmates????? i hope u aint serious Quote Link to comment Share on other sites More sharing options...
Phology Posted January 26, 2005 Author Share Posted January 26, 2005 eastenders screenmates????? i hope u aint serious<{POST_SNAPBACK}> LMAO! ) i was on bbc.co.uk for some bored random reasonand i seen a Phil Mitchell screen thingthort it might be funny to have the potato headed thug runnin around Quote Link to comment Share on other sites More sharing options...
Steve Posted January 26, 2005 Share Posted January 26, 2005 You have two "viruses" mate. One is a dialler and the other is adware/spyware. Kaspersky detects both, but either yours is not up to date, or it's not configured correctly. Double click the red K icon for Kaspersky next to your clock. Click on the Settings tab then click "Configure Updater" on the left hand side. A new window will open. At the top where it says "Update type:", make sure it says "from Internet, extended databases". Also check the Automatic Updates box and set how often you want it to update - I do it every 3 hours. Then hit OK. Then click the Protection tab and hit "Update Now" on the left. Your machine will then download all the adware, spyware, pornware and malware signatures and protect you from them in the future. Quote Link to comment Share on other sites More sharing options...
Steve Posted January 26, 2005 Share Posted January 26, 2005 OK here's what you need to do: - First off go to Add/Remove Programs and uninstall the following: - That stupid fucking Eastenders thing. That probably put the spyware there in the first place! Now look for any items on the list that look similar to this and uninstall those too: - Bullseye NetworkAdstatusSearch Relevancy They might be called something slightly different. Once you've done that, reboot. Now, you need to put HijackThis in it's own folder. Do that, then run it and check off all of the following. Some may no longer exist, but check carefully: - O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe O4 - HKLM\..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [sAHAgent] C:\WINDOWS\system32\SahAgent.exe O4 - HKCU\..\Run: [Eastenders Screenmate] C:\Program Files\Eastenders Screenmates\SM.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYes.../bridge-c18.cab O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab Close ALL browser windows and hit Fix Checked. Reboot your PC into Safe Mode by tapping F8 as it boots. Make sure you have hidden files and folders set to display (in Windows Explorer), then search for the following and delete them all if they still exist: - C:\temp\NCASEP~1.exe C:\WINDOWS\system32\SahAgent.exe C:\Program Files\AdStatus Service C:\Program Files\BullsEye Network C:\Program Files\Eastenders Screenmates C:\Program Files\Search Relevancy Once you've done that, run Crap Cleaner again. Then reboot into regular Windows. Check my posts further up this thread about the security level in IE and Kaspersky and sort those out. Then download a decent firewall. Sygate do a good free one, or get Sygate Pro from a torrent site. Also consider using Firefox as an alternative to IE, if you don't want to be infected by spyware from websites. If you're still having problems, post another log after doing all of the above. The viruses you have are new - they've appeared in the last two days, so they may be tougher to remove. Needless to say, you should also run a full scan with Kaspersky and perhaps consider using RegSeeker to clean out your registry. Hope this helps mate. Quote Link to comment Share on other sites More sharing options...
Phology Posted January 27, 2005 Author Share Posted January 27, 2005 my pc completly freaked out on me!!after i checked my Security settings and updated kasperskysuddenly the same 'countdown box' thing appeared that happend wen i had the Sasser virus!it shutdownthen it sed my LAN connection was 'Limited or No Connection'so i cudnt go on the neta full scan revealed 21 virusesand CrapCleaner was on for agesbut it still wudnt connect to the netso my housemate tells me that Service Pack 2has a small virus in it, so he got sumthin off the net and sorted it! - wat a hero!! ..phew* Quote Link to comment Share on other sites More sharing options...
Steve Posted January 27, 2005 Share Posted January 27, 2005 You didn't set your security to low did you? I only said to check to see if it had been set to low by the virus you had. I don't agree with your housemate saying SP2 contains some kind of virus, but the main thing is your PC is sorted. Quote Link to comment Share on other sites More sharing options...
Phology Posted January 27, 2005 Author Share Posted January 27, 2005 You didn't set your security to low did you? I only said to check to see if it had been set to low by the virus you had. I don't agree with your housemate saying SP2 contains some kind of virus, but the main thing is your PC is sorted. <{POST_SNAPBACK}> i dont think soye im glad its sorted. i need the net :drool: lol Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.