Send, Dont send?

Discussion in 'Windows - Virus and spyware problems' started by consul, Jul 10, 2006.

  1. consul

    consul Regular member

    Joined:
    Jan 18, 2006
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    26
    Hi keep getting the M/S send or dont send error message box up a lot lately (no pattern just comes up random) and sometimes my PC just reboots itself.
    Im running XP and Firefox (most of time) im sending a Hijack log if any one can tell me if I have a problem. Many thanks in advance.

    Logfile of HijackThis v1.99.1
    Scan saved at 20:24:43, on 10/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    C:\HYPER\HELPER.EXE
    D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    D:\WINDOWS\ATKKBService.exe
    D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    D:\Program Files\ewido anti-malware\ewidoctrl.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\PeerGuardian2\pg2.exe
    D:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Program Files\Common Files\Sonic Shared\cinetray.exe
    D:\Program Files\Azureus\Azureus.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Documents and Settings\Owner\My Documents\browser tools\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [HyperOs Helper] C:\HYPER\HELPER.EXE
    O4 - HKLM\..\Run: [WinMove] C:\HYPER\WINMOVE.EXE
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_RegCleaner] D:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146997983140
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9B2CEDEA-6288-4429-86D8-83DA849897B3}: NameServer = 10.0.0.138
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
     
    consul, Jul 10, 2006
    #1
  2. tapiiri

    tapiiri Regular member

    Joined:
    Jun 11, 2005
    Messages:
    1,142
    Likes Received:
    0
    Trophy Points:
    46
    Hi consul .

    Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Unzip it (folder named SmitFraudFix) to your desktop:

    Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
    Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

    Post the contents of this textfile to here.

    (Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
     
    tapiiri, Jul 10, 2006
    #2
  3. consul

    consul Regular member

    Joined:
    Jan 18, 2006
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    26
    Tapiiri
    thanks for quick reply. Have read many of your posts to help people and just knew you would be there LOL

    SmitFraudFix v2.69

    Scan done at 21:55:54.75, 10/07/2006
    Run from D:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» D:\


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Owner\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Owner\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
    consul, Jul 10, 2006
    #3
  4. tapiiri

    tapiiri Regular member

    Joined:
    Jun 11, 2005
    Messages:
    1,142
    Likes Received:
    0
    Trophy Points:
    46
    Heh, I'm red in my face.

    I don't find any problems in both logs.

    Only properly Firewall is missing.

    Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1

    Run ATF Cleaner -> Check select all -> Press Empty selected

    Boot comp.

    Run hard disk defragment if necessary
     
    tapiiri, Jul 10, 2006
    #4
  5. consul

    consul Regular member

    Joined:
    Jan 18, 2006
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    26
    Hi Tapiiri
    Will do all as asked and let you know in a few days if problem is cured. as for firewall i'm using XP own plus Thompson Speedtouch 580 router firewall all set good according to "Shields up" test
    Many thanks for your time
     
    consul, Jul 11, 2006
    #5

Share This Page