Error 1752 [Resolved]

Unknown
edited October 2006 in Spyware & Virus Removal
Hi,
My problem is my desktop background has remained with System Error 1752, much like the other people. I say remain, as this appeared on my pc about the same time a trojan did as well. I used AVG to identify those files and they were quarantined to the vault. Spybot also removed files. I had to do the repair with the xp disk which seems to have worked and everything is there and working. All my Windows securitys stuff is up to date and I'm using Defender. Spybot, AVG anti virus and Lavasoft.

I dont have the anything suspicious in the tool bar and I've checked the programs loaded are the right ones. Defender keeps identifying SurfAccuracy as being a severe threat but I repeated say, yes delete it but it asks me every time I start up. I checked what I could about SurfAccuracy from Google and tried an ininstall prog from the web which didn't seem to work.

Now it appears I must have the dodgy screensaver with the warnings. How do I get rid of it?

Thank You

Phillip

Comments

  • LeonardoLeonardo Wake up and smell the glaciers Eagle River, Alaska Icrontian
    edited October 2006
    Catz, I moved you post out of the other thread. It's distracting pigging backing on someone else's thread who's problems are being looked. With your own thread, you are more likely to receive help quickly.
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    Hi Phillip. I see you finally got this post up with a little help from Leonardo. I will need to see a Hijack This log. Please follow these instructions:

    Click here to download HJTsetup.exe. Save it to your Desktop!
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    • Copy and paste the log here
    DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
  • The_Catz_Payamas
    edited October 2006
    skywalker45 wrote:
    Hi Phillip. I see you finally got this post up with a little help from Leonardo. I will need to see a Hijack This log. Please follow these instructions:

    Hi Guys,

    Ok. Thanks for helping getting us going. Here is the mysterious log file. Appreciate your help.
    Phillip

    [Logfile of HijackThis v1.99.1
    Scan saved at 10:39:20 PM, on 14/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\RunDll32.exe
    D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\Windows Defender\MSASCui.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\SpywareBot\SpywareBot.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Unwired\UwSCT.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\WINDOWS\system32\svchost.exe
    F:\LimeWire\LimeWire.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.csu.edu.au:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = csu.edu.au;<local>
    R3 - Default URLSearchHook is missing
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Omnipage] D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ReJf5vH] D:\WINDOWS\osdkqb.exe
    O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [spywarebot] D:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Unwired Launchpad.lnk = D:\Program Files\Unwired\UwSCT.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Unwired Launchpad.lnk = D:\Program Files\Unwired\UwSCT.exe
    O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?754b70f0d9bf4081b36b97a834a438a5
    O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?754b70f0d9bf4081b36b97a834a438a5
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00001000-0709-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int22.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160292963882
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=1&id=60764&1s&ex&ppd=4
    O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/p/us06/p.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{543482FB-DDE6-45E7-9FAE-1C980477ED84}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    Not quite sure what's going on here but I think you should run a good Anti-Spyware program. First we need, for the time being, disable Windows Defender auto-protect, explained below:
    • Open Windows Defender
    • Click Tools => General Settings
    • Scroll down and uncheck Turn on real-time protection (recommended).
    • Click Save
    • Close Windows Defender
    After all of the fixes are complete it is very important that you enable Real-time Protection again.


    Next, follow the below instructions:

    Please download AVG Anti-Spyware from my signature below. It is a free trial of the software. Save the install file to your desktop.
    • Install AVG by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
        Note: If the Update now option is grayed out, follow the steps below.
        • Click on Update on the toolbar.
        • Under Manual update, click on the Start Update button.
        • Wait until you see the Update succesfull message.
    • Right-click the AVG Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update AVG.
    AVG manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG is closed before installing the update.

    ______________________________

    We now need to make sure you can view all hidden files and folders, explained below:
    • Click "Start".
    • Click "My Computer".
    • Select the "Tools" menu and click "Folder Options".
    • Select the "View" tab.
    • Under the "Hidden files and folders" heading, select "Show hidden files and folders".
    • Uncheck the "Hide protected operating system files (recommended)" option.
    • Click "Yes" to confirm.
    • Uncheck the "Hide file extensions for known file types".
    • Click "OK".

    ______________________________

    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    ______________________________
    Navigate to C:\Windows\Temp
    Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

    Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
    Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

    Clean out your Temporary Internet files. Proceed like this:
    • Quit Internet Explorer and quit any instances of Windows Explorer.
    • Click Start, click Control Panel, and then double-click Internet Options.
    • On the General tab, click Delete Files under Temporary Internet Files.
    • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
    • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
    • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
    • Click OK.
    Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

    Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
    ______________________________

    Close ALL open Windows / Programs / Folders. Please start AVG and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        scanavgjk2.jpg
    • When done, click the Save Scan Report button.(4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot in Normal Mode.

    Please post the AVG Log and a fresh Hijack This log in your next reply.

    This might be a smitfraud infection that we'll deal with after you do the above steps.
  • The_Catz_Payamas
    edited October 2006
    Hey Guys,

    Thanks so much for your prompt reply. I've followed your steps and here are the 2 reports.

    Phillip

    Logfile of HijackThis v1.99.1
    Scan saved at 2:09:14 PM, on 15/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\RunDll32.exe
    D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\WINDOWS\osdkqb.exe
    D:\Program Files\Windows Defender\MSASCui.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\SpywareBot\SpywareBot.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Hijackthis\HijackThis.exe
    D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\Program Files\Unwired\UwSCT.exe
    D:\WINDOWS\system32\WgaTray.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.csu.edu.au:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = csu.edu.au;<local>
    R3 - Default URLSearchHook is missing
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Omnipage] D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ReJf5vH] D:\WINDOWS\osdkqb.exe
    O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [spywarebot] D:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Unwired Launchpad.lnk = D:\Program Files\Unwired\UwSCT.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Unwired Launchpad.lnk = D:\Program Files\Unwired\UwSCT.exe
    O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?754b70f0d9bf4081b36b97a834a438a5
    O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?754b70f0d9bf4081b36b97a834a438a5
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00001000-0709-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int22.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160292963882
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=1&id=60764&1s&ex&ppd=4
    O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/p/us06/p.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{543482FB-DDE6-45E7-9FAE-1C980477ED84}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    VG Anti-Spyware - Scan Report

    + Created at: 3:48:31 PM 15/10/2006

    + Scan result:



    D:\Documents and Settings\Phillip\Local Settings\Temporary Internet Files\Content.IE5\4L0TYFO9\uninstaller.prod.v1002.23mar2006.exe[1].0c49b348ce1d3b98bec782d48a948dc2 -> Adware.SurfAcc : Cleaned with backup (quarantined).
    D:\WINDOWS\osdkqb.exe -> Adware.SurfAccuracy : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{7CF4E739-D2FB-4C1B-9004-04996F1E4421}\RP132\A0006945.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{7CF4E739-D2FB-4C1B-9004-04996F1E4421}\RP132\A0006946.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{7CF4E739-D2FB-4C1B-9004-04996F1E4421}\RP132\A0006947.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{7CF4E739-D2FB-4C1B-9004-04996F1E4421}\RP132\A0006949.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{7CF4E739-D2FB-4C1B-9004-04996F1E4421}\RP132\A0006950.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{7CF4E739-D2FB-4C1B-9004-04996F1E4421}\RP139\A0007110.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{7CF4E739-D2FB-4C1B-9004-04996F1E4421}\RP139\A0007111.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{7CF4E739-D2FB-4C1B-9004-04996F1E4421}\RP139\A0007112.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{7CF4E739-D2FB-4C1B-9004-04996F1E4421}\RP139\A0007114.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
    D:\System Volume Information\_restore{7CF4E739-D2FB-4C1B-9004-04996F1E4421}\RP139\A0007115.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
    D:\Documents and Settings\Phillip\Local Settings\Temp\ICD4.tmp\UERS_0001_NI57M1124NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup (quarantined).
    D:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_0001_NI57M1124NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup (quarantined).
    D:\WINDOWS\Downloaded Program Files\UERS_0001_NI57M1124NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup (quarantined).
    D:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
    D:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
    D:\Documents and Settings\Phillip\Cookies\phillip@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10046.qit -> TrackingCookie.2o7 : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10047.qit -> TrackingCookie.2o7 : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10048.qit -> TrackingCookie.2o7 : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10049.qit -> TrackingCookie.2o7 : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10050.qit -> TrackingCookie.2o7 : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10051.qit -> TrackingCookie.2o7 : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10052.qit -> TrackingCookie.2o7 : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10053.qit -> TrackingCookie.2o7 : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10054.qit -> TrackingCookie.2o7 : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10055.qit -> TrackingCookie.2o7 : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-11-04-11\10010.qit -> TrackingCookie.2o7 : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-11-04-11\10000.qit -> TrackingCookie.Advertising : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10009.qit -> TrackingCookie.Atdmt : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10076.qit -> TrackingCookie.Atdmt : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\10-10-2006-11-00-03\10000.qit -> TrackingCookie.Atdmt : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-11-04-11\10002.qit -> TrackingCookie.Atdmt : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-18-40-37\10000.qit -> TrackingCookie.Atdmt : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10010.qit -> TrackingCookie.Burstbeacon : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10011.qit -> TrackingCookie.Burstbeacon : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10012.qit -> TrackingCookie.Burstnet : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10013.qit -> TrackingCookie.Burstnet : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-11-04-11\10003.qit -> TrackingCookie.Burstnet : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-11-04-11\10004.qit -> TrackingCookie.Burstnet : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10018.qit -> TrackingCookie.Clickzs : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10019.qit -> TrackingCookie.Clickzs : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10020.qit -> TrackingCookie.Doubleclick : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-11-04-11\10006.qit -> TrackingCookie.Doubleclick : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-18-40-37\10002.qit -> TrackingCookie.Doubleclick : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wfk4siajsao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wfk4sjd5ckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wfkywgajckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wflicldjcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wflicmajefp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wfliepc5adp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wflioicpmgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wfmigpc5ggp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wfmycgdjmao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wgkiwgcpmeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjk4aidpseo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjk4cndpsgp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjkycncjekp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjkywgcpkcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjliqkcjmfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjlocpajeeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjloenc5kfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjlyeiazmhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjlyqiazaap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjmikjd5ibp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjmiogdpegq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjmiwodpocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjmyapdjehq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjmywpcjmfq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjnygncpgdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@e-2dj6wjnyspd5sep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-11-04-11\10007.qit -> TrackingCookie.Fastclick : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-11-04-11\10008.qit -> TrackingCookie.Fastclick : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-18-40-37\10003.qit -> TrackingCookie.Fastclick : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-18-40-37\10004.qit -> TrackingCookie.Fastclick : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10071.qit -> TrackingCookie.Liveperson : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10026.qit -> TrackingCookie.Mediaplex : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-11-04-11\10009.qit -> TrackingCookie.Mediaplex : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-18-40-37\10005.qit -> TrackingCookie.Mediaplex : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10056.qit -> TrackingCookie.Overture : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10057.qit -> TrackingCookie.Overture : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10072.qit -> TrackingCookie.Overture : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-18-40-37\10006.qit -> TrackingCookie.Overture : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@ads.planetactive[1].txt -> TrackingCookie.Planetactive : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-18-40-37\10007.qit -> TrackingCookie.Qksrv : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\09-10-2006-22-43-26\10058.qit -> TrackingCookie.Revenue : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-11-04-11\10011.qit -> TrackingCookie.Serving-sys : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-18-40-37\10008.qit -> TrackingCookie.Serving-sys : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-11-04-11\10012.qit -> TrackingCookie.Sexlist : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@www.sidefind[2].txt -> TrackingCookie.Sidefind : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-11-04-11\10013.qit -> TrackingCookie.Tribalfusion : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-18-40-37\10009.qit -> TrackingCookie.Tribalfusion : Cleaned.
    D:\Program Files\SpywareBot\Quarantine\14-10-2006-18-40-37\10011.qit -> TrackingCookie.Webtrendslive : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    D:\Documents and Settings\Phillip\Cookies\phillip@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


    ::Report end
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    OK, that's better. Can you tell me how the symptoms are?

    We need to temporarily disable the Real-time Protection on Windows Defender as it may interfere with the HijackThis fixes we make.
    • Open Windows Defender
    • Click Tools => General Settings
    • Scroll down and uncheck Turn on real-time protection (recommended).
    • Click Save
    • Close Windows Defender
    After all of the fixes are complete it is very important that you enable Real-time Protection again.



    Run Hijack This again and put a check (tick) next to the following entries:



    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [ReJf5vH] D:\WINDOWS\osdkqb.exe

    O16 - DPF: {00001000-0709-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int22.exe
    O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB

    Close all other browsers/windows and click Fix Checked. Close Hijack This.

    Next reboot into safe mode according to the instructions in the previous post for running AVG Anti-Spyware.

    Once in safe mode use Windows Explorer to delete the following:

    D:\WINDOWS\osdkqb.exe<---This file.

    Reboot the PC into normal mode and post a fresh Hijack This log.
  • The_Catz_Payamas
    edited October 2006
    Hey,

    Yes. Seems Defender is no longer telling me to delete surfaccuracy on startup. Also the warning"surfaccuracy needs files that are missing.....click to reinstall" is gone too. Is there any thing else you have seen that has been lurking in the background?

    I'd found the dodgy desk top web page that had instaled before so that was right. The file D:\WINDOWS\osdkqb.exe I could not find using explorer and seach in safe mode. Don't know what's up there. My machine seems to be running fine.

    What do you think?

    Thanks

    Phillip


    Logfile of HijackThis v1.99.1
    Scan saved at 7:08:07 PM, on 16/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\RunDll32.exe
    D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\Windows Defender\MSASCui.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\SpywareBot\SpywareBot.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Unwired\UwSCT.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.csu.edu.au:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = csu.edu.au;<local>
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Omnipage] D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [spywarebot] D:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Unwired Launchpad.lnk = D:\Program Files\Unwired\UwSCT.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Unwired Launchpad.lnk = D:\Program Files\Unwired\UwSCT.exe
    O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?754b70f0d9bf4081b36b97a834a438a5
    O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?754b70f0d9bf4081b36b97a834a438a5
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160292963882
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=1&id=60764&1s&ex&ppd=4
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://dinet.info/p/us06/p.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{543482FB-DDE6-45E7-9FAE-1C980477ED84}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    Yes that's much better. Is there anything else I can help you with? Don't worry about not finding that file. Sometimes it's just a false positive and Hijack This takes care of it.
  • The_Catz_Payamas
    edited October 2006
    Hey,

    That's great. It's running fine. The file in question I couldn't find I see is in the AVG quarantine list. Thanks so much for your tutelage. I'll keep the AVG, have Spybot, Defender. Anything else I should run? Should I go back and hide the system files that were unhidden earlier on? Should I run Hijack periodically and have the report checked out?

    Your help has been invaluable. Thanks so much

    Phillip
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    No other programs need to be ran at this time. The log is clean. The answer to most of your other questions is yes, but if you read below you'll learn how to stay clean. I'll close this thread now. If you have any further problems, please start a new thread.

    Congratulations. Your log is clean! You should reward yourself very liberally! Now some pointers on how to stay clean and keep your sanity. You may be thinking now "how did I get infected?" Please read this great article: So how did I get infected in the first place.

    Next follow the instructions below to keep yourself free from infection.

    Disable and then enable system restore to purge infected restore points.

    Turn OFF System Restore.
    1. On the Desktop, right-click My Computer.
    2. Click Properties.
    3. Click the System Restore tab.
    4. Check Turn off System Restore.
    5. Click Apply.
    6. Click OK.

    To enable system restore:
    1. Uncheck the box by Turn off system restore
    2. Click Apply.
    3. System restore is now on.
    4. Create a restore point by clicking Start--->All programs--->Accessories--->System tools--->System restore
    5. Select the bubble that says Create restore point. Then click Next.
    6. Give the restore point a meaningful name like post malware removal. Then click OK.

    Rehide hidden files and folders. During your fix if you were asked to "show hidden files and folders" you should go back now and re-hide them. You wouldn't want to accidentally delete important files. Follow the instructions below:
    • Click "Start".
    • Click "My Computer".
    • Select the "Tools" menu and click "Folder Options".
    • Select the "View" tab.
    • Under the "Hidden files and folders" heading, select "Do not show hidden files and folders".
    • Check the "Hide protected operating system files (recommended)" option.
    • Check the "Hide file extensions for known file types".
    • Click Apply then click "OK".


    Update with SP2 if you don't aleady have it.
    Visit Windows Update and follow the onscreen instructions to download and install SP2.
    This is a time consuming process, even with a fast connection. If you use a dial-up connection you should consider getting a FREE copy
    directly from Microsoft or get a friend with a fast connection to burn a copy of the upgrade to CD for you.

    Update the OS regularly

    Set up system to ensure a regular update of the Operating System.

    Manually:

    Visit Windows Update on a weekly/fortnightly REGULAR basis.

    Automatically:
    1. On the Desktop, right-click My Computer.
    2. Click Properties.
    3. Click on Automatic Updates.
    4. Check the option of choice (I use Automatic (Recommended)). If you use dial-up I would recommend using the
      Notify Me option so that you can download when you can afford the time and bandwidth overheads.
    5. Select the Day/Time of choice
    6. Click Apply
    7. Click OK


    Secure your web browser
    1. Open Internet Explorer and click on the Tools menu and then click on
      Security
    2. Click the Internet icon
    3. Click onCustom Level.
    4. Change the Download signed ActiveX controls to Prompt
    5. Change the Download unsigned ActiveX controls to Disable
    6. Change the Initialize and script ActiveX controls not marked as safe to Disable
    7. Change the Installation of desktop items to Prompt
    8. Change the Launching programs and files in an IFRAME to Prompt
    9. Change the Navigate sub-frames across different domains to Prompt
    10. Change the Allow paste operations via script to Disable
    11. Click on OK
    12. Save (if asked).
    13. Click on Applybutton
    14. Click on OK

    Alternatively you could use another browser such as
    Mozilla Firefox (My personal favorite!)
    Opera

    Get Some Protection
    The following programs are useful in the fight against Malware. Best of all, they're FREE.
    Download and install any or all . Be warned though ---- You must update regularly. Check once a week!
    • Ad-Aware SE - This is a
      program that scans for and removes known spyware from your machine.
    • Spybot Search &
      Destroy       -Similar to Ad-Aware but more configurable and incorporates Teatime, a memory resident utility that protects the system
      registry. I recommend
    • Spyware Blaster -
      It Prevents the addition of ActiveX Controls on your machines by
      isolating the system registry.
    A good antiviral program is essential. AVG is one of the better known, and trusted, antivirals.

    And Finally.........Lock the door with a Firewall . XP comes with its own simple firewall but I prefer to substitute it with
    ZoneAlarm.

    I wish you very happy, and most importantly, safe surfing on the information superhighway. Just remember it can be dangerous.
This discussion has been closed.