loads of spyware!

sidthereal

sidthereal

New Member
folks i did a scan using scanspyware software, and got the following log:

Application Information

=======================



Application Version: ScanSpyware v3.8 build 3.8.0.4

Original Database: pests01-02-06.db

Updated Database: ssdb030206.db

Current Date: Saturday, March 04, 2006 04:15:34 PM

__________________________________________________



Directories recognized:

=======================



__________________________________________________



Files recognized:

=================



[AGOBOT]

C:\WINDOWS\System32\atiphexx.exe



[AlCan.A]

C:\WINDOWS\System32\taskmgr.com



[NauPointBar]

C:\WINDOWS\downloaded program files\iEBINST2.TaskDB



[NauPointBar]

C:\WINDOWS\downloaded program files\iEBINST2.ResultDB



[RBOT.OR]

C:\WINDOWS\System32\atiphexx.exe



[SAH Agent]

C:\WINDOWS\downloaded program files\setup.inf



[SAH Agent]

C:\WINDOWS\downloaded program files\SETUP.INF



__________________________________________________



Registry keys recognized:

=========================



[NetPumper]

HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}



[NetPumper]

HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}



[NetPumper]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}



[NetPumper]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}



__________________________________________________



Registry values recognized:

===========================



__________________________________________________



Cookies recognized:

===================



[Tracking Cookies]

c:\documents and settings\family\cookies\family@statcounter[2].txt



__________________________________________________

Now since im using a trial version, i cant remove the programme through the software, and an additional scan using Panda antivirus online scan, showed 2 spywares of
1. pcpowerscan.exe
2.Redhotnetworks videox.inf

but a search on the computer did not find the above two files,
i have also deleted the system restore files, thinking maybe the backup had the adware, but the scan still shows the same result.

please help
 
Logfile of HijackThis v1.99.1
Scan saved at 9:58:46 PM, on 3/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\FAMILY\My Documents\HijackThis.exe

R0 - HKCU\Software\M*cros*ft\Internet Explorer\Main,Start Page = http://www.msn.co.in
R0 - HKLM\Software\M*cros*ft\Internet Explorer\Main,Start Page = http://www.msn.co.in
R0 - HKCU\Software\M*cros*ft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\M*cros*ft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CleanMyPCPopupBlocker Class - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\M*cros*ft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37670.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
 
Now since im using a trial version, i cant remove the programme through the software, and an additional scan using Panda antivirus online scan, showed 2 spywares of
1. pcpowerscan.exe
2.Redhotnetworks videox.inf

but a search on the computer did not find the above two files,
i have also deleted the system restore files, thinking maybe the backup had the adware, but the scan still shows the same result.

please help
 
Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

Exit Spy Sweeper.

Then run the Panda scan again, and see if it flags anything.
 
downloaded spy sweeper, and ran the full version.
Removed Redhotnetworks videox.inf
couldnt find pcpowerscan.exe
 
yes..only pcpowerscan.exe adware found. Videox has been removed by spysweeper.


EDIT: sorry wrong location specified.
sorry again. Correct location in subsequent post.
 
Last edited:
terribly sorry....

its located in:
Adware:adware/powerscan C:\WINDOWS\DOWNLOADED PROGRAM FILES\pcpowerscan.EXE

But then again...i cant seem to find the mentioned prog.
 
[*]Download the Killbox.

[*]Unzip it to the desktop but do NOT run it yet.

[*]Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

[*]Once in Safe Mode, please run Killbox.

[*]Click "Delete on Reboot".

[*]Paste the following into the top "Full Path of File to Delete" box.


  • C:\WINDOWS\DOWNLOADED PROGRAM FILES\pcpowerscan.EXE

[*]Click the red-and-white "Delete File".

[*]Click "Yes" at the Delete on Reboot prompt.

[*]Click "No" at the Pending Operations prompt.

Then boot back to normal mode, problem should be gone.
 
You must log in or register to reply here.
Back
Top