PDA

View Full Version : I have spyware and popups


ugaunc24
2006-07-28, 17:33
I did everything on the list:

The logs are posted in the following order

1. HJT
2. Activescan

1. HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 9:12:05 AM, on 7/28/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\POWERPANEL\BAYSWAP\BAYSWAP.EXE
C:\PROGRAM FILES\BUFFALO\CLIENT MANAGER 2\BWSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\APOINT\APOINT.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\DSLAUNCH.EXE
C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKSERV.EXE
C:\PROGRAM FILES\SONY\JOG DIAL UTILITY\JOGSERV2.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\WTET\WUAUCLT.EXE
C:\PROGRAM FILES\CWRS\UKER.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\BATTERYSCOPE\BATMGR.EXE
C:\PROGRAM FILES\POWERPANEL\PROGRAM\PCFMGR.EXE
C:\PROGRAM FILES\BUFFALO\CLIENT MANAGER\CLIENTMG\ESSIDSET.EXE
C:\PROGRAM FILES\APOINT\APWHEEL.EXE
C:\PROGRAM FILES\BUFFALO\CLIENT MANAGER 2\CLIENTMGR2.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\WINWORD.EXE
C:\WINDOWS\DESKTOP\SPYBOT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aolsearch.aol.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mycampus.phoenix.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R3 - Default URLSearchHook is missing
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITIEADDIN.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] c:\windows\dslaunch.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [BaySwap] C:\Program Files\PowerPanel\BaySwap\BaySwap.exe
O4 - HKLM\..\RunServices: [BWSVC] C:\PROGRAM FILES\BUFFALO\CLIENT MANAGER 2\BWSVC.EXE
O4 - HKCU\..\Run: [Ecru] "C:\WINDOWS\wtet\wuauclt.exe" -vt yazr
O4 - HKCU\..\Run: [Pmfcytd] C:\Program Files\Cwrs\uker.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: BatteryScope.lnk = C:\Program Files\BatteryScope\Batmgr.exe
O4 - Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Client Manager.lnk = C:\Program Files\BUFFALO\Client Manager\CLIENTMG\ESSIDSET.exe
O4 - Startup: ClientManager2.lnk = C:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://209.190.5.106/display/PopupSh.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net


________________

2. ACTIVE SCAN


Incident Status Location

Adware:adware/ncase Not disinfected C:\WINDOWS\SYSTEM\saievent.dll
Adware:adware/purityscan Not disinfected C:\WINDOWS\TEMP\!update.exe
Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\x2k7w4q7.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\x2k7w4q7.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\WINDOWS\Cookies\valued sony customer@bs.serving-sys[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\WINDOWS\Cookies\valued sony customer@serving-sys[2].txt
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\valued sony customer@2o7[2].txt
Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Cookies\valued sony customer@zedo[1].txt
Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Cookies\valued sony customer@c5.zedo[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\valued sony customer@www.burstbeacon[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\WINDOWS\Cookies\valued sony customer@bluestreak[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\Cookies\valued sony customer@server.iad.liveperson[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\WINDOWS\Cookies\valued sony customer@apmebf[2].txt
Spyware:Cookie/QkSrv Not disinfected C:\WINDOWS\Cookies\valued sony customer@qksrv[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\valued sony customer@burstnet[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\Cookies\valued sony customer@tribalfusion[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\Cookies\valued sony customer@questionmarket[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\WINDOWS\Cookies\valued sony customer@ads.pointroll[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\WINDOWS\Cookies\valued sony customer@centrport[2].txt
Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Cookies\valued sony customer@zedo[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\WINDOWS\Cookies\valued sony customer@bluestreak[1].txt
Spyware:Cookie/WUpd Not disinfected C:\WINDOWS\Cookies\valued sony customer@revenue[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\Cookies\valued sony customer@tribalfusion[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\Cookies\valued sony customer@questionmarket[2].txt
Adware:Adware/PurityScan Not disinfected C:\Program Files\Cowabanga\Cowabanga.exe
Adware:Adware/MediaTickets Not disinfected C:\Program Files\Cowabanga\uninstaller.exe
Adware:Adware/PurityScan Not disinfected C:\wsetup.exe
shelf life
2006-07-29, 02:46
hi ugaunc24,

still need help?
do this:

make sure all files are set to show:
Open My Computer.
Select the View menu and click Folder Options.
Select the View Tab.
In the Hidden files section select Show all files.
Click OK
-----------------------------------
might want to copy/paste the rest of this into notepad and save it somewhere so you can read it in safe mode.

next boot computer into safe mode. you reach safe mode by tapping the f8 key during a computer reboot. once in safe mode do this:

remove Cowabanga via the add/remove programs panel if present

see if you can manually find and delete:saievent.dll located here>C:\WINDOWS\SYSTEM

next do this:
Empty your Temp folders. Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

next:

start>settings>Control Panel> click the Internet options icon

Next:

Click on Delete Cookies.

Click on Delete Files, Make sure Delete all offline content is checked and then click on OK


Then click on Settings, then click on View Files if there is any thing in there, delete what you can
(edit>select all--- then file>delete)
-----------------------------------------------
download, install, update and run a squared:
http://www.emsisoft.com/en/software/free/

shelf life
tashi
2006-08-02, 21:56
How is it going ugaunc24
tashi
2006-08-07, 09:38
This topic is closed due to lack of a response.
If you need it re-opened please send me a pm and provide a link to the thread.

Applies only to the original topic starter.