User Name Password Register
DaniWeb IT Discussion Community
Home
Forums
Tutorials
Blogs
Link Directory
All
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 425,973 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 1,712 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Join our community!
Please support our Viruses, Spyware and other Nasties advertiser: Programming Forums
Views: 2446 | Replies: 20
Reply
Page 2 of 3 < 1 2 3 >
Join Date: Nov 2005
Posts: 30
Reputation: tutonk is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 0
tutonk tutonk is offline Offline
Light Poster

Re: Spyware Removal Ads

  #11  
Mar 18th, 2008
Here is the HJT Uninstall List:

Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0 Standard
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
Advantys Configuration Software
AllyCAD 3.5 Freeware
ALPS Touch Pad Driver
Apple Software Update
Aveyond
Aveyond (remove only)
Big Fish Games Client
Broadcom Advanced Control Suite
Broadcom TPM Driver Installer
Concept V2.6 XL EN SR3
Conexant HDA D110 MDC V.92 Modem
ConneXview
Crown Print Monitor+
Dell Embassy Trust Suite by Wave Systems
Dell Wireless WLAN Card
Digital Line Detect
Direct Show Ogg Vorbis Filter (remove only)
DirectX Media Runtime 5.1
Document Manager Lite
eDrawings 2007
EMBASSY Security Center
EMBASSY Trust Suite by Wave Systems
ETS Launch Pad
Extra M.A.M.E. version 4.8
GP-Pro EX 1.9 TransferTool
GP-Pro EX 2.01 E Project Converter
GP-Pro EX 2.01 E TransferTool
GP-Pro EX 2.1 Project Converter
GP-Pro EX 2.1 TransferTool
GP-Pro EX MovieConverter
GP-PRO/PBIII C-Package03
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HP Color LaserJet CM1015/CM1017 MFP 1.0
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Software Update
HP Solution Center 7.0
ICONICS Software Licensing
Inspection Builder
Intel(R) Graphics Media Accelerator Driver
Internal Network Card Power Management
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 3
KONICA MINOLTA magicolor 2300 DL Printer Driver Software
LiveUpdate 2.6 (Symantec Corporation)
LT EditorV2.0
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
Macromedia FreeHand MXa
magicolor 2300 DL
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office 97, Professional Edition
Microsoft Office Basic Edition 2003
Microsoft Office Live Meeting 2005
Microsoft Visio Professional 2002 SR-1 [English]
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Media Video 9 VCM
Modem Helper
Modicon M340 design
MSDE
NetWaiting
NevoSoft MagicRings (remove only)
NTRU Hybrid TSS v2.0.7
OCR Software by I.R.I.S 7.0
Office Animation Runtime
Package Premium design
Pass-Through Configuration Tool
PCS 5.5
PowerDVD 5.7
PowerSuite
Preboot Manager
Premium design
Private Information Manager
Pro-Designer
Pro-Designer
Pro-Designer Runtime
Pro-Server EX Developer
Pro-Server EX Runtime
ProWORX 32
ProWORX NxT
Quick Designer Advanced v3.70
QuickSet
QuickTime
SA Drivers Manager
SA MODBUS Driver
SA PLC USB Driver
SA UNITELWAY WDM Driver
Schneider Electric\ATV68Soft
Secure Update
Security Wizards
SnagIt 8
Symantec AntiVirus
TwidoSoft
Ultra Ping Pro 2.1
UltraVNC v1.0.2
Unity Loader 1.0
Unity Pro XL V3.0-SP2
Update for Windows XP (KB898461)
URL Assistant
Venture
Wave Infrastructure Installer
Wave Support Software
WebEx
XBT-L1000 V4.48
Yahoo! Messenger
Zelio Soft 2 v2.0.7
ZelioSoft PC
ZelioSoft PPC



Here are the results of the Find.bat code.


Adobe
Alawar
Allen-Bradley
Apoint
Apple Software Update
Aveyond
BAE
BestOn
BFG
bfgclient
Broadcom
Citrix
Colasoft MAC Scanner 1.1
Common Files
ComPlus Applications
CONEXANT
CyberLink
Dell
Digital Line Detect
Google
Hewlett-Packard
HP
InstallShield Installation Information
Internet Explorer
iWin.com
iWin.com Games
Java
KONICA MINOLTA
Macromedia
Messenger
Microsoft ActiveSync
microsoft frontpage
Microsoft Office
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
MINOLTA-QMS
Modem Helper
Movie Maker
MSN
MSN Gaming Zone
NetMeeting
NetWaiting
NTRU Cryptosystems
OfficeUpdate11
Online Services
Outlook Express
PowerPanel
Pro-face
ProSoft Technology Inc
QuickTime
Real
Schneider
Schneider Electric
Seagate Software
SearchAssist
Sigmatel
Square D Company
Symantec
Symantec AntiVirus
TechSmith
TryMedia
UltraVNC
Uninstall Information
Viewpoint
Wave Systems Corp
Web Publish
Windows Media Player
Windows NT
WindowsUpdate
WMV9_VCM
xerox
Yahoo!
Zero G Registry
Reply With Quote  
Join Date: Feb 2004
Location: Oztralya
Posts: 7,812
Reputation: crunchie is a jewel in the rough crunchie is a jewel in the rough crunchie is a jewel in the rough 
Rep Power: 22
Solved Threads: 431
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Spyware Removal Ads

  #12  
Mar 18th, 2008
Uninstall the following;

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 3

Download the latest Java from Sun. http://www.java.com/en/download/index.jsp

==

Delete the following folder from Program Files folder;

TryMedia

==

Please download and install AVG antispyware tool
  • Close all other Applications Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait and AVG antispyware will open to the main screen automatically.
  • Wait again a few minutes and AVG antispyware Should Auto update itself. If it doesn't click update at top of screen.
  • It is very important that you get updated
  • When updating has finished. Close AVG antispyware.
If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE

    You MUST manage to get into Safe Mode for the fix to work.
Make sure to close all open windows/programs/folders. Have nothing else open while AVG antispyware performs its scan!
  • Run AVG antispyware.
  • Click on scanner at top of AVG antispyware screen.
  • Click on Settings.
  • Under How to Act click on Recommended Action and choose Quarantine.
  • Under How to scan all boxes should be selected.
  • Under Possibly unwanted software all boxes should be selected.
  • On right side under Reports: click on Do not automatically generate report after every scan.
  • Under What to scan select scan every file.
  • Click On scan Tab.
  • Click on Complete system scan.
  • Let the program scan the machine It can take awhile give it time.
  • When scan has finished at bottom of screen click Apply all Actions.
  • Click Save report
  • Click Save Report as (Save as window's screen should pop up.)
  • Click desktop.
  • Click Save.
  • Exit AVG antispyware.
Reboot back to normal mode.
Post the log here.
Last edited by crunchie : Mar 18th, 2008 at 7:12 am.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster

Please do not PM me for help. Instead, post in the public forum where others may benefit.
Reply With Quote  
Join Date: Nov 2005
Posts: 30
Reputation: tutonk is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 0
tutonk tutonk is offline Offline
Light Poster

Re: Spyware Removal Ads

  #13  
Mar 18th, 2008
Programs uninstalled, Folder Deleted. Scan completed. The log is copied below. I did not re-download and install the most recent Java yet, but will finish that at work tomorrow.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:28 2008-03-18

+ Scan result:



C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP418\A0058657.dll -> Adware.BHO : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP420\A0058827.exe -> Downloader.Agent.krh : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP421\A0058870.exe -> Downloader.Agent.krh : Cleaned.
C:\QooBox\Quarantine\C\Program Files\ICROSO~1.NET\wuaclt.exe.vir -> Downloader.PurityScan.fj : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@capitalone.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@electronicarts.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@firstpremierbankcard.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@k12.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wakyclcpigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wbkykgdjahq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wblooodpigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wck4shc5aho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wclokgajkhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wclokgdpigp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wcmiondzsgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wcmiuhdjeao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wcmyundjofp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfk4emd5clo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfk4wmczaep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfkichdjmfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfkiendzoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfkogmcpmhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfkosldpscq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfkyolcpihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfl4ahczwfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfl4elc5mkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfl4giczafp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wflospczoho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wflysicjmep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfmieoc5aap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfmiohdjmco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfmiwodpceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfmykocjmhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfmywpdzekq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wgkoeidzifo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wgkoopdpchq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wgkyeoczmlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wgmiajcpkep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6whligic5gap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6whligidzako.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjk4alcpokq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjk4eidzwfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjk4wgd5elp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjk4whczclo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjk4wlajafo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjk4wldpedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjkocmazihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjkogiazokp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjkoogajchq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjkykod5gdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjl4apdjmap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjl4ggazkfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjl4ojdjsbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjliaid5ceq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjloonc5mep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjlouodpwco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjlycpazahp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjlyumajolo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjmicmcpgdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjny-1jdzil.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjnyaoc5igo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjnycidpabp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjnyqjdjglp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjnyqoazoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjnyumajago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ehg-darksideprod.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ehg-kodak.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ehg-reddoorinteractive.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ehg-viacom.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@counter10.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Administrator.GRANTINDUSTRIAL\Cookies\administrator@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end
Reply With Quote  
Join Date: Feb 2004
Location: Oztralya
Posts: 7,812
Reputation: crunchie is a jewel in the rough crunchie is a jewel in the rough crunchie is a jewel in the rough 
Rep Power: 22
Solved Threads: 431
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Spyware Removal Ads

