registry problems - hijack this log included

Princess-in-PinkPrincess-in-Pink
edited July 2005 in Spyware & Virus Removal
Repost from the Windows Thread:

"Hi!

I just got a laptop from my cousin in the United States. I'm in the Philippines, by the way. It's a second hand laptop equipped with Windows 2000 NT Professional.

Once I connected to the internet, I started to experience problems. After a few 30 minutes or so, internet explorer/mozilla could not find any page anymore. I thought the problem was with my ISP (internet card) but when I used it in the other computer, it worked perfectly fine. Moreover, I keep getting pop up messages from the system (not an online ad) that something is wrong with my registry and it may lead to a crash. I already installed Spybot and Adaware and successfully deleted all spywares. Sometimes the internet won't work at all. Also, whenever I shut down the computer it always tries to end a program even though I'm not running anything. And the next time I open my PC, my wallpaper is gone and replaced with "Restore my Active Desktop."

I'm not sure if it's because of registry error that Windows Explorer and My Computer cannot read any cd, whereas my DVD player in the laptop and CD player can read any CD.

Consequentially, I also cannot install Yahoo Messenger or any other programs. The PC and internet hang everytime. I tried downloading registry repair software via the internet but it can only scan, not repair. I would have to pay online for the repair.

I think it all boils down to the registry error. Any tips? Thank you so much. Looking forward to hearing from the team."


Shadow2018 recommended Registry Cleaner. I just tried it out. He also recommended me to post a Hijack This log, because my PC might be infected with a spyware.
Here it is:

Also, my laptop is not equipped with an anti-virus software. Are there any downloadable anti-virus softwares online? Thanks.

Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:49:03 PM, on 7/2/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\tp4mon.exe
C:\WINNT\System32\ltmsg.exe
C:\WINNT\System32\firewall.exe
C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe
C:\WINNT\System32\cdplayer.exe
C:\WINNT\System32\internat.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINNT\System32\firewall.exe
O4 - HKLM\..\Run: [DeluxeCD] C:\WINNT\System32\cdplayer.exe -tray
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe

Comments

  • Princess-in-PinkPrincess-in-Pink
    edited July 2005
    Update: The software I downloaded, Repair Registry Pro, reported 0 zero errors. Before I ran RegCleaner (advised by Shadow..), Repair Registry Pro found 215 errors. Does this mean I'm clean?

    By the way, do you know where can I download a free anti-virus software online? Thank you.
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited July 2005
    Princess in Pink wrote:
    ...By the way, do you know where can I download a free anti-virus software online? Thank you.
    I'll leave the SVT advice to the experts. As for the free AV software, I've been very happy with the free version of AVG. :)
  • Princess-in-PinkPrincess-in-Pink
    edited July 2005
    Thanks profdlp! Is it absolutely free? Will be downloading it soon.

    Update # 3: My laptop still cannot connect to the internet properly. It works for 30 minutes, then the internet will hang again. THanks. =)
  • Shadow2018Shadow2018 Northwest Missouri
    edited July 2005
    Close al open windows. Run Hijack this and then place a checkmark next to this entry. Click Fix Checked:

    O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINNT\System32\firewall.exe

    Then delete the following underlined file:

    C:\WINNT\System32\firewall.exe

    Make sure all hidden files are viewable:

    Open my computer>click tools>click folder options>
    click view tab>check show hidden files>uncheck hide file extensions>click apply>click OK>exit

    Post a new log.

    Yes. You can get AVG free edition which is a decent program.



    I also noticed that you do not have a firewall installed. Are you using a router with a built in firewall?
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited July 2005
    They hide the free version... :D

    This link should take you straight to it.
  • Princess-in-PinkPrincess-in-Pink
    edited July 2005
    New Logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 2:04:05 PM, on 7/2/2005
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\ibmpmsvc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\tp4mon.exe
    C:\WINNT\System32\ltmsg.exe
    C:\WINNT\System32\cdplayer.exe
    C:\WINNT\System32\internat.exe
    C:\WINNT\system32\svchost.exe
    C:\Documents and Settings\a\Desktop\msgr6suite.exe
    C:\DOCUME~1\a\LOCALS~1\Temp\GLB2.tmp
    C:\WINNT\System32\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINNT\system32\nqmn.exe
    C:\WINNT\system32\nrlsr.exe
    C:\WINNT\system32\zwhkq.exe
    C:\WINNT\system32\yfyalje.exe
    C:\WINNT\system32\dzzohlog.exe
    C:\WINNT\system32\ubhygke.exe
    C:\WINNT\system32\qbqe.exe
    C:\WINNT\system32\atthh.exe
    C:\WINNT\system32\rhtavn.exe
    C:\WINNT\system32\wklozf.exe
    C:\WINNT\system32\qpmv.exe
    C:\WINNT\system32\bdfzes.exe
    C:\WINNT\system32\euafsvh.exe
    C:\WINNT\system32\xpfdt.exe
    C:\WINNT\system32\yqmg.exe
    C:\Program Files\hijackthis\HijackThis.exe
    C:\WINNT\system32\qlqvzok.exe
    C:\WINNT\system32\xehbybsx.exe
    C:\WINNT\system32\pifk.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [DeluxeCD] C:\WINNT\System32\cdplayer.exe -tray
    O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
    O4 - HKLM\..\Run: [Windows Explorer] C:\WINNT\System32\explorer.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2430DAD0-5172-43FD-B8F2-CF0F7FDDAE17}: NameServer = 202.78.97.2 202.78.97.3
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2430DAD0-5172-43FD-B8F2-CF0F7FDDAE17}: NameServer = 202.78.97.2 202.78.97.3
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe


    I fixed my internet problems already. =) I called up the hotline of the server.

