Results 1 to 4 of 4

Thread: I have spyware and popups

  1. 2006-07-28, 16:33 #1
    ugaunc24
    ugaunc24 is offline
    Junior Member
    Join Date
    Jul 2006
    Posts
    19

    Unhappy I have spyware and popups

    I did everything on the list:

    The logs are posted in the following order

    1. HJT
    2. Activescan

    1. HJT Log

    Logfile of HijackThis v1.99.1
    Scan saved at 9:12:05 AM, on 7/28/06
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\POWERPANEL\BAYSWAP\BAYSWAP.EXE
    C:\PROGRAM FILES\BUFFALO\CLIENT MANAGER 2\BWSVC.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\APOINT\APOINT.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\WINDOWS\DSLAUNCH.EXE
    C:\PROGRAM FILES\SONY\HOTKEY UTILITY\HKSERV.EXE
    C:\PROGRAM FILES\SONY\JOG DIAL UTILITY\JOGSERV2.EXE
    C:\WINDOWS\SYSTEM\PRPCUI.EXE
    C:\WINDOWS\SYSTEM\PELMICED.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\WTET\WUAUCLT.EXE
    C:\PROGRAM FILES\CWRS\UKER.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\PROGRAM FILES\BATTERYSCOPE\BATMGR.EXE
    C:\PROGRAM FILES\POWERPANEL\PROGRAM\PCFMGR.EXE
    C:\PROGRAM FILES\BUFFALO\CLIENT MANAGER\CLIENTMG\ESSIDSET.EXE
    C:\PROGRAM FILES\APOINT\APWHEEL.EXE
    C:\PROGRAM FILES\BUFFALO\CLIENT MANAGER 2\CLIENTMGR2.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\WINWORD.EXE
    C:\WINDOWS\DESKTOP\SPYBOT\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aolsearch.aol.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mycampus.phoenix.edu/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    R3 - Default URLSearchHook is missing
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITIEADDIN.DLL
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IrMon] IrMon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] c:\windows\dslaunch.exe
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
    O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [BaySwap] C:\Program Files\PowerPanel\BaySwap\BaySwap.exe
    O4 - HKLM\..\RunServices: [BWSVC] C:\PROGRAM FILES\BUFFALO\CLIENT MANAGER 2\BWSVC.EXE
    O4 - HKCU\..\Run: [Ecru] "C:\WINDOWS\wtet\wuauclt.exe" -vt yazr
    O4 - HKCU\..\Run: [Pmfcytd] C:\Program Files\Cwrs\uker.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: BatteryScope.lnk = C:\Program Files\BatteryScope\Batmgr.exe
    O4 - Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Startup: Client Manager.lnk = C:\Program Files\BUFFALO\Client Manager\CLIENTMG\ESSIDSET.exe
    O4 - Startup: ClientManager2.lnk = C:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
    O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://209.190.5.106/display/PopupSh.ocx
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net


    ________________

    2. ACTIVE SCAN


    Incident Status Location

    Adware:adware/ncase Not disinfected C:\WINDOWS\SYSTEM\saievent.dll
    Adware:adware/purityscan Not disinfected C:\WINDOWS\TEMP\!update.exe
    Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\x2k7w4q7.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\x2k7w4q7.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\WINDOWS\Cookies\valued sony customer@bs.serving-sys[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\WINDOWS\Cookies\valued sony customer@serving-sys[2].txt
    Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\valued sony customer@2o7[2].txt
    Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Cookies\valued sony customer@zedo[1].txt
    Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Cookies\valued sony customer@c5.zedo[1].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\valued sony customer@www.burstbeacon[1].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\WINDOWS\Cookies\valued sony customer@bluestreak[2].txt
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\WINDOWS\Cookies\valued sony customer@server.iad.liveperson[1].txt
    Spyware:Cookie/Apmebf Not disinfected C:\WINDOWS\Cookies\valued sony customer@apmebf[2].txt
    Spyware:Cookie/QkSrv Not disinfected C:\WINDOWS\Cookies\valued sony customer@qksrv[2].txt
    Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\valued sony customer@burstnet[1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\Cookies\valued sony customer@tribalfusion[1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\Cookies\valued sony customer@questionmarket[1].txt
    Spyware:Cookie/PointRoll Not disinfected C:\WINDOWS\Cookies\valued sony customer@ads.pointroll[2].txt
    Spyware:Cookie/CentrPort Not disinfected C:\WINDOWS\Cookies\valued sony customer@centrport[2].txt
    Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Cookies\valued sony customer@zedo[2].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\WINDOWS\Cookies\valued sony customer@bluestreak[1].txt
    Spyware:Cookie/WUpd Not disinfected C:\WINDOWS\Cookies\valued sony customer@revenue[1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\Cookies\valued sony customer@tribalfusion[2].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\Cookies\valued sony customer@questionmarket[2].txt
    Adware:Adware/PurityScan Not disinfected C:\Program Files\Cowabanga\Cowabanga.exe
    Adware:Adware/MediaTickets Not disinfected C:\Program Files\Cowabanga\uninstaller.exe
    Adware:Adware/PurityScan Not disinfected C:\wsetup.exe
  2. 2006-07-29, 01:46 #2
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi ugaunc24,

    still need help?
    do this:

    make sure all files are set to show:
    Open My Computer.
    Select the View menu and click Folder Options.
    Select the View Tab.
    In the Hidden files section select Show all files.
    Click OK
    -----------------------------------
    might want to copy/paste the rest of this into notepad and save it somewhere so you can read it in safe mode.

    next boot computer into safe mode. you reach safe mode by tapping the f8 key during a computer reboot. once in safe mode do this:

    remove Cowabanga via the add/remove programs panel if present

    see if you can manually find and delete:saievent.dll located here>C:\WINDOWS\SYSTEM

    next do this:
    Empty your Temp folders. Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:

    Temporary Files
    Temporary Internet Files
    Recycle Bin

    next:

    start>settings>Control Panel> click the Internet options icon

    Next:

    Click on Delete Cookies.

    Click on Delete Files, Make sure Delete all offline content is checked and then click on OK


    Then click on Settings, then click on View Files if there is any thing in there, delete what you can
    (edit>select all--- then file>delete)
    -----------------------------------------------
    download, install, update and run a squared:
    http://www.emsisoft.com/en/software/free/

    shelf life
    How Can I Reduce My Risk?
  3. 2006-08-02, 20:56 #3
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    How is it going ugaunc24
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
  4. 2006-08-07, 08:38 #4
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    This topic is closed due to lack of a response.
    If you need it re-opened please send me a pm and provide a link to the thread.

    Applies only to the original topic starter.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules