Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help removing PSguard [CLOSED]


  • This topic is locked This topic is locked

#16
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
PandaScan says it cleaned Wininet.dll.

I am doubtful, but just to be sure, run Smitrem.exe again.

That will tell us if it is clean.

:tazz:
  • 0

Advertisements


#17
Alecto

Alecto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ok here's the smitrem log again... Still getting the same thing


smitRem log file
version 2.3

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~


oleext.dll


~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Present!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~


oleext.dll


~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll INFECTED!! :tazz:
  • 0

#18
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Assuming you have the english language of Win XP on your system, please download wininet.dll here

Unzip this file, and paste it to the following path:

c:\windows\system

Then post a new HiJackThis log.
  • 0

#19
Alecto

Alecto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Okay, the link you gave me to download wininet.dll just opens another page of this post
  • 0

#20
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Sorry, that was stupid on my part.

Here is the link:

http://www.dll-files...s.shtml?wininet
  • 0

#21
Alecto

Alecto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok, I downloaded the file. When I try to paste it to C:\Windows\system I get a message stating "Cannot create or replace wininet, specified file is being used"

The only way I can put it into that folder is if I change the name of the new wininet file, (I'm not sure if this is okay or not) but the old wininet file stays in there and I can't delete it.


Here's the latest lhijackthis logfile

ogfile of HijackThis v1.99.1
Scan saved at 6:05:50 PM, on 8/26/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\YAHOO!\MESSENGER\ypager.exe" -quiet
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winf...nnerInstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
  • 0

#22
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Rename the old wininet.dll, and then move the new wininet.dll into C:\Windows\System.

Then post a new HiJackThis log.
  • 0

#23
Alecto

Alecto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
okay, I did as you requested. Here's the new Hijackthis logfile.



Logfile of HijackThis v1.99.1
Scan saved at 5:10:48 PM, on 8/30/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\YAHOO!\MESSENGER\ypager.exe" -quiet
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winf...nnerInstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
  • 0

#24
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Your log looks great.

Are you able to get on the internet, and do you have control of your desktop?
  • 0

#25
Alecto

Alecto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Yes, everything seems to be working great.

Thanks for all your help!
  • 0

Advertisements


#26
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein


Please let me know if you have any other questions :tazz:
  • 0

#27
Alecto

Alecto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Okay, I think I spoke to soon. The intell32.exe is back, everytime I delete from the program files and from the hijackthis log it comes back as soon as I connect to the internet.

I also ran adaware and spybot scans which found several psguard programs.
And a panda scan which found spyware which I was able to fix most of but can not remove the oleext.dll program.

here's a copy of hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 10:10:57 PM, on 9/1/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WMCONNECT\WWM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\YAHOO!\MESSENGER\ypager.exe" -quiet
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://download.winf...nnerInstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab

and pandascan

ncident Status Location

Adware:Adware/SaveNow No disinfected C:\PROGRAM FILES\SAVE\SAVE.EXE
Spyware:spyware/smitfraud No disinfected C:\WINDOWS\SYSTEM\OLEEXT.DLL
Virus:W32/Smitfraud.E Disinfected Operating system
Spyware:spyware/smitfraud No disinfected C:\WINDOWS\SYSTEM\oleext.dll
Adware:adware/savenow No disinfected C:\PROGRAM FILES\VVSN
Adware:adware/whenusearch No disinfected C:\WINDOWS\START MENU\PROGRAMS\WhenU
Adware:adware/mediatickets No disinfected Windows Registry
Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\USER AGENT
Adware:adware/psguard No disinfected Windows Registry
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS7.CAB[A0000481.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS7.CAB[A0000486.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS7.CAB[A0000558.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS29.CAB[W0002906.CPY]
Adware:Adware/PurityScan No disinfected C:\_RESTORE\ARCHIVE\FS20.CAB[A0001803.CPY]
Adware:Adware/PurityScan No disinfected C:\_RESTORE\ARCHIVE\FS20.CAB[A0001806.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS20.CAB[A0001813.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS20.CAB[A0001818.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS20.CAB[A0001880.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS20.CAB[A0001884.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS20.CAB[A0001895.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS21.CAB[A0001960.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS21.CAB[A0001964.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS21.CAB[A0001967.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS22.CAB[A0002055.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS22.CAB[A0002060.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS22.CAB[A0002072.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS23.CAB[A0002133.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS23.CAB[A0002137.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS23.CAB[A0002140.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS23.CAB[A0002203.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS23.CAB[A0002207.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS23.CAB[A0002218.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS24.CAB[A0002274.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS24.CAB[A0002278.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS24.CAB[A0002281.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS25.CAB[A0002381.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS25.CAB[A0002386.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS25.CAB[A0002389.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS26.CAB[A0002476.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS26.CAB[A0002480.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS26.CAB[A0002484.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS26.CAB[A0002547.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS26.CAB[A0002551.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS26.CAB[A0002554.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS27.CAB[A0002654.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS27.CAB[A0002658.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS27.CAB[A0002661.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS35.CAB[W0003427.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS32.CAB[A0003018.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS32.CAB[A0003021.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS33.CAB[A0003084.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS33.CAB[A0003089.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS33.CAB[A0003092.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS33.CAB[A0003178.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS33.CAB[A0003183.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS34.CAB[A0003200.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS48.CAB[W0004658.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS41.CAB[A0003591.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS41.CAB[A0003597.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS49.CAB[A0004563.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS49.CAB[A0004569.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS40.CAB[W0003658.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS42.CAB[A0003631.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS42.CAB[A0003635.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS42.CAB[A0003638.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS42.CAB[A0003703.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS42.CAB[A0003707.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS42.CAB[A0003710.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS4.CAB[W0000277.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000020.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000025.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000028.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000032.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000035.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000038.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000042.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000067.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000069.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000073.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000076.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000079.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000083.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000086.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS2.CAB[A0000147.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS2.CAB[A0000151.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS2.CAB[A0000154.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS3.CAB[A0000250.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS3.CAB[A0000254.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS3.CAB[A0000257.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS28.CAB[A0002709.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS28.CAB[A0002713.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS28.CAB[A0002716.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS28.CAB[A0002747.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS28.CAB[A0002751.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS28.CAB[A0002754.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS44.CAB[A0003868.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS44.CAB[A0003872.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS44.CAB[A0003875.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS45.CAB[A0004012.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS45.CAB[A0004016.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS45.CAB[A0004020.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS46.CAB[A0004085.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS46.CAB[A0004089.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS46.CAB[A0004092.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS55.CAB[W0005658.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS38.CAB[A0003352.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS38.CAB[A0003357.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS47.CAB[A0004165.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS47.CAB[A0004169.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS51.CAB[A0004779.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS51.CAB[A0004783.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS51.CAB[A0004786.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS51.CAB[A0004849.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS51.CAB[A0004853.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS51.CAB[A0004856.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS52.CAB[A0004932.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS52.CAB[A0004936.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS52.CAB[A0004939.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS53.CAB[A0005004.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS53.CAB[A0005008.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS53.CAB[A0005012.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS53.CAB[A0005055.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS53.CAB[A0005059.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS53.CAB[A0005062.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS53.CAB[A0005065.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS53.CAB[A0005069.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS53.CAB[A0005072.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS53.CAB[A0005075.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS53.CAB[A0005079.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS53.CAB[A0005082.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS54.CAB[A0005085.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS54.CAB[A0005089.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS54.CAB[A0005092.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS54.CAB[A0005118.CPY]
Virus:W32/Smitfraud.B No disinfected C:\_RESTORE\ARCHIVE\FS54.CAB[A0005122.CPY]
Spyware:Spyware/Smitfraud No disinfected C:\_RESTORE\ARCHIVE\FS54.CAB[A0005125.CPY]
Virus:W32/Smitfraud.E Disinfected C:\WINDOWS\SYSTEM\WININET.DLL
Adware:Adware/SaveNow No disinfected C:\WINDOWS\TEMP\pavB251.TMP
Adware:Adware/ClockSync No disinfected C:\WINDOWS\TEMP\VVSNInst.exe
Adware:Adware/SaveNow No disinfected C:\Program Files\Save\Save.exe
Adware:Adware/SaveNow No disinfected C:\Program Files\Save\SaveUninst.exe
  • 0

#28
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

The smitfraud files are in your system restore, that is easy to fix. We will deal with the rest after.

Lets clear your restore points.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405

Then run pandascan again and post the new pandascan log for me, :tazz: .
  • 0

#29
Alecto

Alecto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok I have windows me, and don't see a System Restore tab when I right click on my computer, and click properties. I get the tabs general, device manger,hardware profiles, and performance
  • 0

#30
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Doh!

I noticed that you had ME right after I posed the instructions and I guess I didnt edit it. Sorry about that, I thought I reposted the correct instructions :tazz:

To Clear Restore points, please do the following:
  • Go to Start > Settings > Control Panel.
  • Double-click the System icon.
    • NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.
  • Click the Performance tab, and then click File System.
  • Click the Troubleshooting tab, and then put a check by Disable System Restore.
  • Click OK. Click Yes when you are prompted to restart Windows.
After reboot, you must turn System Restore back on:
  • Go to Start > Settings > Control Panel.
  • Double-click the System icon.
  • Click the Performance tab, and then click File System.
  • Click the Troubleshooting tab, and then UNcheck Disable System Restore.
  • Click OK. Click Yes when you are prompted to restart Windows.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP