Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Adware will not stay away 2

Status
Not open for further replies.
bester1

bester1

Technical User
Apr 14, 2004
6
0
0
US
I have had problems with Purity Scan(and others) that keep returnig over and over. It was originally downlaoded by my son, and he is no longer using my computer.I have a P.S. uninstaller on my computer and it will remove it for a few weeks, and then returns again.There will usually be another adware with it.This time it's "Zestyfind Desktop Links".What is this? I do not visit any of the sites that he did. Can anyone tell me how to remove these for good?
 
Sort by date Sort by votes
OK. Have done all that you recommended. Here is a copy of my highjack log file. Thank you for your help. I hope this will get rid of them for good.

Logfile of HijackThis v1.98.2
Scan saved at 5:46:04 PM, on 10/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\documents and settings\vip\local settings\temp\wlqyoq.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Second Nature\Snsicon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\msniasvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\VIP\My Documents\My Downloads\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [wlqyoq] C:\documents and settings\vip\local settings\temp\wlqyoq.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: Snsicon.lnk = C:\Program Files\Second Nature\Snsicon.exe
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - O16 - DPF: {F76DF680-EC17-4272-B1C7-CDB2641FA20B} (KB836528 Object) - O17 - HKLM\System\CCS\Services\Tcpip\..\{9D7ED94B-A713-40F0-BCEF-48D52A3A3049}: NameServer = 198.6.1.218 198.6.100.218
O20 - AppInit_DLLs: msvsres.dll
 
Upvote 0 Downvote
Fix these lines:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [wlqyoq] C:\documents and settings\vip\local settings\temp\wlqyoq.exe
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O20 - AppInit_DLLs: msvsres.dll

Reboot to safe mode
find and remove this file:
msvsres.dll

Empty temp files folder to get this and any other stuff.
C:\documents and settings\vip\local settings\temp\wlqyoq.exe

I am not familiar with this one, check it out, keep or remove as appropriate.
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt

Online virus scan and scan with adaware would be good.

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
Thank you so much for your help. Will let you know if I have any more trouble.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
172
ChrisHirst
ChrisHirst
2ffat
  • Locked
  • News
Police: Do as we say and not as we do! 1
Replies
4
Views
53
goombawaho
goombawaho
1DMF
  • Locked
  • Question
AVAST latest free version causing nothing but problems 2
2
Replies
20
Views
167
1DMF
1DMF
guitarzan
  • Locked
  • Question
IE8 will not connect to any site after cleanup 1
Replies
9
Views
68
guitarzan
guitarzan
electricpete
  • Locked
  • Question
outdated software - cause problems when NOT in use?
Replies
5
Views
80
Noway2
Noway2

Part and Inventory Search

Sponsor

Back
Top