PDA

View Full Version : Spyware Quake troubles


Jante
2006-03-30, 13:29
Hello!

I have had problems with spyware quake i have used a removal instruction that i found on the forum but I´m not sure if it´s gone can someone please check my logs and see if something´s wrong

________________________________________________________________
smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]

Running from
C:\Documents and Settings\Dan Eliasson\Skrivbord\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

1024 dir
ncompat.tlb
hp***.tmp


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 844 'explorer.exe'
Killing PID 844 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :)

________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 11:28:16, on 2006-03-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccProxy.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\ewido anti-malware\ewidoctrl.exe
C:\Program\ewido anti-malware\ewidoguard.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
C:\Program\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program\Creative\ShareDLL\CtNotify.exe
C:\Program\Winamp\winampa.exe
C:\Program\Creative\ShareDLL\Mediadet.exe
C:\Program\Creative\NOMAD Jukebox 3\PlayCenter2\CTNMRUN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program\D-Tools\daemon.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program\Java\jre1.5.0_01\bin\jusched.exe
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\MICROS~2\Office10\OUTLOOK.EXE
C:\Program\Microsoft Office\Office10\WINWORD.EXE
C:\Program\Messenger\msmsgs.exe
C:\Program\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.52/668/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: (no name) - {0095FC75-F32A-EC6E-DCC6-AC0A82B3B83F} - C:\WINDOWS\Ssptgars.dll (file missing)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: (no name) - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - (no file)
O3 - Toolbar: Search - {0CCD5D2A-B543-2A6E-26F3-94737CF03D50} - C:\WINDOWS\Ssptgars.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NOMAD Detector] "C:\Program\Creative\NOMAD Jukebox 3\PlayCenter2\CTNMRUN.EXE"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [k0DGgjC.exe] C:\documents and settings\dan eliasson\lokala inställningar\temp\k0DGgjC.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program\Creative\NOMAD Jukebox 3\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [Steam] "c:\program\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WordFinder Easy Reader.lnk = C:\Program\Wfwin\WFReader.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - its:mhtml:file://C:.mht!http://69.50.191.52/668/b.chm::/b.exe
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program\ewido anti-malware\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
CalamityJane
2006-03-30, 23:31
Hello Jante :)

You did well. Did you happen to save the Ewido log and can you post that too. Panda Scan log, also?

Close all browsers and any open windows, having only HijackThis open.

Do a *scan only* with Hijackthis and checkmark the following entires, then press the *fix checked* button

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app...DQ6NTo5&Terms=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.52/668/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.isearch.com/index.php?app...DQ6NTo5&Terms=

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

O3 - Toolbar: (no name) - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - (no file)

O3 - Toolbar: Search - {0CCD5D2A-B543-2A6E-26F3-94737CF03D50} - C:\WINDOWS\Ssptgars.dll (file missing)

O4 - HKLM\..\Run: [k0DGgjC.exe] C:\documents and settings\dan eliasson\lokala inställningar\temp\k0DGgjC.exe

O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O16 - DPF: {11111111-1111-1111-1111-111111111123} - its:mhtml:file://C:.mht!http://69.50.191.52/668/b.chm::/b.exe

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab

O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab

Delete these two files:

C:\documents and settings\dan eliasson\lokala inställningar\temp\k0DGgjC.exe

C:\WINDOWS\System32\[b]toolbar.dll[b]

Reboot your PC

Scan again with HijackThis but do a Save log please. Post the new log back here for review
Jante
2006-03-31, 14:10
Hello!

I have i little problem with the Ewido log it seems it´s to big, to many characters, can I split it?
Here is the activescan log



Incident Status Location

Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt[]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt[82358024]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt[]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt[82358024]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt[]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dan Eliasson\Skrivbord\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dan Eliasson\Skrivbord\smitRem.exe[Process.exe]
Potentially unwanted tool:application/spywarequake Not disinfected C:\Documents and Settings\Dan Eliasson\Start-meny\SpywareQuake 2.0.lnk
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Adware:adware/bookedspace Not disinfected C:\WINDOWS\bsx32.ini
Adware:Adware/ISearch Not disinfected C:\WINDOWS\Downloaded Program Files\initial.inf
Adware:adware/savenow Not disinfected C:\WINDOWS\system32\ap2nqrd4.dat
Adware:adware/sahagent Not disinfected C:\WINDOWS\system32\bqrufs5f.dat
Adware:Adware/Beginto Not disinfected C:\WINDOWS\system32\desktrf-bundles-hightrafficmedia2.exe
Adware:adware/keenvalue Not disinfected C:\WINDOWS\system32\drivers\etc\hosts.bho
Adware:adware/favoriteman Not disinfected C:\WINDOWS\system32\im64.dll
Spyware:spyware/safesurf Not disinfected C:\WINDOWS\system32\InstallerV3.exe
Adware:adware/ilookup Not disinfected C:\WINDOWS\system32\mac02.ico
Adware:Adware/Megasearch Not disinfected C:\WINDOWS\system32\MegasearchBarSetup.dll
Adware:Adware/TopRebates Not disinfected C:\WINDOWS\system32\rebate.exe
Adware:Adware/TopRebates Not disinfected C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe
Jante
2006-03-31, 14:13
Hi!