    My Repair Registry Pro found 276 critical errors in the registry again. And a pop up appeared that i have registry errors (again) and spywares.

    I couldn't find the file firewall.exe that you asked me to delete. =)

    I don't have a firewall installed. I don't even have an anti-virus. I just got this laptop from my cousin in the States. =)

    Thanks profdlp. I'm downloading it now. =)
  • Shadow2018Shadow2018 Northwest Missouri
    edited July 2005
    Start by getting zone labs free firewall:

    http://majorgeeks.com/ZoneAlarm_Free_d388.html
  • Princess-in-PinkPrincess-in-Pink
    edited July 2005
    Is my log ok?
  • Shadow2018Shadow2018 Northwest Missouri
    edited July 2005
    Reboot into safe mode. To enter safe mode>reboot>tap f8 at the start up screen>select safe mode from the menu.

    Then find and delete these files:

    C:\WINNT\system32\nqmn.exe
    C:\WINNT\system32\nrlsr.exe
    C:\WINNT\system32\zwhkq.exe
    C:\WINNT\system32\yfyalje.exe
    C:\WINNT\system32\dzzohlog.exe
    C:\WINNT\system32\ubhygke.exe
    C:\WINNT\system32\qbqe.exe
    C:\WINNT\system32\atthh.exe
    C:\WINNT\system32\rhtavn.exe
    C:\WINNT\system32\wklozf.exe
    C:\WINNT\system32\qpmv.exe
    C:\WINNT\system32\bdfzes.exe
    C:\WINNT\system32\euafsvh.exe
    C:\WINNT\system32\xpfdt.exe
    C:\WINNT\system32\yqmg.exe
    C:\WINNT\system32\qlqvzok.exe
    C:\WINNT\system32\xehbybsx.exe
    C:\WINNT\system32\pifk.exe

    Reboot and run this online scan:

    http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm

    Let me know of any files that are not deleted by the scan. If you are on dial-up this will take a while.

    Post a new log.
  • Princess-in-PinkPrincess-in-Pink
    edited July 2005
    New Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:22:31 PM, on 7/2/2005
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\ibmpmsvc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchosta.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\tp4mon.exe
    C:\WINNT\System32\ltmsg.exe
    C:\WINNT\System32\cdplayer.exe
    C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe
    C:\WINNT\System32\explorer.exe
    C:\WINNT\System32\svchosta.exe
    C:\WINNT\System32\internat.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skyinet.net:3128
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [DeluxeCD] C:\WINNT\System32\cdplayer.exe -tray
    O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
    O4 - HKLM\..\Run: [Windows Explorer] C:\WINNT\System32\explorer.exe
    O4 - HKLM\..\Run: [autostart] svchosta.exe
    O4 - HKLM\..\RunServices: [autostart] svchosta.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O23 - Service: autostart - Unknown owner - C:\WINNT\System32\svchosta.exe" -service (file missing)
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe

    Unfortunately, I can't run an ONline Scan with my laptop because my internet is goofing up again. I have to connect through my desktop. THe ISP thinks something is wrong with my TCP/IP.

    How's my log?

    I still receive pop-ups about critical registry errors. THank you.
  • Shadow2018Shadow2018 Northwest Missouri
    edited July 2005
    If you have not downloaded the firewall please do so immediately.

    Place a checkmark next to these entries and click fix checked:

    O4 - HKLM\..\Run: [Windows Explorer] C:\WINNT\System32\explorer.exe
    O4 - HKLM\..\Run: [autostart] svchosta.exe
    O4 - HKLM\..\RunServices: [autostart] svchosta.exe
    O23 - Service: autostart - Unknown owner - C:\WINNT\System32\svchosta.exe" -service (file missing)

    Reboot into safe mode and delete these files:

    C:\WINNT\System32\explorer.exe
    C:\WINNT\System32\svchosta.exe

    Reboot into normal mode and post a new log.

    Do not worry about the pop up for registry errors.
  • Princess-in-PinkPrincess-in-Pink
    edited July 2005
    Logfile of HijackThis v1.99.1
    Scan saved at 12:58:35 AM, on 7/3/2005
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\ibmpmsvc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\tp4mon.exe
    C:\WINNT\System32\ltmsg.exe
    C:\WINNT\System32\cdplayer.exe
    C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe
    C:\WINNT\System32\internat.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skyinet.net:3128
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [DeluxeCD] C:\WINNT\System32\cdplayer.exe -tray
    O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe

    How's my log? Is there any way to delete Repair Registry Pro? I can't delete it manually.
    THanks. =)
  • Princess-in-PinkPrincess-in-Pink
    edited July 2005
    btw, why do i keep getting pop-ups about critical errors in my registry? =)
  • Shadow2018Shadow2018 Northwest Missouri
    edited July 2005
    Are all hidden files still viewable?

    Is repair registry pro in the add/remove programs list? If it is uninstall it then delete the file. If it isn't then reboot into safe mode then delete it.

    Can you access the internet at this point?
  • Princess-in-PinkPrincess-in-Pink
    edited July 2005
    Yes I checked in the Folder Options and all hidden files are viewable.

    My internet connection, as of now, is doing fine. It's very erratic though. I'm now downloading the AVG and Zone Alarm Firewall. I will be deleting Repair Registry Pro in safe mode. I still keep on getting pop-ups regarding critical errors in my registry, one of which is:

    Message from MSFOT Update to Customer..

    Important notice fom msoft

    Buffer overflow in messenge services causes unexpected computer shutdown, virus infection and remote code exeuction...

    Your system IS affected, download the patch from the address below..

    WWW.WUPDATE.NET



    The address doesnt work though. MOreover, I can't shut down my computer properly. It always tries to end a program that I do not know of. Thank you. How's my log? =)
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited July 2005
    PiP, have you tried disabling the "Messenger" service? The one you want is the one with the following description"
    Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.

    The service is intended to allow network admins to send an alert to workstations (for instance, a notice that the server would be offline temporarily). Spammers have found a way to use it for their lousy junk. :shakehead

    That's not going to fix any remaining spyware on your computer (Shadow2018 will get you fixed up in that area), but it might make the pop-ups go away. The advice he gave you about a firewall is important, too. :)
  • Shadow2018Shadow2018 Northwest Missouri
    edited July 2005
    The popups you are receiving is adware. I have seen those before. Your registry is ok. I have gotten those on a fresh install of windows. Do not click on the ads.

    What is the program that will not let you shut down properly?

    Once you have avg setup and the latest definitions downloaded run a full scan with avg.

    Then run activescan if possible and post the results of that scan and anew Hijack this log when finished.
  • Princess-in-PinkPrincess-in-Pink
    edited July 2005
    Oh nO! I ran the AVG program and I kept getting notices about Detected Viruses. WHen I pressed the heal button, it said that the function was not available for this object. So I pressed the delete button for all the Virus Detection Pop-ups. THen I suddenly realized that I was deleting the files of my programs! Now I can't run MSWORD, Abode PHotoshop, Acrobat Reader, POWER DVD firefox...all my programs!! I ran an AVG scan and it found almost all of my programs, system32 files to be infected with the Win32/Parite and some Trojan Backdoor something. Then some of my registries were also infected. The AVG did an automatic healing and then restarted my computer. Now I can't get enough of those Virus Detected alerts! Even the AVG program itself has a virus (Win32/Parite). Oh my.. is there any way to get my deleted programs back? I already checked in the Rescue Disk and Recycle Bin.. it's not there! And how do I get rid of these viruses? =( Oh no.. =( I can't run any program anymore =(
  • Princess-in-PinkPrincess-in-Pink
    edited July 2005
    I already have the firewall installed. Im so dead.. I can't run like 90% of my programs anymore =( And my pc is still infected with the Win32 Parite AVG claims to have healed in the first scan. I'm getting endless Virus Detection Pop-ups. Oh my, I have a bigger problem in my hands. Shadow, what should I do? =(
  • Princess-in-PinkPrincess-in-Pink
    edited July 2005
    I can't run AVG anymore, although I still persistently receive Virus Detection pop-ups. Apparently, it deleted itself (the main exe file) when "healing" the infected files. Eek!
  • Shadow2018Shadow2018 Northwest Missouri
    edited July 2005
    Were you able to run panda's activescan? If possible please do so and then run Housecall or Bitdefender .

    Post the results of activescan.
  • Princess-in-PinkPrincess-in-Pink
    edited July 2005
    I'm thinking of reformatting my computer and installing Linux, instead of Windows. What do you think?
  • Shadow2018Shadow2018 Northwest Missouri
    edited July 2005
    I'm thinking of going to linux as well. You should know that it isn't as user friendly as windows. If you have the time to learn how linux works my thought is go for it. If you don't have the time or the patience then stick to windows.
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited July 2005
    The only thing I'd warn you about with Linux is that you need to be absolutely sure that you can find a good driver for all the hardware in your laptop. Laptop computers often have oddball proprietary hardware in them, making it hard sometimes to find even the Windows driver.

    If you're sure that everything is going to work right afterwards, a Linux + Firefox (web browser) combination will leave you a lot safer, if only because the nitwits who write viruses and spyware often don't bother making a Linux version.

    I'm attaching a tool for removing Win32/Parite; at this point it can't hurt.

    Good luck. :)
Sign In or Register to comment.