  #14  
Mar 19th, 2008
Let me know if Symantec alerts you still. It looks like AVG got rid of soe entries related to Purityscan.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster

Please do not PM me for help. Instead, post in the public forum where others may benefit.
Reply With Quote  
Join Date: Nov 2005
Posts: 30
Reputation: tutonk is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 0
tutonk tutonk is offline Offline
Light Poster

Re: Spyware Removal Ads

  #15  
Mar 20th, 2008
I'm not getting the Spyware Removal ads and Symantec did a full scan and found no threats. At this point, I see a couple of minor things that may or may not be related to the original infection.

1. The system clock is still running in 24-hour format.

2. The Symantec Anti-Virus software is still not starting up with the PC.

3. I've noticed that anytime a web page opens, there is a short delay (maybe up to 5-10 seconds), from where the page loads to the point where I can scroll around the page.

Anything that can be done about these?
Reply With Quote  
Join Date: Feb 2004
Location: Oztralya
Posts: 7,812
Reputation: crunchie is a jewel in the rough crunchie is a jewel in the rough crunchie is a jewel in the rough 
Rep Power: 22
Solved Threads: 431
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Spyware Removal Ads

  #16  
Mar 20th, 2008
Symantec will probably have to be reinstalled, but if your subscription is nearly finished, I would consider dumping it for Avast (free) or AVG (free) or if you want to purchase one the, NOD32 or Kaspersky.

==

Let's get rid of Combofix now that we are finished with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


  • When shown the disclaimer, Select "2"

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster

Please do not PM me for help. Instead, post in the public forum where others may benefit.
Reply With Quote  
Join Date: Nov 2005
Posts: 30
Reputation: tutonk is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 0
tutonk tutonk is offline Offline
Light Poster

Re: Spyware Removal Ads

  #17  
Mar 21st, 2008
I've tried running the Combofix /u several times. Each time it runs, and pops up a message the Combofix is uninstalled. I've had to re-download ComboFix at least 3 times. the system clock is still showing a 24-hour format, so the Combofix /u is not working. Anything else to try?
Reply With Quote  
Join Date: Nov 2005
Posts: 30
Reputation: tutonk is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 0
tutonk tutonk is offline Offline
Light Poster

Re: Spyware Removal Ads

  #18  
Mar 23rd, 2008
The computer has been running ok, not great, but it is pretty loaded down being a work lapto and all. This afternoon, the "Your Computer is Infected" stuff started again. My Symantec AV picked up a bunch of stuff on it's AutoProtect. I decided to run HJT again, since apparently the cleaning procedure didn't get everything.

The log is below, but first I've tried to copy the risks and associated files that Symantec found.

Risk: Downloader; Files: bskl428.exe, krab[1].exe, 1103[1].exe
Risk: Trojan.Pandex; Files: TOR_1_~.exe, tor[1].exe
Risk: Trojaneacomm; Files: ldig0031242[1].exe
Risk: Trojan.Srizbi; Files: bskl452.exe, igor[2].exe

