Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spyware Infection Notification

Started by Squackman , Mar 16 2006 03:44 PM

  • Please log in to reply

#1
Squackman
Posted 16 March 2006 - 03:44 PM

Squackman

    Member

  • Member
  • PipPip
  • 15 posts
There is a tiny notification on my task bar that comes up about every 5 seconds. It didnt appear until i got that SpySheriff program from something and i took the steps on geekstogo to delete SpySheriff yesterday. I got my desktop back from saying "Spyware Infection" and everything was good for about 12 hours until the little red circle with an X came back and the warning came up again. This is my first time posting so i dont know if its okay to have a picture link to show what it looks like so im going to put one, sorry if its not allowed. I uploaded the file on imageshack.us which i use alot. I titled it zzzz for some reason that I dont remember but here it is. http://img366.imageshack.us/img366/7308/zzzz1yz.jpg. Anyways, also this morning after i woke up SpySheriff came back even though i followed the 10 steps. And i uninstalled the program. Thats all i have done so far. The instructions said to post my Panda Scan, HiJackThis Log, Smitfiles.txt and Ewido Log. So here it is. I dont know if this is the correct place to post it but... yea. All of these were current as of yesterday except for the Panda and the HiJackThis which was scanned about two hours ago and i will show first.

Panda Scan:

Incident Status Location

Adware:Adware/SpySheriff Not disinfected C:\WINSTALL.EXE
Adware:Adware/SpySheriff Not disinfected C:\DOCUME~1\Owner\LOCALS~1\Temp\30269.exe
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Daily Weather Forecast\weather.exe
Adware:adware/midaddle Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\9.exe
Adware:adware/ist.istbar Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\list141.exe
Spyware:spyware/betterinet Not disinfected C:\WINDOWS\INF\biini.inf
Adware:adware/spysheriff Not disinfected C:\winstall.exe
Adware:adware/sidesearch Not disinfected C:\PROGRAM FILES\Lycos
Adware:adware/mbkwbar Not disinfected C:\PROGRAM FILES\MBKWBar
Adware:adware/toprebates Not disinfected C:\PROGRAM FILES\WebRebates4
Potentially unwanted tool:application/winfixer2005 Not disinfected C:\PROGRAM FILES\COMMON FILES\WinSoftware
Dialer:dialer.akd Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\TTUNIM
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[10].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[11].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[12].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[13].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[14].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[15].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[17].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[18].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[19].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[4].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[5].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[6].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[7].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[8].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[9].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6207cd87-26c60838.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-1d5d1ed4-1e58443a.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-918afd3-7b548c2a.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-69c37852-31f3c842.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-69c37852-31f3c842.zip[NewURLClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader.jar-3b8d0e03-598fc972.zip[Dummy.class]
Virus:Trj/Shinwow.C Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader.jar-3b8d0e03-598fc972.zip[Matrix.class]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[10].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[11].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[12].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[13].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[14].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[15].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[17].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[18].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[19].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[4].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[5].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[6].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[7].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[8].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[9].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\win32delfkil\Process.exe
Virus:Trj/Downloader.CUJ Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\17356.exe
Virus:Trj/Downloader.CUJ Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\21274.exe
Virus:Trj/Downloader.CUJ Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\22273.exe
Virus:Trj/Downloader.CUJ Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\2751.exe
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\30269.exe
Virus:Trj/Downloader.CUJ Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\32431.exe
Virus:Trj/Downloader.CUJ Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\32679.exe
Virus:Trj/Downloader.CUJ Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\6229.exe
Virus:Trj/Downloader.CUJ Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\7400.exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atwola[1].txt
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\list141.exe
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\Common Files\WinSoftware\Prcheck.dll
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Daily Weather Forecast\weather.exe
Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\Uninstall.exe
Adware:Adware/Prositefinder Not disinfected C:\Program Files\wje2em3g\ryf0ppeq.DLL
Spyware:Spyware/ClearSearch Not disinfected C:\Program Files\wje2em3g\svjvpa3w.DLL
Spyware:Spyware/ClearSearch Not disinfected C:\Program Files\wje2em3g\z58813m0.DLL
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-3903791793-210082689-2791655202-1003\Dc5.exe[Process.exe]
Virus:Trj/Downloader.MO Not disinfected C:\WINDOWS\Downloaded Program Files\default.inf
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\biini.inf
Adware:Adware/WinTools Not disinfected C:\WINDOWS\Temp\~258185.tmp
Adware:Adware/WinTools Not disinfected C:\WINDOWS\Temp\~346445.tmp
Adware:Adware/WinTools Not disinfected C:\WINDOWS\Temp\~392664.tmp
Adware:Adware/WinTools Not disinfected C:\WINDOWS\Temp\~5116.tmp
Adware:Adware/WinTools Not disinfected C:\WINDOWS\Temp\~732378.tmp
Adware:Adware/WinTools Not disinfected C:\WINDOWS\Temp\~966893.tmp
Adware:Adware/WinTools Not disinfected C:\WINDOWS\Temp\~972260.tmp
Dialer:dialer.b Not disinfected C:\WINDOWS\tmlpcert2005
Adware:Adware/SpySheriff Not disinfected C:\winstall.exe

HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:39:48 PM, on 3/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Daily Weather Forecast\weather.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\javaw.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Common Files\AOL\1136061605\ee\AOLHostManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Common Files\AOL\1136061605\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1136061605\ee\AOLServiceHost.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\30269.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {C6DD0848-E3A5-E577-F1AE-91CB2EEC599B} - C:\WINDOWS\system32\eup.dll (file missing)
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-445D-A93E-B70A42E900F2} - C:\Program Files\wje2em3g\wje2em3g.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {038375D8-C733-483F-B801-98D85883D1A1} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0F4B1BF9-6F98-4D3E-B0F0-29A2D9B6F691} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {1C524C5F-FD93-4BF0-BB87-DBC178F1D5DB} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {36CE7F55-E2B6-4C02-95E6-F42ADB19E489} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {4ACE7C37-F631-4145-B66B-BBE2BC8E9594} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {573A7A30-0F02-4034-B454-408F8F9434B2} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {5C37D0C6-D58A-4E89-AFFB-02C051506A48} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {63E502F3-4F5C-4E77-90EB-4B175CD8AB1C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {65129EBC-D21A-4B57-8FBD-6A4F237DB3E2} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {683C2E9B-B48C-4B08-ADD3-1802A65A4B9B} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O2 - BHO: (no name) - {71EA3134-FC52-4E1B-8E6E-EE2AE6FB36D4} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {7248ECF4-B02B-4575-9C00-A3588DDDA27F} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {794228FD-8099-4E6E-AFA3-2540D0C93F58} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7C78B132-A9F8-45A4-853C-AB1EB165671F} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {85998284-64AA-4A1D-AC28-8211F3B37D72} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: (no name) - {9F139691-9121-4678-B7D8-4F625A7BC8BB} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {A05D2EEC-619A-41A4-8ED4-032C1D01F469} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {A4CA52BB-3FC9-4E4D-82A2-EA10496F83EF} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B101B938-9F5C-4860-A901-5CDD0F23F10B} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {BAD3B61D-779D-4EA8-B67D-10595E80C6FD} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C1B42D07-8B4E-4D42-AA28-81E483F423EF} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {C6DD0848-E3A5-E577-F1AE-91CB2EEC599B} - C:\WINDOWS\system32\eup.dll (file missing)
O2 - BHO: (no name) - {C83D5918-D6A5-4F9E-848F-E14021713249} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {C8B3D289-38D1-474E-B935-14EB185137FB} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {CA92EC07-F74A-448C-9645-A575E424A7FF} - C:\Program Files\CSBB\CSBB.dll (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Owner\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [wje2em3g] C:\Program Files\wje2em3g\wje2em3g.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RealPlayerv2] AIM1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [system32.dll] C:\WINDOWS\system\sysdll32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136061605\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: LimeWire 3.6.15.lnk = C:\Program Files\LimeWire\3.6.15\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.3
O15 - Trusted Zone: www.contentcooler.biz
O15 - Trusted Zone: www.new-access.biz
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O19 - User stylesheet: C:\WINDOWS\sstyle.css (file missing)
O19 - User stylesheet: C:\WINDOWS\sstyle.css (file missing) (HKLM)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by Squackman, 16 March 2006 - 05:28 PM.

  • 0

Advertisements

#2
Squackman
Posted 16 March 2006 - 05:32 PM

Squackman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry, i hadnt realized that the logs got cut off so i moved the smitfiles and the ewido log to this reply.. hope thats ok... :tazz:

Smitfiles.txt:


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Wed 03/15/2006
The current time is: 18:13:39.53

Running from
C:\Documents and Settings\Owner\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~

Crystalys media
SpySheriff


~~~ Shortcuts ~~~

Crystalys Media folder
Install.dat


~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

desktop.html


~~~ Drive root ~~~

winstall.exe

~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 7544 'explorer.exe'
Killing PID 7544 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Ewido Log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:36:37 PM, 3/15/2006
+ Report-Checksum: B8B08C49

+ Scan result:

HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Adware.BargainBuddy : Error during cleaning
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Adware.BargainBuddy : Error during cleaning
HKLM\SOFTWARE\Classes\ADP.UrlCatcher.1 -> Adware.BargainBuddy : Error during cleaning
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Adware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Security -> Adware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Enum -> Adware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-3903791793-210082689-2791655202-1003\Software\Classes\CLSID\CLSID\{6379A99A-9102-446C-A837-0623E1810D75} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-3903791793-210082689-2791655202-1003_Classes\CLSID\CLSID\{6379A99A-9102-446C-A837-0623E1810D75} -> Adware.Generic : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe -> Downloader.PurityScan.bw : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\10185.exe -> Not-A-Virus.Hoax.Win32.Renos.bm : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\10186.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\10889.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\14019.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\14266.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\14686.exe -> Not-A-Virus.Hoax.Win32.Renos.az : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\16177.exe -> Not-A-Virus.Hoax.Win32.Renos.bm : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\16299.exe -> Not-A-Virus.Hoax.Win32.Renos.az : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\20070.exe -> Not-A-Virus.Hoax.Win32.Renos.ad : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\24870.exe -> Not-A-Virus.Hoax.Win32.Renos.bj : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\26588.exe -> Not-A-Virus.Hoax.Win32.Renos.bm : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\27355.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\3039.exe -> Downloader.Agent.acu : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\32519.exe -> Not-A-Virus.Hoax.Win32.Renos.az : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\32656.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\4916.exe -> Not-A-Virus.Hoax.Win32.Renos.bm : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\672.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\bar.exe -> Adware.IeSearchBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\hotfix.exe -> Adware.WebSearch : Cleaned with backup
C:\Program Files\Common Files\WinSoftware\FCrXML.dll -> Adware.Winfixer : Cleaned with backup
C:\Program Files\wje2em3g\wje2em3g.dll -> Adware.ClearSearch : Cleaned with backup
C:\Program Files\wje2em3g\wje2em3g.exe -> Backdoor.Ruledor.g : Cleaned with backup
C:\Program Files\wje2em3g\wje2em3g1\wje2em3g1.dll -> Adware.ClearSearch : Cleaned with backup
C:\Program Files\wje2em3g\wje2em3g1\wje2em3g1.exe -> Adware.ClearSearch : Cleaned with backup
C:\WINDOWS\desktop.html -> Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\eup.dll -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\localui.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\private.exe -> Downloader.Agent.acu : Cleaned with backup
C:\WINDOWS\system32\Μіcrosoft.NET\mshta.exe -> Downloader.PurityScan.bz : Cleaned with backup
C:\WINDOWS\system32\Οracle\ѕpoolsv.exe -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\Temp\~258185.tmp -> Adware.Wintol : Error during cleaning
C:\WINDOWS\Temp\~346445.tmp -> Adware.Wintol : Error during cleaning
C:\WINDOWS\Temp\~392664.tmp -> Adware.Wintol : Error during cleaning
C:\WINDOWS\Temp\~5116.tmp -> Adware.Wintol : Error during cleaning
C:\WINDOWS\Temp\~732378.tmp -> Adware.Wintol : Error during cleaning
C:\WINDOWS\Temp\~966893.tmp -> Adware.Wintol : Error during cleaning
C:\WINDOWS\Temp\~972260.tmp -> Adware.Wintol : Error during cleaning
C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.ad : Cleaned with backup


::Report End

Thanks in advance for any help i receive :).. hopefully receive.. jk im sure you advice will be good.. either way your help is appreciated :)
  • 0

#3
Squackman
Posted 16 March 2006 - 06:31 PM

Squackman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
o well heh heh heh i feel pretty stupid now lol... i guess i resolved this myself... i just reran RunThis.bat from smitRem in safe mode a ta da... its gone again... hopefully for good this time :) well thanks anyways, i know ya'll would have helped me fix it if you had got here before i realized wat to do so thanks :). yup.. i said ya'll.. its my texan accent lol.. anwyays thanks again.. great website.. ill post again if i have anymore questions... i guess you can delete this thread or close it or w.e it is you need to do.. bye :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP