Jump to content

Recommended Posts

SmitFraudFix v2.119

 

Scan done at 11:43:37.92, 11/04/2006

Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

Link to post
Share on other sites
  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

Hi rgsmile!

 

SpySweeper, WinPatrol and Windows Defender are all monitoring programs. So what is likely happening here is when one of those programs tries to make a change, i.e. remove Virusbursters, another one brings it back and we're back to square one. Generally it is not a good idea to have more than one monitoring program as they can cause confusion such as in this case.

 

You should select one program to be your main monitoring program and DISABLE the others as instructed previosly in this thread. Please do this and let me know if your still getting alerts.

Link to post
Share on other sites

Hi rgsmile!

 

SpySweeper, WinPatrol and Windows Defender are all monitoring programs. So what is likely happening here is when one of those programs tries to make a change, i.e. remove Virusbursters, another one brings it back and we're back to square one. Generally it is not a good idea to have more than one monitoring program as they can cause confusion such as in this case.

 

You should select one program to be your main monitoring program and DISABLE the others as instructed previosly in this thread. Please do this and let me know if your still getting alerts.

 

I shutdown Windows Defender, but I don't think that is my only problem. I NEVER HAD A BIT OF TROUBLE UNTIL VIRUSBURSTERS SHOWED UP.

 

CAN'T WE PLEASE GET THAT sucker out of the registry????????????????

 

Spywareguard starts it out with the home, search and default setting alert. As soon as I click to allow, or change, than Spysweeper and WinPatrol get into the act with their alerts.

 

Winpatrol is the first notifier of Virusbursters wanting to start. I DO NOT ALLOW IT. Then I go into Spysweeper and sure enough, the box has been rechecked for Virusbursters to STartUP.

 

Unless I get Virusbursters out of my registry, I'm going to keep getting the alert from WinPatrol and it will still be in Spysweeper.

 

I could disable Spysweepers IE Shields, but wouldn't that defeat the purpose????

 

This is so frustrating ! !

Link to post
Share on other sites

Added info: I removed Spysweeper from starting and only got one alert from Spywareguard that my search page had changed from wwwgoogle.com/ie to wwwgoogle .com. I chose to allow. I clicked my google shortcut on the desktop and got to google search OK. I feel I might have screwed up the shiels section in spysweeper, with all the alerts and clicks to OK, or dis-allow.

 

No notice of virusbursters from WinPatrol as it was not in the WP start-up, because it is embedded in Spysweeper, and Spysweeper was not allowed to start.

 

I really appreciate your help and hope we can resolve this, without me having to be without Spysweeper. Althought the way Spysweeper is acting, my PC runs quicker, getting on-line, without it. That started with the virusbursters showing up.

Edited by rgsmile
Link to post
Share on other sites

So we've narrowed it down to SpySweeper.

 

What I suggest you do is run a scan with SpySweeper in Safe Mode.

 

Let me know if that helps.

 

I ran the SS in Safe Mode. I inserted the first part of the file here, but I have a bigger problem, now, with SpySweeper. When I clicked the link in your e-mail, my taskbar sted something about "getting on-lin", but nothing else happened and then it must have timed out, because than I was able to click the "Pit" link, but again, nothing happened. So, I shut down Spysweeper and was than able to get on-line. I had a similar problem, yesterday, but at least it got me on-line, even though it was very slow. Even yesterday, my connection to on-line would be much faster with Spysweeper shut down. I updated SS this AM and was alerted to a newer updated-version of SS and so I did the install. But it did not help. And virusbusters is still in the startup areas of both SS and WinPatrol.

 

Oh my, this is getting sickening. I sincerely appreciate your help and hope we can resolve this very soon.

 

8:16 AM: Removal process completed. Elapsed time 00:00:10

8:16 AM: Quarantining All Traces: bravesentry fakealert

8:16 AM: Quarantining All Traces: koowo lyrics software

8:16 AM: Removal process initiated

8:12 AM: Traces Found: 16

8:12 AM: Custom Sweep has completed. Elapsed time 00:06:42

8:12 AM: File Sweep Complete, Elapsed Time: 00:02:53

8:09 AM: Starting File Sweep

8:09 AM: Warning: ExplorerProtocolHandlers: invalidFile [rdpclip]

8:09 AM: Warning: Error Enumerating Tasklist

8:08 AM: Warning: CheckForServicesLists(): File Access Error[C:\WINDOWS\system32\svchost ]

8:08 AM: Warning: CheckForServicesLists(): File Access Error[C:\WINDOWS\system32\svchost ]

8:08 AM: Warning: CheckForServicesLists(): File Access Error[C:\WINDOWS\system32\svchost ]

8:08 AM: Warning: ShellExtensions: invalidFile [deskpan.dll]

8:08 AM: Warning: ExplorerProtocolHandlers: invalidFile [About:Home]

8:07 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00

8:07 AM: Starting Cookie Sweep

8:07 AM: Registry Sweep Complete, Elapsed Time:00:00:37

8:07 AM: HKU\S-1-5-21-2101663454-3504621830-3078355661-1003\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}\ (ID = 1706707)

8:07 AM: Found Adware: bravesentry fakealert

8:07 AM: HKLM\software\classes\clsid\{e21be468-5c18-43eb-b0cc-db93a847d769}\ (ID = 1637841)

8:07 AM: HKLM\software\classes\clsid\{941a4793-a705-4312-8dfc-c11ca05f397e}\ (ID = 1637826)

8:07 AM: HKLM\software\classes\clsid\{765035b3-5944-4a94-806b-20ee3415f26f}\ (ID = 1637816)

8:07 AM: HKLM\software\classes\clsid\{238d0f23-5dc9-45a6-9be2-666160c324dd}\ (ID = 1637806)

8:07 AM: HKLM\software\classes\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{e21be468-5c18-43eb-b0cc-db93a847d769}\ (ID = 1637802)

8:07 AM: HKLM\software\classes\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{941a4793-a705-4312-8dfc-c11ca05f397e}\ (ID = 1637790)

8:07 AM: HKLM\software\classes\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{765035b3-5944-4a94-806b-20ee3415f26f}\ (ID = 1637782)

8:07 AM: HKLM\software\classes\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{238d0f23-5dc9-45a6-9be2-666160c324dd}\ (ID = 1637774)

8:07 AM: HKCR\clsid\{e21be468-5c18-43eb-b0cc-db93a847d769}\ (ID = 1637719)

8:07 AM: HKCR\clsid\{941a4793-a705-4312-8dfc-c11ca05f397e}\ (ID = 1637704)

8:07 AM: HKCR\clsid\{765035b3-5944-4a94-806b-20ee3415f26f}\ (ID = 1637694)

8:07 AM: HKCR\clsid\{238d0f23-5dc9-45a6-9be2-666160c324dd}\ (ID = 1637684)

8:07 AM: HKCR\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{e21be468-5c18-43eb-b0cc-db93a847d769}\ (ID = 1637680)

8:07 AM: HKCR\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{941a4793-a705-4312-8dfc-c11ca05f397e}\ (ID = 1637668)

8:07 AM: HKCR\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{238d0f23-5dc9-45a6-9be2-666160c324dd}\ (ID = 1637652)

8:07 AM: Found Adware: koowo lyrics software

8:07 AM: Starting Registry Sweep

8:07 AM: Memory Sweep Complete, Elapsed Time: 00:01:24

8:05 AM: Starting Memory Sweep

8:05 AM: Warning: Files are not scanned for viruses because AV engine failed to load.

8:05 AM: Sweep initiated using definitions version 790

8:05 AM: Spy Sweeper 5.2.3.2125 started

8:05 AM: | Start of Session, Sunday, November 05, 2006 |

********

8:05 AM: | End of Session, Sunday, November 05, 2006 |

8:05 AM: Program Version 5.2.3.2125 Using Spyware Definitions 790

8:05 AM: Warning: Virus definitions files are invalid, please update your virus definitions. 220

7:54 AM: Warning: TCSIDLs.Refresh: could not map user [s-1-5-21-2101663454-3504621830-3078355661-500]

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: TCSIDLs.Refresh: could not map user [s-1-5-21-2101663454-3504621830-3078355661-500]

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: TCSIDLs.Refresh: could not map user [s-1-5-21-2101663454-3504621830-3078355661-500]

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: TCSIDLs.Refresh: could not map user [s-1-5-21-2101663454-3504621830-3078355661-500]

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: TCSIDLs.Refresh: could not map user [s-1-5-21-2101663454-3504621830-3078355661-500]

7:54 AM: Warning: A call to an OS function failed

7:54 AM: Warning: A call to an OS function failed

Link to post
Share on other sites

Lets try a reg fix:

 

Open Notepad!

Copy and Paste everything from the Quote box into Notepad:

 

REGEDIT4

 

[HKEY_USERS\S-1-5-21-2101663454-3504621830-3078355661-1003\Software\BillP Studios\Detected\Startup]

"C:\\Program Files\\VirusBursters\\virusbursters.exe /h"=-

"C:\\PROGRAM FILES\\VIRUSBURSTERS\\VIRUSBURSTERS.EXE"=-

 

 

Go to File > Save As

Save File name as Fix.reg

Change Save as Type to All Files and save the file to your desktop.

 

Close Notepad, and double-click Fix.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK

 

Reboot your computer!

 

Let me know if that helps.

Link to post
Share on other sites

Hi. I did as you asked. I would presume it took it out of WinPatrol, but since I had bypassed the last aLERT ABOUT IT (FROMwINpATROL), and clicked to remove it from WP starup, I can't reaLLY TELL.

 

Opps, excuse the caps lock error.

 

Virusbursters is still in Spysweeper, but ever since I removed it from WinPatrol, the box for virusbursters remains unchecked.

 

But, when I tried to get on-line from my e-mail messages, while the address shows just above the taskbar, it times out and won't allow me to get on-line until I shutdown Spysweeper, and then all is OK.

 

I just upgraded Spysweeper this AM, when I clicked to update the program and noticed an upgrade available. It hadn't auto-updated, as I had it shutdown.

 

Spysweeper had worked just fine, along with WinPatrol, Spywareguard, AVG, Zone Alarm and Spywareblaster, until this virusburster showed up.

 

Any advice?

Link to post
Share on other sites

Could my settings in Spysweeper IE Shields be causing this?

 

IE Home Page Shieldhttp://www.comcast.net

 

IE Search Page Shield: http://www.google.com

 

Advanced Settings.

 

User Search Bar(selectedInDropdown) http://www.google.com/ie

 

System Default Page(selectedInDropdown) http://www:comcast.net

 

Do you thjink these are set correctly, and/or could be part of my not being able to get on-line, when Spysweeper is running?

Edited by rgsmile
Link to post
Share on other sites

I'm a bit lost here.

 

Virusbursters is still in Spysweeper, but ever since I removed it from WinPatrol, the box for virusbursters remains unchecked.

Could you explain what I bolded in the quote please?

 

Could my settings in Spysweeper IE Shields be causing this?

 

IE Home Page Shieldhttp://www.comcast.net

 

IE Search Page Shield: http://www.google.com

 

Advanced Settings.

 

User Search Bar(selectedInDropdown) http://www.google.com/ie

 

System Default Page(selectedInDropdown) http://www:comcast.net

 

Do you thjink these are set correctly, and/or could be part of my not being able to get on-line, when Spysweeper is running?

The bolded two above:

 

I'm not sure if I've seen a google address with "ie" at the end. You might want to remove that unless you know what it is.

 

And the comcast has a ":" (semi colon) in the name. Therefore, the address is not right, so not sure if that would cause a problem.

 

You should correct these and see if they make a difference.

Link to post
Share on other sites

I'm a bit lost here.

Could you explain what I bolded in the quote please?

The bolded two above:

 

I'm not sure if I've seen a google address with "ie" at the end. You might want to remove that unless you know what it is.

 

And the comcast has a ":" (semi colon) in the name. Therefore, the address is not right, so not sure if that would cause a problem.

 

You should correct these and see if they make a difference.

 

In the bolded ares (1 and 2). Spysweeper has a tab for "start up" and in here are all the start-up apps. To the right of each entry is a box. All startup items would have a check in the box to show they are startup items. Early yesterday, I unchecked the box for the virusbursters hoping this would help. Each reboot would re-enter the check mark in the box and I would have to remove it again. But, after I used the WinPatrol startup list and saw virusbursaters listed there, I clicked to remove it.

 

Now, the box in Spysweeper remains unchecked. But the entry is still there.

 

The other deal with the comcast and google I think are just typing errors, but I will check to make sure.

 

Spysweeper continues to not let me get on-line, when I clicked your e-mail to get here. I had to shutdown Spysweeper and then was able to click your link and get here to post.

Link to post
Share on other sites

When I made the change with the ie and semi-colon, Spywareguard kept insisting to keep the ie, so after 10-12 alerts, I allowed the ie, and then Spywareguard stopped alerting me, so I accepted that.

 

User Search Bar(selectedInDropdown) http://www.google.com/ie

 

But, I still had to shutdown Spysweeper to get on-line to post.

Link to post
Share on other sites

Hi rgsmile,

 

I could not find anything that would be causing the SpySweeper problem. This sounds like a software problem. You could ask in the User to User help forum here at the pit.

 

I'll keep having a look around to see if I get anything.

Link to post
Share on other sites

Thanks for keeping on checking, because, so far, Webroot can't come up with a solution.

 

Here's more info for you, and I will post in the UserToUser:

 

I shutdown Spywareguard, Spywareblaster, Win Patrol, Autosizer, Google Toolbar Notifier and went into SpySweeper's Startup tab and also removed the check-marks for the above listed apps. Only Spysweeper, AVG and Zone Alarm and Microsoft stuff are running.

 

Then I rebooted.

 

Only Spysweeper, AVG and Zone Alarm are running.

 

I opened OE and clicked a link in an e-mail and could not get on-line. It timed out in about 2 minutes.

 

I shutdown Spysweeper and got online immediately.

 

So, Spysweeper is definitely the "PROBLEM" app. If I shutdown 2 of the 4 Shields (Startup Shield and the Web Browser Shield), I can get online immediately.

Link to post
Share on other sites

Hey! I still can't find something that would be causing the problem.

 

No one replied, probably because they don't whats causing the problem.

 

The only thing I can suggest is to Uninstall SpySweeper, reboot your computer and try installing it again.

Link to post
Share on other sites

Thanks Trogan 1000 for the advice. Jacee, came into the UserToUser with the same advice. Must be the "Great Minds Work Alike".

 

I just finished re-installing and updating, and although one attempt doesn't make it all OK, at least this time I was able to click your link in OE and be able to get on-line. A hair slow, but at least it worked.

 

The funny part is that I had asked Webroot if that might resolve things after the HJT was done cleaning out the virusbursters, but they didn't answer my question. Oh well.

 

Thanks again.

 

The members at the Pit are Great! !

Link to post
Share on other sites

Just to give you an update.

The work you did was not wasted, as it did remove virusbursters from the registry, along with some other garbage.

 

I re-installed SpySweeper and now the virusbursters is gone from their startup.

 

I had to close down the active x shield and the communication shield in Spysweeper, and it now seems to run OK.

 

Spysweeper is a neat program, but because it tries to do so much, it can cause conflicts with other programs (that is strictly my opinion).

 

I'm a little worried about installing IE7, as it appears to still have some "bugs".

 

Keep up the splendid work and have a great day! !

Link to post
Share on other sites

It should be safe to install IE7. I have it on my computer with no problems. I know other people have it, and have not heard of any problems.

 

Can I close this thread or is there anything else I can help with?

Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...