Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desktop phootos/Defender [RESOLVED]


  • This topic is locked This topic is locked

#1
Rickles

Rickles

    Member

  • Member
  • PipPipPip
  • 501 posts
Hi,

I was directed to here as I am still having problems

My original thread was:

'I deleted the 'old' Defender and reinstalled a new copy from the recommended web site but it still doesn't want to download the updates. I got the error message: Windows Defender Definitions haven't been updated.
So I then loaded Spybot and ran it and all was ok for a few minutes until I got a Spybot message that I had a virus. The desktop picture changed to a blue screen and when I went into Properties all of the desktop Picture Titles were 'greyed' over and none would respond to clicking.'

I ran AVG and it could not find anything so now I have uninstalled Spybot and Defender's icon has an exclamation mark on a yellow circle on the icon. But when I ran Superanti Spyware,

Spyware found:
[attachment=18387:2A.jpg]

and then I got this:
[attachment=18388:3A.jpg] and I followed the instructions it gave.

Windows Defender still won't update and I cannot access Desktop photos

Regards

Edited by Rickles, 12 February 2008 - 05:00 AM.

  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.


1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.


Download HijackThis. Create a folder at C:\HJT and move HijackThis.exe there. Double-click on the program to run it.

1. If it gives you an intro screen, just choose Do a system scan and save a logfile.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

Edited by greyknight17, 15 February 2008 - 09:40 AM.

  • 0

#3
Rickles

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi,

Panda Active Scan will not work.

ComboFix Log:

