Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

General Security General Security
Search Search
Search for:
Tech Support Guy > > >

Solved: Spybot-Search and Destroy Warning


(!)

tlh99's Avatar
tlh99 tlh99 is offline
Member with 133 posts.
THREAD STARTER
 
Join Date: Dec 1999
Location: Zelienople,Pa,US
03-Jan-2009, 09:17 PM #1
Solved: Spybot-Search and Destroy Warning
I am not very knowlegable and using Windows XP, IE 6. I ran a Spybot scan and got 2 warnings during the scan telling me there were problems in the Include File of C:\program files\spybot-search-destroy\includes\(one warning referring to Malwarec.sbi and the second one referring to trojansc.sbi) and to see the include error.log for details. It gave no instructions as what to do after reading the log and here is what was in the log--
C:\Program Files\Spybot - Search & Destroy\Includes\Malware.sbi | Win32.Agent.pz | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Malware.sbi | Win32.Agent.pz | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Malware.sbi | Win32.Agent.pz | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Malware.sbi | Win32.Agent.pz | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Malware.sbi | Win32.Agent.pz | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Malware.sbi | Win32.Agent.pz | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | MadInjection.rtk | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C.ul | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Delf.Spool.cn | <$SYSDIR>\ntdoss04.sys
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | FakeUPSInvoice | <$SYSDIR>\userini.exe
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | FlashExploit | <$WINDIR>\Tasks\SysFile.brk
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_DATA>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_DATA>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | ProGroup.ProRat | <$FILE_DATA>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | ProGroup.ProRat | <$FILE_DATA>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | ProGroup.ProRat | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | ProGroup.ProRat | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | ProGroup.ProRat | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | ProGroup.ProRat | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | ProGroup.ProRat | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.jl | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.jl | <$PROGRAMFILES>\Internet Explorer\msvcrt.bak
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.WPA_Kill.AK | <$SYSDIR>\winlogon.bak
C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Zlob.DNSChanger | (85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)+
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | PWS.Small.bs | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | PWS.Small.bs | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | PWS.Small.bs | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | PWS.Small.bs | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | RKdrv.rtk | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | RKdrv.rtk | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | RKdrv.rtk | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.gpr | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.jg | <$FILE_DATA>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.jg | <$FILE_DATA>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.jg | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Bagle.av | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.clk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.clk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.clk | <$FILE_DATA>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.clk | <$FILE_DATA>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.clk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.clk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LOG>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_DATA>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_SYSTEM>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_DATA>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_DATA>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.rtk | <$FILE_EXE>
C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.rtk | <$FILE_EXE>

They are just warnings and not threats-please advise me what to do.

Thank You tlh99
telecom69's Avatar
Computer Specs
Gone but never forgotten with 9,807 posts.
 
Join Date: Oct 2001
Location: West Midlands of England
Experience: Intermediate
03-Jan-2009, 09:24 PM #2
When you ran the scan did you not see any items ticked in Red that spybot suggests you remove? you should have clicked on fix selected items ....
tlh99's Avatar
tlh99 tlh99 is offline
Member with 133 posts.
THREAD STARTER
 
Join Date: Dec 1999
Location: Zelienople,Pa,US
03-Jan-2009, 09:32 PM #3
Spybot-Search and Destroy Warning
Thanks telecom69 for a fast reply. Yes I had them fix several red checked items and ran another scan. 2 of the fixed items were MS security overides on antivirus and firewall, the other I don't recall exactly what it was but ended with 32 aad (not much help there).
Kenny94's Avatar
Account Disabled with 2,026 posts.
 
Join Date: Dec 2004
Location: S.C
03-Jan-2009, 09:39 PM #4
With Zlob.DNSChanger Spybot will detected it but. not remove it.. Folks call it "Google redirect virus" (Wareout) Does this happen to you?
tlh99's Avatar
tlh99 tlh99 is offline
Member with 133 posts.
THREAD STARTER
 
Join Date: Dec 1999
Location: Zelienople,Pa,US
03-Jan-2009, 09:53 PM #5
Spybot-Search and Destroy Warning
OK Kenny94, spybot detected but now how do I get rid of it? I have not been in any sites that I have not used on a regular basis for several years so I have no idea how I got it.
Kenny94's Avatar
Account Disabled with 2,026 posts.
 
Join Date: Dec 2004
Location: S.C
03-Jan-2009, 09:55 PM #6
Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
tlh99's Avatar
tlh99 tlh99 is offline
Member with 133 posts.
THREAD STARTER
 
Join Date: Dec 1999
Location: Zelienople,Pa,US
03-Jan-2009, 10:14 PM #7
Spybot-Search and Destroy Warning
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:32 PM, on 1/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.butlereagle.com/apps/pbcs.dll/frontpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168377702296
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/whatsnext/che...ivePreQual.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 5049 bytes
Kenny94's Avatar
Account Disabled with 2,026 posts.
 
Join Date: Dec 2004
Location: S.C
03-Jan-2009, 10:25 PM #8
I was expecting a infected log.. Lets play it safe..

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
tlh99's Avatar
tlh99 tlh99 is offline
Member with 133 posts.
THREAD STARTER
 
Join Date: Dec 1999
Location: Zelienople,Pa,US
03-Jan-2009, 10:44 PM #9
Spybot-Search and Destroy Warning
SmitFraudFix v2.388

Scan done at 21:39:14.73, Sat 01/03/2009
Run from C:\Documents and Settings\Thelma\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system
Kenny94's Avatar
Account Disabled with 2,026 posts.
 
Join Date: Dec 2004
Location: S.C
03-Jan-2009, 10:53 PM #10
Hi tlh99,

I believe that these could be a Spybot false positive..Is Spybot up to date? Go ahead and Remove SmitfraudFix form your desktop..


Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 10.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u10-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u10-windows-i586-p.exe and select "Run as an Administrator".)
tlh99's Avatar
tlh99 tlh99 is offline
Member with 133 posts.
THREAD STARTER
 
Join Date: Dec 1999
Location: Zelienople,Pa,US
04-Jan-2009, 02:35 AM #11
Spybot-Search and Destroy Warning
I also uninstalled spypot and did a new download and scan -got the same warnings
I ran a scan thru Ad-aware and it did not detect anything. Let me know if the item found in this scan can be removed.
Thanks for hanging in there with me, past bed time now. LOL
tlh99

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, January 4, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, January 04, 2009 04:15:25
Records in database: 1557120
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 43674
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:04:34


File name / Threat name / Threats count
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1

The selected area was scanned.
Kenny94's Avatar
Account Disabled with 2,026 posts.
 
Join Date: Dec 2004
Location: S.C
04-Jan-2009, 08:01 AM #12
Hi tlh99

Quote:
I also uninstalled spypot and did a new download and scan -got the same warnings
There nothing to worry about the warnings....

download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Place a check mark next to zip file when moved.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :files
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz
    
    :commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Click Ok to allow OTMoveIt3 reboot your machine.
  • After reboot, a log file will appear. Copy the contents to the clipboard[/b] by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
tlh99's Avatar
tlh99 tlh99 is offline
Member with 133 posts.
THREAD STARTER
 
Join Date: Dec 1999
Location: Zelienople,Pa,US
04-Jan-2009, 04:46 PM #13
Spybot-Search and Destroy Warning
OK Kenny94 -I have gotten this far without messing things up but my options on OTMoveIt3 does not give me"zip file when moved". I have options of Move It, Cleanup, Exit and Restore with a check mark at Unregister dll's and ocx's. Will proceed when you instruct me to what option to use.
Thanks tlh99
Kenny94's Avatar
Account Disabled with 2,026 posts.
 
Join Date: Dec 2004
Location: S.C
04-Jan-2009, 09:27 PM #14
Click Move It and the check mark "Unregister dll's and ocx's." leave it checked...
tlh99's Avatar
tlh99 tlh99 is offline
Member with 133 posts.
THREAD STARTER
 
Join Date: Dec 1999
Location: Zelienople,Pa,US
04-Jan-2009, 10:02 PM #15
Spybot-Search and Destroy Warning
Kenny94- here is MoveIt log- tlh99


Error: Unable to interpret <C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz> in the current context!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DF4631.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DF540F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01042009_205104

Files moved on Reboot...
C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DF4631.tmp moved successfully.
C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DF540F.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