1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Spybot-Search and Destroy Warning

Discussion in 'General Security' started by tlh99, Jan 3, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. tlh99

    tlh99 Thread Starter

    Joined:
    Dec 16, 1999
    Messages:
    139
    I am not very knowlegable and using Windows XP, IE 6. I ran a Spybot scan and got 2 warnings during the scan telling me there were problems in the Include File of C:\program files\spybot-search-destroy\includes\(one warning referring to Malwarec.sbi and the second one referring to trojansc.sbi) and to see the include error.log for details. It gave no instructions as what to do after reading the log and here is what was in the log--
    C:\Program Files\Spybot - Search & Destroy\Includes\Malware.sbi | Win32.Agent.pz | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Malware.sbi | Win32.Agent.pz | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Malware.sbi | Win32.Agent.pz | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Malware.sbi | Win32.Agent.pz | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Malware.sbi | Win32.Agent.pz | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Malware.sbi | Win32.Agent.pz | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | MadInjection.rtk | <$FILE_SYSTEM>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_SYSTEM>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C. | <$FILE_SYSTEM>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Smitfraud-C.ul | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Delf.Spool.cn | <$SYSDIR>\ntdoss04.sys
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | FakeUPSInvoice | <$SYSDIR>\userini.exe
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | FlashExploit | <$WINDIR>\Tasks\SysFile.brk
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_DATA>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_DATA>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_SYSTEM>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Haxdoor.hm | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | ProGroup.ProRat | <$FILE_DATA>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | ProGroup.ProRat | <$FILE_DATA>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | ProGroup.ProRat | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | ProGroup.ProRat | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | ProGroup.ProRat | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | ProGroup.ProRat | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | ProGroup.ProRat | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_SYSTEM>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Agent.frl | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.jl | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.jl | <$PROGRAMFILES>\Internet Explorer\msvcrt.bak
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_SYSTEM>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_SYSTEM>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_SYSTEM>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_SYSTEM>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_SYSTEM>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.Delf.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Win32.WPA_Kill.AK | <$SYSDIR>\winlogon.bak
    C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi | Zlob.DNSChanger | (85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)(85\.255\.11[0-9]\.[1-2]?[0-9]{1,2}[,]?\s?)+
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | PWS.Small.bs | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | PWS.Small.bs | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | PWS.Small.bs | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | PWS.Small.bs | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | RKdrv.rtk | <$FILE_SYSTEM>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | RKdrv.rtk | <$FILE_SYSTEM>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | RKdrv.rtk | <$FILE_SYSTEM>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.gpr | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.jg | <$FILE_DATA>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.jg | <$FILE_DATA>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.jg | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Bagle.av | <$FILE_SYSTEM>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.clk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.clk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.clk | <$FILE_DATA>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.clk | <$FILE_DATA>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.clk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.Agent.clk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LOG>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_DATA>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_SYSTEM>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_LIBRARY>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_DATA>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Win32.TDSS.rtk | <$FILE_DATA>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.DNSChanger.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.rtk | <$FILE_EXE>
    C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi | Zlob.rtk | <$FILE_EXE>

    They are just warnings and not threats-please advise me what to do.

    Thank You tlh99
     
  2. telecom69

    telecom69 Gone but never forgotten

    Joined:
    Oct 12, 2001
    Messages:
    9,807
    When you ran the scan did you not see any items ticked in Red that spybot suggests you remove? you should have clicked on fix selected items ....
     
  3. tlh99

    tlh99 Thread Starter

    Joined:
    Dec 16, 1999
    Messages:
    139
    Thanks telecom69 for a fast reply. Yes I had them fix several red checked items and ran another scan. 2 of the fixed items were MS security overides on antivirus and firewall, the other I don't recall exactly what it was but ended with 32 aad (not much help there).
     
  4. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    With Zlob.DNSChanger Spybot will detected it but. not remove it.. Folks call it "Google redirect virus" (Wareout) Does this happen to you?
     
  5. tlh99

    tlh99 Thread Starter

    Joined:
    Dec 16, 1999
    Messages:
    139
    OK Kenny94, spybot detected but now how do I get rid of it? I have not been in any sites that I have not used on a regular basis for several years so I have no idea how I got it.
     
  6. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  7. tlh99

    tlh99 Thread Starter

    Joined:
    Dec 16, 1999
    Messages:
    139
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:10:32 PM, on 1/3/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.butlereagle.com/apps/pbcs.dll/frontpage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168377702296
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/whatsnext/checkmypc/includes/MotivePreQual.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 5049 bytes
     
  8. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    I was expecting a infected log.. Lets play it safe..:)

    Please download SmitfraudFix (by S!Ri) to your Desktop.

    Double-click SmitfraudFix.exe
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  9. tlh99

    tlh99 Thread Starter

    Joined:
    Dec 16, 1999
    Messages:
    139
    SmitFraudFix v2.388

    Scan done at 21:39:14.73, Sat 01/03/2009
    Run from C:\Documents and Settings\Thelma\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
     
  10. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Hi tlh99,

    I believe that these could be a Spybot false positive..Is Spybot up to date? Go ahead and Remove SmitfraudFix form your desktop..


    Please do an online scan with Kaspersky WebScanner

    Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure the following is checked.
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        [*]Archives
        [*]Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    • Please post this log in your next reply.

    Upgrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 10.
    • Click the "Download" button to the right.
    • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
    • Click on Continue.
    • Click on the link to download Windows Offline Installation (jre-6u10-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u10-windows-i586-p.exe and select "Run as an Administrator".)
     
  11. tlh99

    tlh99 Thread Starter

    Joined:
    Dec 16, 1999
    Messages:
    139
    I also uninstalled spypot and did a new download and scan -got the same warnings
    I ran a scan thru Ad-aware and it did not detect anything. Let me know if the item found in this scan can be removed.
    Thanks for hanging in there with me, past bed time now. LOL
    tlh99

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Sunday, January 4, 2009
    Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Sunday, January 04, 2009 04:15:25
    Records in database: 1557120
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Files scanned: 43674
    Threat name: 1
    Infected objects: 1
    Suspicious objects: 0
    Duration of the scan: 01:04:34


    File name / Threat name / Threats count
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1

    The selected area was scanned.
     
  12. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Hi tlh99

    There nothing to worry about the warnings....:)

    download the OTMoveIt3 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt3.exe to run it.
    • Place a check mark next to zip file when moved.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :files
      C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz
      
      :commands
      [EmptyTemp]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Click Ok to allow OTMoveIt3 reboot your machine.
    • After reboot, a log file will appear. Copy the contents to the clipboard[/b] by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt3
     
  13. tlh99

    tlh99 Thread Starter

    Joined:
    Dec 16, 1999
    Messages:
    139
    OK Kenny94 -I have gotten this far without messing things up but my options on OTMoveIt3 does not give me"zip file when moved". I have options of Move It, Cleanup, Exit and Restore with a check mark at Unregister dll's and ocx's. Will proceed when you instruct me to what option to use.
    Thanks tlh99
     
  14. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Click Move It and the check mark "Unregister dll's and ocx's." leave it checked...
     
  15. tlh99

    tlh99 Thread Starter

    Joined:
    Dec 16, 1999
    Messages:
    139
    Kenny94- here is MoveIt log- tlh99


    Error: Unable to interpret <C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz> in the current context!
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DF4631.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DF540F.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01042009_205104

    Files moved on Reboot...
    C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DF4631.tmp moved successfully.
    C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DF540F.tmp moved successfully.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/786433