ComboFix 08-02-16.2 - Rick 2008-02-16 17:44:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.150 [GMT 11:00]
Running from: C:\Documents and Settings\Rick\My Documents\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Rick\Application Data\Install.dat
C:\RECYCLER\desktopA.sys
C:\WINDOWS\system32\dbxDgrevCheck.dll
C:\WINDOWS\system32\dllgh8jkd1q8.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-16 17:44 . 2008-02-16 17:44 0 --a------ C:\WINDOWS\system32\regsvr32.DbgLog
2008-02-16 15:49 . 2008-02-16 17:42 <DIR> d-------- C:\Program Files\SpywareGuard
2008-02-16 15:02 . 2008-02-16 15:02 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-14 22:31 . 2008-02-14 22:31 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-14 22:31 . 2008-02-14 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-14 21:32 . 2008-02-14 21:38 <DIR> d-------- C:\I386
2008-02-14 16:10 . 2001-08-17 13:52 26,496 --a--c--- C:\WINDOWS\system32\dllcache\asc.sys
2008-02-14 16:10 . 2001-08-17 13:52 22,400 --a--c--- C:\WINDOWS\system32\dllcache\asc3350p.sys
2008-02-14 16:08 . 2001-08-17 14:07 56,960 --a--c--- C:\WINDOWS\system32\dllcache\aic78xx.sys
2008-02-14 16:08 . 2001-08-17 14:07 55,168 --a--c--- C:\WINDOWS\system32\dllcache\aic78u2.sys
2008-02-14 16:08 . 2004-08-03 22:31 36,224 --a--c--- C:\WINDOWS\system32\dllcache\an983.sys
2008-02-14 16:08 . 2001-08-17 12:11 27,678 --a--c--- C:\WINDOWS\system32\dllcache\ali5261.sys
2008-02-14 16:08 . 2001-08-17 13:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\alifir.sys
2008-02-14 16:08 . 2001-08-17 12:11 16,969 --a--c--- C:\WINDOWS\system32\dllcache\amb8002.sys
2008-02-14 16:08 . 2001-08-17 13:52 12,800 --a--c--- C:\WINDOWS\system32\dllcache\aha154x.sys
2008-02-14 16:08 . 2001-08-17 13:52 12,032 --a--c--- C:\WINDOWS\system32\dllcache\amsint.sys
2008-02-14 16:08 . 2001-08-17 13:47 6,272 --a--c--- C:\WINDOWS\system32\dllcache\apmbatt.sys
2008-02-14 16:08 . 2001-08-17 13:51 5,248 --a--c--- C:\WINDOWS\system32\dllcache\aliide.sys
2008-02-14 00:25 . 2004-08-04 23:00 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2008-02-14 00:25 . 2004-08-04 23:00 119,808 --a--c--- C:\WINDOWS\system32\dllcache\winmine.exe
2008-02-14 00:21 . 2001-08-17 22:37 24,576 --a--c--- C:\WINDOWS\system32\dllcache\agcgauge.ax
2008-02-14 00:18 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-02-14 00:17 . 2004-08-03 23:18 2,148,352 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-02-13 23:14 . 2008-02-13 23:17 <DIR> d-------- C:\Program Files\MSECACHE
2008-02-13 18:43 . 2008-02-13 18:49 <DIR> d-------- C:\Documents and Settings\Rick\Application Data\AVG7
2008-02-13 18:43 . 2008-02-13 18:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-13 18:42 . 2008-02-13 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-13 18:42 . 2008-02-15 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-13 02:30 . 2004-08-04 23:00 2,178,131 --a--c--- C:\WINDOWS\system32\dllcache\shvlres.dll
2008-02-13 02:29 . 2004-08-04 23:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-13 02:28 . 2004-08-04 23:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-13 02:27 . 2004-08-04 23:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-02-13 02:26 . 2004-08-04 23:00 1,817,687 --a--c--- C:\WINDOWS\system32\dllcache\bckgres.dll
2008-02-13 02:24 . 2008-02-13 02:24 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-13 02:23 . 2008-02-13 02:23 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-13 02:23 . 2008-02-13 02:23 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-13 02:23 . 2008-02-13 02:23 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-13 02:23 . 2008-02-13 02:23 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-13 01:59 . 2004-08-04 23:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-02-13 01:59 . 2004-08-04 23:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-02-13 01:59 . 2004-08-04 23:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-02-13 01:59 . 2004-08-04 23:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-02-12 22:56 . 2008-02-13 15:38 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-12 22:56 . 2008-02-12 22:56 <DIR> d-------- C:\WINDOWS\system32\bits
2008-02-12 22:55 . 2007-03-29 23:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-02-12 14:57 . 2008-02-13 17:59 <DIR> d-------- C:\Documents and Settings\Rick\Application Data\SUPERAntiSpyware.com