This is half of the ewido log, will post the rest also


ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 09:50:57, 2006-03-30
+ Report-Checksum: EF3B8DA1

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} -> Adware.iLookup : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.amo -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.amo\CLSID -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.amo\CurVer -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.amo.1 -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.iiittt -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.iiittt\CLSID -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.iiittt\CurVer -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.iiittt.1 -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.momo -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.momo\CLSID -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.momo\CurVer -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.momo.1 -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.ohb -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.ohb\CLSID -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.ohb\CurVer -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.ohb.1 -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Relevancy -> Adware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\WildMedia -> Adware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\WildMedia\LicenseStores -> Adware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Windows ServeAd -> Adware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_dsktptr -> Adware.DesktopTraffic : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_dsktptr\eeennn -> Adware.DesktopTraffic : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_dsktptr\kkws -> Adware.DesktopTraffic : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_dsktptr\ppops -> Adware.DesktopTraffic : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_dsktptr\ssites -> Adware.DesktopTraffic : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_hsrb -> Adware.HotBar : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_hsrb\kkws -> Adware.HotBar : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_hsrb\ppops -> Adware.HotBar : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_hsrb\ssites -> Adware.HotBar : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_rtneg2 -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_rtneg2\eeennn -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_rtneg2\kkws -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_rtneg2\ppops -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_rtneg2\reel -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_rtneg2\ssites -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_trgen -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_trgen\eeennn -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_trgen\kkws -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_trgen\ppops -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_trgen\reel -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-776561741-879983540-1801674531-1003\Software\_trgen\ssites -> Adware.Begin2Search : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
Jante
2006-03-31, 14:15
Hi again!

I hope this will work and I hope it´s not to much trouble for you thank you for viewing my logs

:mozilla.110:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\08wibput.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Dan Eliasson\Application Data\Mozilla\Firefox\Profiles\yyft6xvu.Dan Eliasson\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
C:\Program\SearchRelevancy -> Adware.Relevance : Cleaned with backup
C:\Program\SearchRelevancy\SearchRelevancy.xml -> Adware.Relevance : Cleaned with backup
C:\Program\SearchRelevancy\uninstall.exe -> Adware.Relevance : Cleaned with backup
C:\Program Files\Admilli Service\AdmilliKeep.exe -> Adware.WinAD : Cleaned with backup
C:\WINDOWS\bsx32 -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADTMI1.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADVC5.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADVCTX2.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIB9894.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIC29667.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASID12180.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIE17070.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIF29819.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIF4502.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIFA15376.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIFWH29233.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIG21943.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIGT10102.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIH21180.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIH7853.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASII21469.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIL18549.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASILS29399.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIM9740.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIOG19375.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIOT25456.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIPF1965.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIR21184.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIRE20082.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIS24110.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIS31590.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIT17011.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIT26116.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIW11211.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIWS3.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\AUTOS2.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\BID1.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\BingoRoom1.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\CARD2.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\CARS3.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\DATE4.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\EECH1.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\EML1.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\FAST1.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\FINC3.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\FINC5.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\FLWR1.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\FMND1.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\HERBS1.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\INK1.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\JOBS4.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\MORT5.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\MOVS2.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\NEWS2.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SHOP2.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SPEC1.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SPZ3.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TECH2.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TRVL6.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TVEN2.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TVM9.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TVMX.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\UTONE2.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\VENUE1.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\WWW3.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\XTFL2.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\system32\70tovmto.ini -> Adware.Sahat : Cleaned with backup
C:\WINDOWS\system32\7k40_static_keycode_minime_7k40_pk2_int__2004_8_3__14_8_16_minime_morphed.exe -> Downloader.Swizzor.cg : Cleaned with backup
C:\WINDOWS\system32\cache32_rtneg2 -> Adware.Begin2Search : Cleaned with backup
C:\WINDOWS\system32\cache32_rtneg2\100dsktptr.bin -> Adware.Begin2Search : Cleaned with backup
C:\WINDOWS\system32\cache32_rtneg2\msg.bin -> Adware.Begin2Search : Cleaned with backup
C:\WINDOWS\system32\in10b6s.dll -> Dropper.Small.abe : Cleaned with backup


::Report End
CalamityJane
2006-03-31, 17:00
Wow, you had a lot more than SpywareQuake too.

SpywareQuake is new and there is an additional tool we need to use to clean up the rest of that one.

SpywareQuake/SpywareFalcon

* Download this tool called roguescanfix and save it to your desktop:
* http://www.martijnc.be/tools/roguescanfix.exe
* Double click roguescanfix.exe to install it.
* This will add a folder called roguescanfix to your desktop
* Double-click on the roguescanfix folder and then double-click on Run.bat. Please note that when the Run.bat starts it will download a program from the Internet that it needs to use during the cleanup. If your firewall gives an alert about this, please allow the download.exe or run.bat program to access the Internet.
* When you start the Run.bat program your desktop will disappear which is normal so you do not need to be concerned. It will then start the SpywareQuake uninstallation program. When that program starts, click on the Uninstall button. When it has finished uninstalling, you can then press the OK button to finish the uninstalling of SpywareQuake.
* When this program is finished, and it was able to delete all the files, you will see a small prompt that says Completed script execution. Simply press the OK button. It will then open the Brute Force Uninstaller program. You can simply press the Exit button.
* If there were more files that needed to be deleted, the program will prompt you to reboot your computer. Press the Yes button and allow the computer to reboot.
tashi
2006-04-05, 19:29
Still here Jante?