Results 1 to 2 of 2
  1. #1
    Member Pufferfish's Avatar
    Join Date
    Aug 2005
    Posts
    23
    Points
    0

    Default adware hard to remove.

    dear all,

    i've done the panda scan and it found 4 adware, namely gator, dudu, sbsoft and commad. YEt I've tried many times to remove them but all efforts failed. The gator was detected in the WINDOWS\Downloaded program files\ directory, yet even when I browsed the directory in command prompt, it didn't exist! (I've chosen in the windows explorer to reveal all hidden files). There are lots of .exe programs that i don't know whether i should delete them or not.

    Here's the log from Hijackthis, could anyone pls help?!!
    Logfile of HijackThis v1.99.1
    Scan saved at 0:43:10, on 4/8/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    C:\WINDOWS\System32\wfxsnt40.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iISystem Wiper\SystemWiper.exe
    C:\WINDOWS\System32\conime.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hijackthis\HijackThis.exe

    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
    O3 - Toolbar: 6ó_(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [hfmgg.exe] C:\WINDOWS\System32\hfmgg.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
    O8 - Extra context menu item: mxie ”H - C:\Program Files\mxie\Config/protocol.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java ;§ð - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1A040638-3FDB-43A7-8C78-6F9E419F1386}: NameServer = 85.255.116.89,85.255.112.204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{961BED15-54FD-4B1B-987F-9478DF69F0F1}: NameServer = 85.255.116.89,85.255.112.204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B2D32A65-9896-44BD-8A05-E8ACEAE8E79B}: NameServer = 85.255.116.89,85.255.112.204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BF91259E-C89C-403D-AB6D-E7F0170C4549}: NameServer = 85.255.116.89 85.255.112.204
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.89 85.255.112.204
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1A040638-3FDB-43A7-8C78-6F9E419F1386}: NameServer = 85.255.116.89,85.255.112.204
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.89 85.255.112.204
    O17 - HKLM\System\CS3\Services\Tcpip\..\{1A040638-3FDB-43A7-8C78-6F9E419F1386}: NameServer = 85.255.116.89,85.255.112.204
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.89 85.255.112.204
    O20 - Winlogon Notify: ideusr50 - ideusr50.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

  2. #2
    Member Spyware Fighter Clark76's Avatar
    Join Date
    Feb 2006
    Location
    Cleveland, Ohio
    Posts
    1,359
    Points
    239

    Default

    Pufferfish

    Please do not post the same question in different forums. Stick with the one in the spyware help forum.

    benc

    This topic is locked. Refer to Spyware Forum