2008-02-12 11:42 . 2008-02-12 11:42 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-12 11:42 . 2008-02-12 11:42 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-12 11:15 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2008-02-12 11:15 . 1997-08-19 21:54 54,272 --a------ C:\WINDOWS\EasyPhoto Slide Show.scr
2008-02-12 11:15 . 1997-06-17 04:00 4,064 --a------ C:\WINDOWS\system32\drivers\ATMHELPR.SYS
2008-02-12 11:15 . 2008-02-12 21:57 810 --a------ C:\WINDOWS\EZPHOTO.INI
2008-02-12 11:14 . 2008-02-12 11:15 <DIR> d-------- C:\Program Files\PhotoDeluxe 2.0
2008-02-11 23:42 . 2008-02-15 18:35 1,440,054 --a------ C:\WINDOWS\ACD Wallpaper.bmp
2008-02-11 21:44 . 2006-04-27 18:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-11 21:44 . 2003-06-05 22:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-11 20:10 . 2008-02-11 20:11 366 --a------ C:\WINDOWS\wininit.ini
2008-02-11 15:35 . 2008-02-11 15:38 <DIR> d-------- C:\Program Files\Maxtor
2008-02-11 04:00 . 2008-02-11 23:36 502,874,112 --a------ C:\WINDOWS\MEMORY.DMP
2008-02-10 22:46 . 2008-02-10 22:46 88 --a------ C:\WINDOWS\Ejigman2.ini
2008-02-10 22:45 . 2008-02-10 22:45 <DIR> d-------- C:\Program Files\Nodtronics
2008-02-10 17:13 . 2004-08-04 23:00 1,086,058 -ra------ C:\WINDOWS\SET45.tmp
2008-02-10 17:13 . 2004-08-04 23:00 1,042,903 -ra------ C:\WINDOWS\SET42.tmp
2008-02-10 17:13 . 2004-08-04 23:00 13,753 -ra------ C:\WINDOWS\SET51.tmp
2008-02-10 17:12 . 2008-02-12 23:29 371,762 --a------ C:\WINDOWS\setupapi.old
2008-02-07 17:54 . 2008-02-12 23:05 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-27 01:42 . 2004-08-04 23:00 65,978 --a------ C:\WINDOWS\Soap Bubbles.bmp
2008-01-27 01:42 . 2004-08-04 23:00 65,954 --a------ C:\WINDOWS\Prairie Wind.bmp
2008-01-27 01:42 . 2004-08-04 23:00 65,832 --a------ C:\WINDOWS\Santa Fe Stucco.bmp
2008-01-27 01:42 . 2004-08-04 23:00 26,680 --a------ C:\WINDOWS\River Sumida.bmp
2008-01-27 01:42 . 2004-08-04 23:00 26,582 --a------ C:\WINDOWS\Greenstone.bmp
2008-01-27 01:42 . 2004-08-04 23:00 17,362 --a------ C:\WINDOWS\Rhododendron.bmp
2008-01-27 01:42 . 2004-08-04 23:00 17,336 --a------ C:\WINDOWS\Gone Fishing.bmp
2008-01-27 01:42 . 2004-08-04 23:00 17,062 --a------ C:\WINDOWS\Coffee Bean.bmp
2008-01-27 01:42 . 2004-08-04 23:00 16,730 --a------ C:\WINDOWS\FeatherTexture.bmp
2008-01-27 01:42 . 2004-08-04 23:00 9,522 --a------ C:\WINDOWS\Zapotec.bmp
2008-01-27 01:32 . 2004-08-04 23:00 1,086,058 -ra------ C:\WINDOWS\SETB7.tmp
2008-01-27 01:32 . 2004-08-04 23:00 1,042,903 -ra------ C:\WINDOWS\SETB4.tmp
2008-01-27 01:32 . 2004-08-04 23:00 13,753 -ra------ C:\WINDOWS\SETC3.tmp
2008-01-27 01:32 . 2004-08-04 23:00 7,334 --a--c--- C:\WINDOWS\system32\dllcache\wmerrenu.cat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 11:50 5,632 --sha-w C:\Program Files\Thumbs.db
2008-02-14 11:34 --------- d-----w C:\Program Files\QuickTime Alternative
2008-02-14 11:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-12 00:15 --------- d-----w C:\Program Files\Adobe Type Manager
2008-02-11 10:47 --------- d-----w C:\Documents and Settings\Rick\Application Data\Canon
2008-02-10 11:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 06:39 --------- d-----w C:\Documents and Settings\Rick\Application Data\IEPro
2008-01-03 03:59 44,544 ----a-w C:\WINDOWS\AWuninstall.exe
2007-12-19 06:44 --------- d-----w C:\Program Files\Lavasoft
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00 15360]
"zTrashReg"="c:\trashkeys\trashreg.exe" [2006-12-11 20:16 211705]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"SiSPower"="SiSPower.dll" [2004-09-02 13:47 49152 C:\WINDOWS\system32\SiSPower.dll]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 18:15 106496]
"EPSON Stylus Photo R310 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.exe" [2003-09-11 14:00 99840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 13:01 1397760]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-13 18:44 579072]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-01-31 23:13 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 23:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01 437160]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-13 18:42 219136]