Newest HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31, on 2008-03-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\winlast.exe
C:\WINDOWS\system32\wnslogan.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\system32\NA_Service.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\system32\UsbConnect.exe
C:\WINDOWS\system32\usbconsole.exe
C:\MSSQL7\binn\sqlagent.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\wind32.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\cjones\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ultra Ping] C:\Program Files\Ultra Ping\silent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exe
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchPS.lnk = C:\Program Files\Pro-face\Pro-Server EX\PSEXTool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Cake Mania 2\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1145374838981
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145374825749
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/c...ploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://w1.webex.com/client/T26L10NS...ex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grantindustrial.com
O17 - HKLM\Software\..\Telephony: DomainName = grantindustrial.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grantindustrial.com
O21 - SSODL: zip - {aa5e4c93-e73c-4f6b-a3a6-df65be2ec346} - C:\WINDOWS\Installer\{aa5e4c93-e73c-4f6b-a3a6-df65be2ec346}\zip.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ICONICS License Server (GenRegistrar) (GenRegistrar) - Unknown owner - C:\Program Files\ICONICS\GENESIS-32\Bin\GenRegistrarServer.exe (file missing)
O23 - Service: Google Online Search Service - 2nd - Unknown owner - C:\WINDOWS\system32\winlast.exe
O23 - Service: Googles Onlines Search Services - Unknown owner - C:\WINDOWS\system32\wnslogan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pro-Server EX - Digital Electronics Corporation - C:\Program Files\Pro-face\Pro-Server EX\ProServr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\system32\UsbConnect.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10483 bytes
Reply With Quote  
Join Date: Feb 2004
Location: Oztralya
Posts: 7,812
Reputation: crunchie is a jewel in the rough crunchie is a jewel in the rough crunchie is a jewel in the rough 
Rep Power: 22
Solved Threads: 431
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Spyware Removal Ads

  #19  
Mar 24th, 2008
Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the
    Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract
    All    ,
  • Open the extracted folder and double click RunThis.bat to
    start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the
    registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool
    will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and
    display Finished, then press any key to end the script and load
    your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the
    contents of the results file Report.txt back onto the forum with
    a new HijackThis log
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster

Please do not PM me for help. Instead, post in the public forum where others may benefit.
Reply With Quote  
Join Date: Nov 2005
Posts: 30
Reputation: tutonk is an unknown quantity at this point 
Rep Power: 3
Solved Threads: 0
tutonk tutonk is offline Offline
Light Poster

Re: Spyware Removal Ads

  #20  
Mar 24th, 2008
No Symantec warnings for a while after running SDFix. However, the system clock is still in 24 hour format.

SDFix Log:

SDFix: Version 1.160

Run by cjones on 2008-03-24 at 20:48

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\cjones\Desktop\SDFix\SDFix

Checking Services :

Name:
Google Online Search Service - 2nd
Googles Online Search Services
yeyqase

Path:
C:\WINDOWS\system32\winlast.exe -A
C:\WINDOWS\system32\wnslogan.exe -A
\??\C:\WINDOWS\system32\ras\yeyqase.mis

Google Online Search Service - 2nd - Deleted
Googles Onlines Search Services - Deleted
yeyqase - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\Installer\{aa5e4c93-e73c-4f6b-a3a6-df65be2ec346}\zip.dll - Deleted
C:\4A.TMP - Deleted
C:\4B.TMP - Deleted
C:\4C.TMP - Deleted
C:\4D.TMP - Deleted
C:\45.TMP - Deleted
C:\WINDOWS\system32\bskl230.exe - Deleted
C:\WINDOWS\system32\bskl374.exe - Deleted
C:\WINDOWS\system32\bskl428.exe - Deleted
C:\WINDOWS\system32\bskl888.exe - Deleted
C:\WINDOWS\system32\svchost.t__ - Deleted
C:\WINDOWS\system32\winlast.exe - Deleted
C:\WINDOWS\system32\winlast.tmp - Deleted
C:\WINDOWS\system32\winlogans.tmp - Deleted
C:\WINDOWS\system32\wnslogan.exe - Deleted
C:\WINDOWS\winlogon.exe - Deleted
C:\WINDOWS\system32\ras\yeyqase.mis - Deleted



Folder C:\WINDOWS\Installer\{aa5e4c93-e73c-4f6b-a3a6-df65be2ec346} - Removed
Folder C:\Program Files\Helper - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 20:54:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wxvault.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:Enabled:Yahoo! FT Server"
"c:\\48.tmp"="c:\\48.tmp:Enabled:Windows Update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:enabledxpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\DOCUME~1\cjones\Desktop\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 6 Dec 2007 79,872 A..H. --- "C:\Customer Files\Severn Trent\~WRL3786.tmp"
Wed 18 Jul 2007 791,880 ...H. --- "C:\Program Files\Aveyond\Aveyond.exe"
Wed 20 Jun 2007 152 ..SHR --- "C:\WINDOWS\system32\3DCBD18488.dll"
Fri 6 Apr 2007 389,592 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.00 E\OP\Setup.exe"
Tue 6 Mar 2007 34,313,066 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.00 E\OP\STMAE.exe"
Tue 6 Mar 2007 29,355,573 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.00 E\OP\STMAJ.exe"
Tue 9 Oct 2007 369,640 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.1\OP\AGPESetup.exe"
Mon 20 Aug 2007 370,355 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.1\OP\ASTSetup.exe"
Fri 12 Oct 2007 41,458,539 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.1\OP\STMAE.exe"
Fri 12 Oct 2007 44,799,457 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.1\OP\STMAJ.exe"
Thu 31 Jan 2008 369,694 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.19\OP\AGPESetup.exe"
Thu 31 Jan 2008 369,923 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.19\OP\ASTSetup.exe"
Thu 28 Feb 2008 376,719 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.19\OP\OSPSetup.exe"
Mon 28 Jan 2008 41,458,542 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.19\OP\STMAE.exe"
Mon 28 Jan 2008 44,799,462 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.19\OP\STMAJ.exe"
Thu 20 Mar 2008 40,960 A..H. --- "C:\Program Files\Schneider Electric\Unity Pro 3.1\Security\SERVER.DLL"
Thu 6 Dec 2007 79,872 A..H. --- "C:\RECYCLER\S-1-5-21-3427813109-3177332317-1261852390-1007\Dc37\Severn Trent\~WRL3786.tmp"
Fri 24 Aug 2007 369,645 A..HR --- "C:\WINDOWS\Installer\$PatchCache$\Managed\3D20C2F2C33E7FA4F8BF0E979BCE992E\2.10.0\agpesetup.exe"
Mon 27 Aug 2007 41,525,379 A..HR --- "C:\WINDOWS\Installer\$PatchCache$\Managed\3D20C2F2C33E7FA4F8BF0E979BCE992E\2.10.0\stmae.exe"
Mon 27 Aug 2007 45,060,161 A..HR --- "C:\WINDOWS\Installer\$PatchCache$\Managed\3D20C2F2C33E7FA4F8BF0E979BCE992E\2.10.0\stmaj.exe"
Tue 6 Mar 2007 389,288 A..HR --- "C:\WINDOWS\Installer\$PatchCache$\Managed\5A73B16BF4E04E54CB0DD7CA1286AD3F\2.0.100\setup.exe"

Finished!


HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05, on 2008-03-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\system32\NA_Service.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\system32\UsbConnect.exe
C:\WINDOWS\system32\usbconsole.exe
C:\MSSQL7\binn\sqlagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\cjones\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grantindustrial.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ultra Ping] C:\Program Files\Ultra Ping\silent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchPS.lnk = C:\Program Files\Pro-face\Pro-Server EX\PSEXTool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Cake Mania 2\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1145374838981
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145374825749
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/c...ploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://w1.webex.com/client/T26L10NS...ex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grantindustrial.com
O17 - HKLM\Software\..\Telephony: DomainName = grantindustrial.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grantindustrial.com
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ICONICS License Server (GenRegistrar) (GenRegistrar) - Unknown owner - C:\Program Files\ICONICS\GENESIS-32\Bin\GenRegistrarServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pro-Server EX - Digital Electronics Corporation - C:\Program Files\Pro-face\Pro-Server EX\ProServr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\system32\UsbConnect.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9713 bytes
Reply With Quote  
Reply
Page 2 of 3 < 1 2 3 >

Only community members can participate in forum threads. You must register or log in to contribute.

Register
DaniWeb Viruses, Spyware and other Nasties Marketplace
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 

Thread Tools Display Modes
Linear Mode Linear Mode

ads adsense advice adware defender economy forensic google im legal link malware mcafee microsoft news online ads revenue search security software spyware stock survey text unit vista windows yahoo
Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum

Advertising Opportunities on DaniWeb
Contact Us - Newsletter Archive - Sitemap - Privacy Statement
All times are GMT -4. The time now is 11:15 pm.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC