1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

!!MSGSRV 32 System clock Problem!!

Discussion in 'Windows - Virus and spyware problems' started by NHS2008, Feb 15, 2007.

  1. NHS2008

    NHS2008 Regular member

    Joined:
    Dec 14, 2006
    Messages:
    626
    Likes Received:
    0
    Trophy Points:
    26
    Hi everyone,

    This thing started when i tried to use a KEYGEN or something.
    So, this is what happens:

    Whenever I boot my PC
    (P4,1.6GHZ,256MB SD,WinXPpro)

    following ERROR MASSAGE APPEARS:[​IMG]

    It says your system clock appears to have been set back
    WHEN THIS HAPPENED FOR THE FIRST TIME AND I CHECKED THE CLOCK IN THE CORNER IT WAS SET TO JULY 2007 SO I CHANGED IT BACK TO FEBRUARY.
    So naw the clock is perfected but the problem persists.

    I even scanned the MSGSRV 32 file with Anti-Virus(AVG 7.5 UpToDate).

    So whats going on here If anyone knows a solution or any suggestion will be appreciated please also refer the BEST(If Any) program to solve this problem.

    THANK YOU IN ADVANCE ANY HELP WILL BE APPRECIATED.


    P.s They say please contact the author of this program for instructions on correcting this error (duh!)
     
    Last edited: Feb 15, 2007
  2. bkf

    bkf Guest

    A Keygen, no doubt an .exe file. Bet more then your clock got changed. When will they learn. You might as well put a sign on you computer that says "Kick me" then tell every hacker in the world how they can't touch you. Strange unknown .exe files have a nasty habit of not being safe.
     
  3. NHS2008

    NHS2008 Regular member

    Joined:
    Dec 14, 2006
    Messages:
    626
    Likes Received:
    0
    Trophy Points:
    26
    Yeah! thank you 4 that
    got it solved had to uninstall the Photoshop (thats what the keygen was for) and scanned my PC with AVG antivirus.
     
    Last edited: Feb 25, 2007
  4. PWNed100

    PWNed100 Guest

    to double check post a HJT log please
     
  5. NHS2008

    NHS2008 Regular member

    Joined:
    Dec 14, 2006
    Messages:
    626
    Likes Received:
    0
    Trophy Points:
    26
    Thanks for that, but they say

    Warning! This program requires some know-how. You could criple your OS if you don't know what you're doing. If you are unsure, try SpyBot S&D or Ad-Aware instead.

    I have Spybot S&D.
    And I used it alongside AVG.

    Both showed ERRORS in partitions and following files
    KERNEL32 and sys32 something...Which were FIXED.


    I WILL POST HJT LOGS SOON. PLEASE KEEP ON WATCH THANK YOU.
     
    Last edited: Feb 25, 2007
  6. NHS2008

    NHS2008 Regular member

    Joined:
    Dec 14, 2006
    Messages:
    626
    Likes Received:
    0
    Trophy Points:
    26
    So heres the LOG FILE as per PWNed100's Request.



    Logfile of HijackThis v1.99.1
    Scan saved at 8:35:43 PM, on 2/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINXP\System32\smss.exe
    D:\WINXP\system32\winlogon.exe
    D:\WINXP\system32\services.exe
    D:\WINXP\system32\lsass.exe
    D:\WINXP\system32\svchost.exe
    D:\WINXP\System32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    D:\WINXP\Explorer.EXE
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\WINXP\system32\spoolsv.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    D:\Program Files\FolderSize\FolderSizeSvc.exe
    D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    D:\WINXP\system32\hkcmd.exe
    D:\WINXP\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
    D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    D:\Program Files\Picasa2\PicasaMediaDetector.exe
    D:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\King Kong Software\Capture\KingKongCapture.exe
    D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    D:\Program Files\Winamp\winampa.exe
    D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    D:\Program Files\Google\Google Talk\googletalk.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\WINXP\system32\ctfmon.exe
    D:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe
    D:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    d:\progra~1\intern~1\iexplore.exe
    D:\Program Files\Webshots\WebshotsTray.exe
    D:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    D:\WINXP\system32\svchost.exe
    D:\Program Files\Common Files\Teleca Shared\Generic.exe
    D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    D:\Program Files\Opera\Opera.exe
    F:\MyApps\utorrent.exe
    F:\MyApps\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://kingkongsearch.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kingkongsearch.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: XBTB06823 - {BA463437-C3DE-47da-8280-87596824388A} - D:\PROGRA~1\GOOGLE~1\TOOLBA~1.DLL (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - D:\Program Files\Torrent101\TorrentManager.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [HotKeysCmds] D:\WINXP\system32\hkcmd.exe
    O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "D:\WINXP\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KingKongCapture] C:\Program Files\King Kong Software\Capture\KingKongCapture.exe
    O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Multi Fork Itch Fast] D:\Documents and Settings\All Users\Application Data\BAT CORN MULTI FORK\Greatbind.exe
    O4 - HKCU\..\Run: [googletalk] "D:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINXP\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LTM2] D:\WINXP\litmus\MSGSRV32.exe
    O4 - HKCU\..\Run: [Uniblue Registry Booster] D:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Cake Size] D:\DOCUME~1\USER\APPLIC~1\CORNDA~1\grey chin.exe
    O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\WebshotsTray.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170936519203
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8BBD883F-04DB-4972-A282-457D8C2ECFFF}: NameServer = 203.94.227.70,203.94.243.70
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,wbsys.dll D:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
    O20 - Winlogon Notify: igfxcui - D:\WINXP\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - D:\WINXP\
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Folder Size (FolderSize) - Brio - D:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: GhostStartService - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    O23 - Service: GoogleDesktopManager - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    Please reply with any suggestions........THANK YOU.
     
  7. NHS2008

    NHS2008 Regular member

    Joined:
    Dec 14, 2006
    Messages:
    626
    Likes Received:
    0
    Trophy Points:
    26
    So Guys, What Do You Make Of This HijackThis Log?
     

Share This Page