C:\Documents and Settings\Rick\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-06 21:45:14 113664]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hueyTray.lnk - C:\Program Files\Pantone\huey\hueyTray.exe [2007-06-06 16:27:35 913408]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-22 12:00:00 65588]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-03-05 16:01:04 331776]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scanner Finder.lnk]
backup=C:\WINDOWS\pss\Scanner Finder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
--a------ 2006-08-11 08:45 712704 C:\Program Files\Maxtor\ManagerApp\Onetouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
--a------ 2006-08-11 11:15 81920 C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R2 DriverX;DriverX;C:\WINDOWS\system32\drivers\DriverX.sys [1997-03-12 23:57]
S2 BulkUsb;USB Film Scanner;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-03 23:58]
S3 AshAVMon;AshAVMon;C:\Program Files\Ashampoo\Ashampoo AntiVirus\ASHAVMON.SYS []
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 17:02]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-14 11:32:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 17:46:00


Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-16 17:46:54
ComboFix-quarantined-files.txt 2008-02-16 06:46:21

2008-02-15 13:24:40 --- E O F ---

ComboFix-quarantined-files Log:


2007-06-08 17:36 1024 --a------ C:\Qoobox\Quarantine\C\RECYCLER\desktopA.sys.vir
2007-09-07 16:18 254000 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dbxDgrevCheck.dll.vir
2008-02-11 18:32 17 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dllgh8jkd1q8.exe.vir
2008-02-11 18:33 1175372 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Rick\Application Data\Install.dat.vir


hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 6:05:13 PM, on 16/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsninternet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 124.217.252.77 www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O3 - Toolbar: (no name) - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB001" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [zTrashReg] c:\trashkeys\trashreg.exe /AUTO
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: FreshDownload - {CE5E0488-E808-4DB5-A2E1-02F2727C3542} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...a/PCPitStop.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1179467858265
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Regards
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please print the below instructions or copy them to Notepad.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source=About:Home
FriendlyName=My Current Home Page


Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.


Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 124.217.252.77 www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O3 - Toolbar: (no name) - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - (no file)


Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\regsvr32.DbgLog
C:\WINDOWS\privacy_danger\


Restart and run a new HijackThis scan. Save the log file and post it here.

Download SmitfraudFix at http://siri.urz.free...mitfraudFix.zip and extract the content (a folder named SmitfraudFix) to your desktop.

Open the SmitfraudFix folder. Double-click on smitfraudfix.cmd and select option #1 - Search by typing 1 and press Enter. A text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 or any other option until you are directed to do so!

NOTE: process.exe is detected by some antivirus programs as a Risk Tool. It is not a virus. If you get this detected, ignore it.

Edited by greyknight17, 16 February 2008 - 04:45 PM.

  • 0

#5
Rickles

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi,

All instructions carried out but I could not find C:\privacy_danger\ even with Windows Search.

hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 6:31:16 PM, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB001" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [zTrashReg] c:\trashkeys\trashreg.exe /AUTO
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: FreshDownload - {CE5E0488-E808-4DB5-A2E1-02F2727C3542} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...a/PCPitStop.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1179467858265
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

SmitFraudFix Log:
SmitFraudFix v2.290

Scan done at 18:33:38.07, Sun 17/02/2008
Run from C:\Documents and Settings\Rick\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rick


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rick\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Rick\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Regards
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should NOT have any open browsers when you are following the procedures below.

Download AVG Anti-Spyware at http://www.ewido.net/en/download/ and install it.
- Locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
- On the main screen select the Update icon, then select the Update now link.
- Next select the Start Update button. The update will start and a progress bar will show the updates being installed.
- Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
- Once in the Settings screen click on Recommended actions and then select Quarantine.
- Under Reports, select Automatically generate report after every scan.
- Unselect Only if threats were found.

Close AVG Anti-Spyware. Do not run a scan just yet.


Download ATF Cleaner at http://www.atribune..../click.php?id=1. Don't run it yet.

Download SmitfraudFix at http://siri.urz.free...mitfraudFix.zip and extract the content (a folder named SmitfraudFix) to your desktop. Do not run it yet.

Restart your computer and boot into Safe Mode. If you don't know how, go to http://www.bleepingc...tutorial61.html

Once in Safe Mode, open the SmitfraudFix folder. Double-click on smitfraudfix.cmd and select option #2 - Clean by typing 2 and press Enter to delete infected files. You will be prompted Registry cleaning - Do you want to clean the registry? Answer Yes by typing Y and press Enter in order to remove the desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found). Answer Yes by typing Y and press Enter.

The tool may need to restart your computer to finish the cleaning process. If it doesn't, please restart it manually to get back to Normal Mode. A text file will appear onscreen, with results from the cleaning process. Copy and paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt

WARNING: Running option #2 on a non infected computer will remove your desktop background.


Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser click Opera at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Run AVG Anti-Spyware.
- Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
- AVG Anti-Spyware will now begin the scanning process. Be patient as this may take a little time.

Once the scan is complete do the following:
- If you have any infections you will prompted on what action to take. Select Apply all actions.
- Next select the Reports icon at the top.
- Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).


Post the rapport.txt, AVG Anti-Spyware report and a new HijackThis log here.
  • 0

#7
Rickles

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi,

All instructions carried out in order but I could not find how to save a log in AVG, which I have running on my computer.

See photos attached:
[attachment=18568:1.jpg]
[attachment=18569:2.jpg]

SmitFraudFix v2.290 Log:

SmitFraudFix v2.290

Scan done at 15:49:41.28, Mon 18/02/2008
Run from C:\Documents and Settings\Rick\My Documents\Downloads\Geeks 3\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:44:28 PM, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsninternet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB001" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [zTrashReg] c:\trashkeys\trashreg.exe /AUTO
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: FreshDownload - {CE5E0488-E808-4DB5-A2E1-02F2727C3542} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...a/PCPitStop.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1179467858265
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Regards
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Uninstall the older Java version you have there and install the latest one here

Download SDFix at http://downloads.and...Tools/SDFix.exe and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum).
* Finally paste the contents of the Report.txt back on the forum with a new HijackThis log.
  • 0

#9
Rickles

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi,

All instructions carried out. new Java downloaded, old Java removed and New Java installed.

SDFix Log:


SDFix: Version 1.143

Run by Rick on Tue 19/02/2008 at 05:05 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 17:09:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\9482f4b4-e343-43b6-b170-9a65bc822c77]
"CurrentCacheFile"="C:\WINDOWS\SoftwareDistribution\EventCache\{FBC0D3C9-3CBB-46D6-9ECE-53E36B4EAFB4}.bin"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:



Files with Hidden Attributes:

Mon 5 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 11 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT249.tmp"
Mon 11 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7b94d041c29d0b8d724c97ae0005e71b\BIT4.tmp"
Mon 11 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6bef673c2e4e242a39946c4931e8a98\BIT7.tmp"
Wed 13 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2.tmp"
Mon 11 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5379e5c681c265eb176cf4ee378a3a96\download\BIT248.tmp"
Mon 11 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c87932aedce288373d0b6a6c23f00c8a\download\BIT6.tmp"

Finished!


HijackThis Log:


Logfile of HijackThis v1.99.1
Scan saved at 5:17:42 PM, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsninternet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB001" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [zTrashReg] c:\trashkeys\trashreg.exe /AUTO
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FreshDownload - {CE5E0488-E808-4DB5-A2E1-02F2727C3542} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...a/PCPitStop.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1179467858265
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Regards
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

Advertisements


#11
Rickles

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi,

I have made a restore point to fall back on.

Only one nagging problem is Windows Defender.

After it instals a warning message pops up:

'Application Failed To Initalize Ox800106ba'

Then if I try to run it the same message pops up.

I have tried two programs but from different sources and both return the essage.

Regards
  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Why did you use a restore point? I assume the fixes didn't help? Using a restore point may help sometimes, but then again, it may also bring back malware entries we removed also.

For Windows Defender, try uninstalling it and restart the computer. Download a new copy of it from Microsoft and install it back.
  • 0

#13
Rickles

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi,

All the fixes worked fine and I thought it might be a good idea to have a restore point no that everything was back to normal.

I'll head over to get Defender.

Regards
  • 0

#14
Rickles

Rickles

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi,

Windows Defender was installed but when I went to update it it failed.

I got this message:

Error Ox80004002

So I went to Microsoft Website and it advised to try a manual update

and got:

Error Ox80244022

So still no updates.

Regards
  • 0

#15
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do you have Windows Update enabled?

Take a look here and verify that you have those settings.

You can also try this link. They even have a toll-free number to call in case it's needed.

Also take a look at this link on how to download the updates by using quiet mode.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP